The document discusses how to sign an email message for identity verification and non-repudiation. It describes adding the 'SEM' app to INSTALLED_APPS, configuring DEFAULT_CHARSET and AUTH_CERT settings, and using the SignedEmailMessage class from the SEMail module instead of the regular EmailMessage class to send a signed message. The SignedEmailMessage requires a from_key and from_cert to attach a digital signature to the message.

1. Django-sem,
how to make SignedEmailMessage
out of EmailMessage in few simple
steps.
Jakub Wasielak, 2012

2. Identity verification
Why?
● Easier bureaucracy
● Fraud prevention
● Enabling law
● Interpersonal communication

3. Identity verification
How?
● Ancient times
Mostly verbal verification

4. Identity verification
How?
● Ancient times Mostly verbal verification
● Middle Ages
Sealing wax

5. Identity verification
How?
● Ancient times Mostly verbal verification
● Middle Ages Sealing wax
● Before internet
Stamps

6. Identity verification
How?
● Ancient times Mostly verbal verification
● Middle Ages Sealing wax
● Before internet Stamps
● Now
S/MIME

7. Public-key infrastructure
Creating, managing, using, storing, and
revoking Digital Certificates.

8. Public-key infrastructure
All the stuff connected with
Digital Certificates.

9. Public-key infrastructure
All the stuff connected with
Digital Certificates.
CA – Certificate Authority – the unit capable
of issuing and verifying the digital
certificates.

10. Digital Certificate
X.509 (PKI)
● Signature Algorithm – selected by CA
● Issuer – CA itself
● Subject – your data
● Subject Public Key – your public key
● Certificate signature – the actual signature
● Version, Serial Number, Validity

11. Digital Certificate
Certificate:
Data:
Version: 1 (0x0)
Serial Number: 7829 (0x1e95)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc,
OU=Certification Services Division,
CN=Thawte Server CA/emailAddress=server-certs@thawte.com
Validity
Not Before: Jul 9 16:04:02 1998 GMT
Not After : Jul 9 16:04:02 1999 GMT
Subject: C=US, ST=Maryland, L=Pasadena, O=Brent Baccala,
OU=FreeSoft, CN=www.freesoft.org/emailAddress=baccala@freesoft.org
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:b4:31:98:0a:c4:bc:62:c1:88:aa:dc:b0:c8:bb:
...
e8:35:1c:9e:27:52:7e:41:8f
Exponent: 65537 (0x10001)
Signature Algorithm: md5WithRSAEncryption
93:5f:8f:5f:c5:af:bf:0a:ab:a5:6d:fb:24:5f:b6:59:5d:9d:
...
8f:0e:fc:ba:1f:34:e9:96:6e:6c:cf:f2:ef:9b:bf:de:b5:22

12. Signed mail in
Thunderbird

13. Signed mail in
Outlook

14. Signed mail in
some apple client

15. Signed mail in
Gmail
?

16. Signing – first steps
MeTooCrypto:
M2Crypto is the most complete Python
wrapper for OpenSSL featuring RSA, DSA,
DH, HMACs, message digests, symmetric
ciphers, SSL functionality, HTTPS, urllib,
xmlrpclib, HMAC'ing AuthCookies,
FTP/TLS, S/MIME, ZserverSSL and
ZSmime.

17. Signing – first steps
MeTooCrypto:
M2Crypto is not well documented.

18. SignedEmailMessage – a week later
1. Add 'SEM' into INSTALLED_APPS.
2. Add DEFAULT_CHARSET and
AUTH_CERT into setting.
3. Use it.

19. 1. Add 'SEM' into INSTALLED_APPS.
pip install django-sem
INSTALLED_APPS = (
...
'SEM',
...
)

20. 2. Add DEFAULT_CHARSET and
AUTH_CERT into setting.
DEFAULT_CHARSET = 'utf-8'
AUTH_CERT = "resources/cert.pem"
/resources/cert.pem
-----BEGIN CERTIFICATE-----
AGSJGAS34BDS4htg0234gADSG923ng92G3h2tgjs9afgf
...
...
j892th39gSAHGy329hggeZHDg89hegZGDSHY0==
-----END CERTIFICATE-----
The CA certificate. Available at CA site.

21. 3. Use it.
Normal EmailMessage usage
from django.core.mail import EmailMessage
msg = EmailMessage(
subject, message_body, sender, recipient_list,
attachments=attachments)
msg.send()
SignedEmailMessage usage
from SEM import SEMail
msg = SEMail.SignedEmailMessage(
subject, message_body, sender, recipient_list,
attachments=attachments,
from_key=from_key, from_cert=from_cert)
msg.send()