3 # Copyright (C) 2001,2002 Oliver Ehli <elmy@acm.org>
4 # Copyright (C) 2001 Mike Schiraldi <raldi@research.netsol.com>
5 # Copyright (C) 2003 Bjoern Jacke <bjoern@j3e.de>
7 # This program is free software; you can redistribute it and/or modify
8 # it under the terms of the GNU General Public License as published by
9 # the Free Software Foundation; either version 2 of the License, or
10 # (at your option) any later version.
12 # This program is distributed in the hope that it will be useful,
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 # GNU General Public License for more details.
17 # You should have received a copy of the GNU General Public License
18 # along with this program; if not, write to the Free Software
19 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111, USA.
26 require "timelocal.pl";
33 # directory setup routines
34 sub mkdir_recursive ($ );
37 # key/certificate management methods
40 sub add_entry ($$$$$ );
41 sub add_certificate ($$$$;$ );
43 sub add_root_cert ($ );
46 sub modify_entry ($$$;$ );
48 sub change_label ($ );
52 # Get the directories mutt uses for certificate/key storage.
54 my $mutt = $ENV{MUTT_CMDLINE} || 'mutt';
55 my $opensslbin = "/usr/bin/openssl";
57 my @cert_tmp_file = ();
60 my $private_keys_path = mutt_Q 'smime_keys';
61 die "smime_keys is not set in mutt's configuration file"
62 if length $private_keys_path == 0;
64 my $certificates_path = mutt_Q 'smime_certificates';
65 die "smime_certificates is not set in mutt's configuration file"
66 if length $certificates_path == 0;
67 my $root_certs_path = mutt_Q 'smime_ca_location';
68 die "smime_ca_location is not set in mutt's configuration file"
69 if length $root_certs_path == 0;
71 my $root_certs_switch;
72 if ( -d $root_certs_path) {
73 $root_certs_switch = -CApath;
75 $root_certs_switch = -CAfile;
83 if(@ARGV == 1 and $ARGV[0] eq "init") {
86 elsif(@ARGV == 1 and $ARGV[0] eq "list") {
89 elsif(@ARGV == 2 and $ARGV[0] eq "label") {
90 change_label($ARGV[1]);
92 elsif(@ARGV == 2 and $ARGV[0] eq "add_cert") {
93 my $format = -B $ARGV[1] ? 'DER' : 'PEM';
94 my $cmd = "$opensslbin x509 -noout -hash -in $ARGV[1] -inform $format";
95 my $cert_hash = `$cmd`;
96 $? and die "'$cmd' returned $?";
98 my $label = query_label;
99 &add_certificate($ARGV[1], \$cert_hash, 1, $label, '?');
101 elsif(@ARGV == 2 and $ARGV[0] eq "add_pem") {
102 -e $ARGV[1] and -s $ARGV[1] or die("$ARGV[1] is nonexistent or empty.");
103 open(PEM_FILE, "<$ARGV[1]") or die("Can't open $ARGV[1]: $!");
104 my @pem = <PEM_FILE>;
108 elsif( @ARGV == 2 and $ARGV[0] eq "add_p12") {
109 -e $ARGV[1] and -s $ARGV[1] or die("$ARGV[1] is nonexistent or empty.");
111 print "\nNOTE: This will ask you for two passphrases:\n";
112 print " 1. The passphrase you used for exporting\n";
113 print " 2. The passphrase you wish to secure your private key with.\n\n";
115 my $pem_file = "$ARGV[1].pem";
117 my $cmd = "$opensslbin pkcs12 -in $ARGV[1] -out $pem_file";
118 system $cmd and die "'$cmd' returned $?";
120 -e $pem_file and -s $pem_file or die("Conversion of $ARGV[1] failed.");
121 open(PEM_FILE, $pem_file) or die("Can't open $pem_file: $!");
122 my @pem = <PEM_FILE>;
127 elsif(@ARGV == 4 and $ARGV[0] eq "add_chain") {
129 my $format = -B $ARGV[2] ? 'DER' : 'PEM';
130 my $cmd = "$opensslbin x509 -noout -hash -in $ARGV[2] -inform $format";
131 my $cert_hash = `$cmd`;
133 $? and die "'$cmd' returned $?";
135 $format = -B $ARGV[3] ? 'DER' : 'PEM';
137 $cmd = "$opensslbin x509 -noout -hash -in $ARGV[3] -inform $format";
138 my $issuer_hash = `$cmd`;
139 $? and die "'$cmd' returned $?";
144 my $label = query_label;
146 add_certificate($ARGV[3], \$issuer_hash, 0, $label);
147 my @mailbox = &add_certificate($ARGV[2], \$cert_hash, 1, $label, $issuer_hash);
149 foreach $mailbox (@mailbox) {
151 add_key($ARGV[1], $cert_hash, $mailbox, $label);
154 elsif((@ARGV == 2 or @ARGV == 3) and $ARGV[0] eq "verify") {
155 verify_cert($ARGV[1], $ARGV[2]);
157 elsif(@ARGV == 2 and $ARGV[0] eq "remove") {
158 remove_pair($ARGV[1]);
160 elsif(@ARGV == 2 and $ARGV[0] eq "add_root") {
161 add_root_cert($ARGV[1]);
174 ############## sub-routines ########################
179 Usage: smime_keys <operation> [file(s) | keyID [file(s)]]
181 with operation being one of:
183 init : no files needed, inits directory structure.
185 list : lists the certificates stored in database.
186 label : keyID required. changes/removes/adds label.
187 remove : keyID required.
188 verify : 1=keyID and optionally 2=CRL
189 Verifies the certificate chain, and optionally wether
190 this certificate is included in supplied CRL (PEM format).
191 Note: to verify all certificates at the same time,
192 replace keyID with "all"
194 add_cert : certificate required.
195 add_chain : three files reqd: 1=Key, 2=certificate
196 plus 3=intermediate certificate(s).
197 add_p12 : one file reqd. Adds keypair to database.
198 file is PKCS12 (e.g. export from netscape).
199 add_pem : one file reqd. Adds keypair to database.
200 (file was converted from e.g. PKCS12).
202 add_root : one file reqd. Adds PEM root certificate to the location
203 specified within muttrc (smime_verify_* command)
209 my $var = shift or die;
211 my $cmd = "$mutt -v >/dev/null 2>/dev/null";
214 Couldn't launch mutt. I attempted to do so by running the command "$mutt".
215 If that's not the right command, you can override it by setting the
216 environment variable \$MUTT_CMDLINE
219 $cmd = "$mutt -Q $var 2>/dev/null";
223 Couldn't look up the value of the mutt variable "$var".
224 You must set this in your mutt config file. See contrib/smime.rc for an example.
228 $answer =~ /\"(.*?)\"/ and return $1;
230 $answer =~ /^Mutt (.*?) / and die<<EOF;
231 This script requires mutt 1.5.0 or later. You are using mutt $1.
234 die "Value of $var is weird\n";
238 my $source = shift or die;
239 my $dest = shift or die;
241 copy $source, $dest or die "Problem copying $source to $dest: $!\n";
245 # directory setup routines
249 sub mkdir_recursive ($) {
250 my $path = shift or die;
253 for my $dir (split /\//, $path) {
254 $tmp_path .= "$dir/";
257 or mkdir $tmp_path, 0700
258 or die "Can't mkdir $tmp_path: $!";
263 mkdir_recursive($certificates_path);
264 mkdir_recursive($private_keys_path);
268 $file = $certificates_path . "/.index";
269 -f $file or open(TMP_FILE, ">$file") and close(TMP_FILE)
270 or die "Can't touch $file: $!";
272 $file = $private_keys_path . "/.index";
273 -f $file or open(TMP_FILE, ">$file") and close(TMP_FILE)
274 or die "Can't touch $file: $!";
280 # certificate management methods
284 my %keyflags = ( 'i', '(Invalid)', 'r', '(Revoked)', 'e', '(Expired)',
285 'u', '(Unverified)', 'v', '(Valid)', 't', '(Trusted)');
287 open(INDEX, "<$certificates_path/.index") or
288 die "Couldn't open $certificates_path/.index: $!";
297 if($fields[2] eq '-') {
298 print "$fields[1]: Issued for: $fields[0] $keyflags{$fields[4]}\n";
300 print "$fields[1]: Issued for: $fields[0] \"$fields[2]\" $keyflags{$fields[4]}\n";
303 my $certfile = "$certificates_path/$fields[1]";
307 die "Couldn't open $certfile: $!";
318 my $format = -B $certfile ? 'DER' : 'PEM';
319 my $cmd = "$opensslbin x509 -subject -issuer -dates -noout -in $certfile -inform $format";
320 ($subject_in, $issuer_in, $date1_in, $date2_in) = `$cmd`;
321 $? and print "ERROR: '$cmd' returned $?\n\n" and next;
324 my @subject = split(/\//, $subject_in);
326 $tmp = shift @subject;
327 ($tmp =~ /^CN\=/) and last;
330 defined $tmp and @tmp = split (/\=/, $tmp) and
331 print $tab."Subject: $tmp[1]\n";
333 my @issuer = split(/\//, $issuer_in);
335 $tmp = shift @issuer;
336 ($tmp =~ /^CN\=/) and last;
339 defined $tmp and @tmp = split (/\=/, $tmp) and
340 print $tab."Issued by: $tmp[1]";
342 if ( defined $date1_in and defined $date2_in ) {
343 @tmp = split (/\=/, $date1_in);
345 @tmp = split (/\=/, $date2_in);
346 print $tab."Certificate is not valid before $tmp".
347 $tab." or after ".$tmp[1];
350 -e "$private_keys_path/$fields[1]" and
351 print "$tab - Matching private key installed -\n";
353 $format = -B "$certificates_path/$fields[1]" ? 'DER' : 'PEM';
354 $cmd = "$opensslbin x509 -purpose -noout -in $certfile -inform $format";
355 my $purpose_in = `$cmd`;
356 $? and die "'$cmd' returned $?";
358 my @purpose = split (/\n/, $purpose_in);
359 print "$tab$purpose[0] (displays S/MIME options only)\n";
361 $tmp = shift @purpose;
362 ($tmp =~ /^S\/MIME/ and $tmp =~ /Yes/) or next;
363 my @tmptmp = split (/:/, $tmp);
364 print "$tab $tmptmp[0]\n";
379 print "\nYou may assign a label to this key, so you don't have to remember\n";
380 print "the key ID. This has to be _one_ word (no whitespaces).\n\n";
382 print "Enter label: ";
383 chomp($input = <STDIN>);
385 my ($label, $junk) = split(/\s/, $input, 2);
388 and print "\nUsing '$label' as label; ignoring '$junk'\n";
390 defined $label || ($label = "-");
397 sub add_entry ($$$$$) {
398 my $mailbox = shift or die;
399 my $hashvalue = shift or die;
400 my $use_cert = shift;
401 my $label = shift or die;
402 my $issuer_hash = shift;
407 open(INDEX, "+<$certificates_path/.index") or
408 die "Couldn't open $certificates_path/.index: $!";
411 open(INDEX, "+<$private_keys_path/.index") or
412 die "Couldn't open $private_keys_path/.index: $!";
417 return if ($fields[0] eq $mailbox && $fields[1] eq $hashvalue);
421 print INDEX "$mailbox $hashvalue $label $issuer_hash u\n";
424 print INDEX "$mailbox $hashvalue $label \n";
431 sub add_certificate ($$$$;$) {
432 my $filename = shift or die;
433 my $hashvalue = shift or die;
434 my $add_to_index = shift;
435 my $label = shift or die;
436 my $issuer_hash = shift;
442 while(-e "$certificates_path/$$hashvalue.$iter") {
444 my $format = -B $filename ? 'DER' : 'PEM';
445 my $cmd = "$opensslbin x509 -in $filename -inform $format -fingerprint -noout";
447 $? and die "'$cmd' returned $?";
449 $format = -B "$certificates_path/$$hashvalue.$iter" ? 'DER' : 'PEM';
450 $cmd = "$opensslbin x509 -in $certificates_path/$$hashvalue.$iter -inform $format -fingerprint -noout";
452 $? and die "'$cmd' returned $?";
458 $$hashvalue .= ".$iter";
460 if (-e "$certificates_path/$$hashvalue") {
461 print "\nCertificate: $certificates_path/$$hashvalue already installed.\n";
464 mycopy $filename, "$certificates_path/$$hashvalue";
467 my $format = -B $filename ? 'DER' : 'PEM';
468 my $cmd = "$opensslbin x509 -in $filename -inform $format -email -noout";
470 $? and die "'$cmd' returned $?";
472 foreach $mailbox (@mailbox) {
474 add_entry($mailbox, $$hashvalue, 1, $label, $issuer_hash);
476 print "\ncertificate $$hashvalue ($label) for $mailbox added.\n";
478 verify_cert($$hashvalue, undef);
481 print "added certificate: $certificates_path/$$hashvalue.\n";
490 my $file = shift or die;
491 my $hashvalue = shift or die;
492 my $mailbox = shift or die;
493 my $label = shift or die;
495 unless (-e "$private_keys_path/$hashvalue") {
496 mycopy $file, "$private_keys_path/$hashvalue";
499 add_entry($mailbox, $hashvalue, 0, $label, "");
500 print "added private key: " .
501 "$private_keys_path/$hashvalue for $mailbox\n";
515 $cert_tmp_file[$cert_iter] = newfile("cert_tmp.$cert_iter","temp");
516 my $cert_tmp_iter = $cert_tmp_file[$cert_iter];
517 open(CERT_FILE, ">$cert_tmp_iter")
518 or die "Couldn't open $cert_tmp_iter: $!";
520 while($_ = shift(@_)) {
521 if(/^Bag Attributes/) {
523 $state == 0 or die("PEM-parse error at: $.");
525 $bag_attribs[$cert_iter*4+1] = "";
526 $bag_attribs[$cert_iter*4+2] = "";
527 $bag_attribs[$cert_iter*4+3] = "";
530 ($state == 1) and /localKeyID:\s*(.*)/
531 and ($bag_attribs[$cert_iter*4+1] = $1);
533 ($state == 1) and /subject=\s*(.*)/
534 and ($bag_attribs[$cert_iter*4+2] = $1);
536 ($state == 1) and /issuer=\s*(.*)/
537 and ($bag_attribs[$cert_iter*4+3] = $1);
545 $bag_attribs[$cert_iter*4] = "K";
549 $bag_attribs[$cert_iter*4] = "C";
552 die("What's this: $_");
559 $cert_tmp_file[$cert_iter] = newfile("cert_tmp.$cert_iter","temp");
560 $cert_tmp_iter = $cert_tmp_file[$cert_iter];
561 open(CERT_FILE, ">$cert_tmp_iter")
562 or die "Couldn't open $cert_tmp_iter: $!";
570 # I'll add support for unbagged cetificates, in case this is needed.
571 $numBags == $cert_iter or
572 die("Not all contents were bagged. can't continue.");
578 # This requires the Bag Attributes to be set
590 @pem_contents = &parse_pem(@_);
592 # private key and certificate use the same 'localKeyID'
593 while($iter <= $#pem_contents / 4) {
594 if($pem_contents[$iter * 4] eq "K") {
600 ($iter > $#pem_contents / 2) and die("Couldn't find private key!");
602 $pem_contents[($key * 4)+1] or die("Attribute 'localKeyID' wasn't set.");
605 while($iter <= $#pem_contents / 4) {
606 $iter == $key and ($iter++) and next;
607 if($pem_contents[($iter * 4)+1] eq $pem_contents[($key * 4)+1]) {
608 $certificate = $iter;
613 ($iter > $#pem_contents / 4) and die("Couldn't find matching certificate!");
615 my $tmp_key = newfile("tmp_key","temp");
616 mycopy $cert_tmp_file[$key], $tmp_key;
617 my $tmp_certificate = newfile("tmp_certificate","temp");
618 mycopy $cert_tmp_file[$certificate], $tmp_certificate;
620 # root certificate is self signed
623 while($iter <= $#pem_contents / 4) {
624 if ($iter == $key or $iter == $certificate) {
629 if($pem_contents[($iter * 4)+2] eq $pem_contents[($iter * 4)+3]) {
635 if ($iter > $#pem_contents / 4) {
636 print "Couldn't identify root certificate!\n";
640 # what's left are intermediate certificates.
643 # needs to be set, so we can check it later
644 $intermediate = $root_cert;
645 my $tmp_issuer_cert = newfile("tmp_issuer_cert","temp");
646 while($iter <= $#pem_contents / 4) {
647 if ($iter == $key or $iter == $certificate or $iter == $root_cert) {
652 open (IC, ">> $tmp_issuer_cert") or die "can't open $tmp_issuer_cert: $?";
653 my $cert_tmp_iter = $cert_tmp_file[$iter];
654 open (CERT, "< $cert_tmp_iter") or die "can't open $cert_tmp_iter: $?";
655 print IC while (<CERT>);
659 # although there may be many, just need to know if there was any
660 $intermediate = $iter;
665 # no intermediate certificates ? use root-cert instead (if that was found...)
666 if($intermediate == $root_cert) {
667 if ($root_cert == -1) {
668 die("No root and no intermediate certificates. Can't continue.");
670 mycopy $cert_tmp_file[$root_cert], $tmp_issuer_cert;
673 my $label = query_label;
675 my $format = -B $tmp_certificate ? 'DER' : 'PEM';
676 my $cmd = "$opensslbin x509 -noout -hash -in $tmp_certificate -inform $format";
677 my $cert_hash = `$cmd`;
678 $? and die "'$cmd' returned $?";
680 $format = -B $tmp_issuer_cert ? 'DER' : 'PEM';
681 $cmd = "$opensslbin x509 -noout -hash -in $tmp_issuer_cert -inform $format";
682 my $issuer_hash = `$cmd`;
683 $? and die "'$cmd' returned $?";
685 chomp($cert_hash); chomp($issuer_hash);
687 # Note: $cert_hash will be changed to reflect the correct filename
688 # within add_cert() ONLY, so these _have_ to get called first..
689 add_certificate($tmp_issuer_cert, \$issuer_hash, 0, $label);
690 @mailbox = &add_certificate("$tmp_certificate", \$cert_hash, 1, $label, $issuer_hash);
691 foreach $mailbox (@mailbox) {
693 add_key($tmp_key, $cert_hash, $mailbox, $label);
702 sub modify_entry ($$$;$ ) {
703 my $op = shift or die;
704 my $hashvalue = shift or die;
705 my $use_cert = shift;
711 $op eq 'L' and ($label = shift or die);
712 $op eq 'V' and ($crl = shift);
716 $path = $certificates_path;
719 $path = $private_keys_path;
722 open(INDEX, "<$path/.index") or
723 die "Couldn't open $path/.index: $!";
724 my $newindex = newfile("$path/.index.tmp");
725 open(NEW_INDEX, ">$newindex") or
726 die "Couldn't create $newindex: $!";
730 if($fields[1] eq $hashvalue or $hashvalue eq 'all') {
732 print NEW_INDEX "$fields[0] $fields[1]";
735 print NEW_INDEX " $label $fields[3] $fields[4]";
738 print NEW_INDEX " $label";
742 print "\n==> about to verify certificate of $fields[0]\n";
743 my $flag = &do_verify($fields[1], $fields[3], $crl);
744 print NEW_INDEX " $fields[2] $fields[3] $flag";
746 print NEW_INDEX "\n";
754 rename $newindex, "$path/.index"
755 or die "Couldn't rename $newindex to $path/.index: $!\n";
763 sub remove_pair ($ ) {
764 my $keyid = shift or die;
766 if (-e "$certificates_path/$keyid") {
767 unlink "$certificates_path/$keyid";
768 modify_entry('R', $keyid, 1);
769 print "Removed certificate $keyid.\n";
772 die "No such certificate: $keyid";
775 if (-e "$private_keys_path/$keyid") {
776 unlink "$private_keys_path/$keyid";
777 modify_entry('R', $keyid, 0);
778 print "Removed private key $keyid.\n";
784 sub change_label ($ ) {
785 my $keyid = shift or die;
787 my $label = query_label;
789 if (-e "$certificates_path/$keyid") {
790 modify_entry('L', $keyid, 1, $label);
791 print "Changed label for certificate $keyid.\n";
794 die "No such certificate: $keyid";
797 if (-e "$private_keys_path/$keyid") {
798 modify_entry('L', $keyid, 0, $label);
799 print "Changed label for private key $keyid.\n";
807 sub verify_cert ($$) {
808 my $keyid = shift or die;
811 -e "$certificates_path/$keyid" or $keyid eq 'all'
812 or die "No such certificate: $keyid";
813 modify_entry('V', $keyid, 1, $crl);
821 my $cert = shift or die;
822 my $issuerid = shift or die;
828 my $cert_path = "$certificates_path/$cert";
830 if($issuerid eq '?') {
831 $issuer_path = "$certificates_path/$cert";
833 $issuer_path = "$certificates_path/$issuerid";
836 my $cmd = "$opensslbin verify $root_certs_switch $root_certs_path -purpose smimesign -purpose smimeencrypt -untrusted $issuer_path $cert_path";
838 $? and die "'$cmd' returned $?";
842 ($output =~ /OK/) and ($result = 'v');
844 $result eq 'i' and return $result;
846 my $format = -B $cert_path ? 'DER' : 'PEM';
847 $cmd = "$opensslbin x509 -dates -serial -noout -in $cert_path -inform $format";
848 (my $date1_in, my $date2_in, my $serial_in) = `$cmd`;
849 $? and die "'$cmd' returned $?";
851 if ( defined $date1_in and defined $date2_in ) {
852 my @tmp = split (/\=/, $date1_in);
854 @tmp = split (/\=/, $date2_in);
855 my %months = ('Jan', '00', 'Feb', '01', 'Mar', '02', 'Apr', '03',
856 'May', '04', 'Jun', '05', 'Jul', '06', 'Aug', '07',
857 'Sep', '08', 'Oct', '09', 'Nov', '10', 'Dec', '11');
860 $tmp =~ /(\w+)\s*(\d+)\s*(\d+):(\d+):(\d+)\s*(\d+)\s*GMT/;
862 $#fields != 5 and print "Expiration Date: Parse Error : $tmp\n\n" or
863 timegm($fields[4], $fields[3], $fields[2], $fields[1],
864 $months{$fields[0]}, $fields[5]) > time and $result = 'e';
865 $result eq 'e' and print "Certificate is not yet valid.\n" and return $result;
868 $tmp[1] =~ /(\w+)\s*(\d+)\s*(\d+):(\d+):(\d+)\s*(\d+)\s*GMT/;
870 $#fields != 5 and print "Expiration Date: Parse Error : $tmp[1]\n\n" or
871 timegm($fields[4], $fields[3], $fields[2], $fields[1],
872 $months{$fields[0]}, $fields[5]) < time and $result = 'e';
873 $result eq 'e' and print "Certificate has expired.\n" and return $result;
877 if ( defined $crl ) {
878 my @serial = split (/\=/, $serial_in);
879 my $cmd = "$opensslbin crl -text -noout -in $crl | grep -A1 $serial[1]";
880 (my $l1, my $l2) = `$cmd`;
881 $? and die "'$cmd' returned $?";
884 my @revoke_date = split (/:\s/, $l2);
885 print "FAILURE: Certificate $cert has been revoked on $revoke_date[1]\n";
891 if ($result eq 'v') {
900 sub add_root_cert ($) {
901 my $root_cert = shift or die;
903 my $format = -B $root_cert ? 'DER' : 'PEM';
905 my $cmd = "$opensslbin x509 -noout -hash -in $root_cert -inform $format";
906 my $root_hash = `$cmd`;
907 $? and die "'$cmd' returned $?";
909 if (-d $root_certs_path) {
910 -e "$root_certs_path/$root_hash" or
911 mycopy $root_cert, "$root_certs_path/$root_hash";
914 open(ROOT_CERTS, ">>$root_certs_path") or
915 die ("Couldn't open $root_certs_path for writing");
917 $cmd = "$opensslbin x509 -in $root_cert -inform $format -fingerprint -noout";
918 $? and die "'$cmd' returned $?";
919 chomp(my $md5fp = `$cmd`);
921 $cmd = "$opensslbin x509 -in $root_cert -inform $format -text -noout";
922 $? and die "'$cmd' returned $?";
923 my @cert_text = `$cmd`;
925 print "Enter a label, name or description for this certificate: ";
928 my $line = "=======================================\n";
929 print ROOT_CERTS "\n$input$line$md5fp\nPEM-Data:\n";
931 $cmd = "$opensslbin x509 -in $root_cert -inform $format";
933 $? and die "'$cmd' returned $?";
934 print ROOT_CERTS $cert;
935 print ROOT_CERTS @cert_text;
942 # returns a file name which does not exist for tmp file creation
943 my $filename = shift;
945 $option = "notemp" if (not defined($option));
946 if (! $tmpdir and $option eq "temp") {
947 $tmpdir = mutt_Q 'tmpdir';
948 $tmpdir = newfile("$tmpdir/smime");
949 mkdir $tmpdir, 0700 || die "Can't create $tmpdir: $!\n";
951 $filename = "$tmpdir/$filename" if ($option eq "temp");
952 my $newfilename = $filename;
954 while (-e $newfilename) {
955 $newfilename = "$filename.$count";
958 unshift(@tempfiles,$newfilename);
964 # remove all our temporary files in the end: