![[info]](http://p-stat.livejournal.com/img/userinfo.gif){kind=small}
Use your email client to generate a signed email (but not encrypted). The message you generate should be Content-Type: multipart/signed; and have an attached p7s (not p7m). Save this raw message as 'message_from_to_user'.
$ openssl smime -pk7out -in message_from_to_user | openssl pkcs7 -print_certs > to_user_public_key.pem
This will extract the public key from the smime.p7s email attachment and save the public key in PEM format.
$ echo 'THIS IS A TEST' | openssl smime -encrypt -des3 -from 'From User <from@domain.dom>' -to 'To User <to@domain.dom>' -subject 'Encrypted Test' -text to_user_public_key.pem | sendmail to@domain.dom
This will send an email to the user "to@domain.dom". The email will be encrypted using the public key we extracted above. The -text flag is important! Without it a standards compliant email reader (Such as Mail.app) won't be able to decrypt the email.
$ openssl smime -pk7out -in message_from_to_user | openssl pkcs7 -print_certs > to_user_public_key.pem
This will extract the public key from the smime.p7s email attachment and save the public key in PEM format.
$ echo 'THIS IS A TEST' | openssl smime -encrypt -des3 -from 'From User <from@domain.dom>' -to 'To User <to@domain.dom>' -subject 'Encrypted Test' -text to_user_public_key.pem | sendmail to@domain.dom
This will send an email to the user "to@domain.dom". The email will be encrypted using the public key we extracted above. The -text flag is important! Without it a standards compliant email reader (Such as Mail.app) won't be able to decrypt the email.
