PDA

View Full Version : Using TLS to secure an SMTP connection



Shadowfiend
28th January 2006, 05:18
I'm trying to use TLS to connect to a secure SMTP server, but to be perfectly honest, I don't know where to begin. I have the socket (QTcpSocket, as it were) running fine and everything, but I'm not sure how I would go about encrypting that socket or the transactions operated therein. Can anyone help me out?

Codepoet
28th January 2006, 12:57
Do you have any experience with crypto? What you are trying seems to be (is?) very difficult to do right (read: really secure).
Search for a mail library which supports TLS and SSL. If you want to do the smtp yourself use OpenSSL or another encryption library.

wysota
28th January 2006, 13:47
In our links section there is a link (in "Libraries") to cryptographic support for Qt. AFAIR it uses Qt3 and I guess you use Qt4, but maybe you can use it anyway.

An alternative is to implement a QIODevice which you should place on top of the socket device which will handle encryption/decryption. In Qt Quarterly there was an article how to do it (and it is better to do it this way -- QCA uses some other mechanism to achieve the same goal).

jacek
28th January 2006, 15:24
AFAIR it uses Qt3 and I guess you use Qt4, but maybe you can use it anyway.
You can checkout the Qt4 version from KDE's subversion repository.

Shadowfiend
28th January 2006, 18:42
Indeed, I found the QCA-2 beta1 files (via a Google search). I already knew about QCA, I just hadn't known about version 2, which is meant for Qt4. It comes with a socket example, so I should be able to figure my way out from there.

I don't actually have any experience in coding encryption, though I know a little about how it works and such. This is mostly a program I'm writing for convenience, so I was just hoping I could put something together fairly quickly; fortunately, it seems like that will be possible.

Thank you all for replying :-)

EDIT: Also, concerning an SMTP library that supports TLS: I have searched. I just didn't find any at all.

wysota
28th January 2006, 21:19
EDIT: Also, concerning an SMTP library that supports TLS: I have searched. I just didn't find any at all.

Because SMTP has almost nothing to do with TLS. TLS is a transport method whereas SMTP is an application protocol.

Shadowfiend
29th January 2006, 01:00
I would argue that that is mostly incorrect. TLS may have almost nothing to do with SMTP, but vice versa is not true, as many SMTP servers encrypt their connections over TLS. The protocol and the transport method are unrelated as to their development, but not as to their usage. Thus, having TLS support in an SMTP library is a very convenient thing. Not required, but convenient.

jacek
29th January 2006, 01:07
Have you seen this (http://vmime.sourceforge.net/)?

Shadowfiend
29th January 2006, 01:57
I had not. I guess my search wasn't as far-reaching as I thought. Disappointing, too, since I did a search for SMTP or something of the sort on Sourceforge and this didn't show up, at least not in the first several pages.

Thanks!