How To: Secure e-mail client (SMTP + SSL) with KSDK1.3 + WolfSSL for FRDM-K64F

cancel
Showing results for 
Search instead for 
Did you mean: 

How To: Secure e-mail client (SMTP + SSL) with KSDK1.3 + WolfSSL for FRDM-K64F

No ratings

How To: Secure e-mail client (SMTP + SSL) with KSDK1.3 + WolfSSL for FRDM-K64F

This is an adaptation I made for the original SMTP protocol implementation provided with the KSDK1.3, with the addition of the secure connection using WolfSSL.

The example software is currently ported to the FRDM-K64F Kinetis board but it can be implemented for other boards.This demo sends a e-mail using the Gmail SMTP server ( smtp.gmail.com , port 465) through a SSL channel.

 

How to run the example:

 

1 - Download the example software attached. You will need to have KDS 3.0 and KSDK1.3 previously installed on the machine.

2 - In KDS, go to File -> Import, select the folder Project of Projects -> Existing Project Sets, then open the file mqx_smtp_ssl_demo.wsd located in the folder \SMTP_SSL_demo_KSDK_1.3.0\examples\frdmk64f\demo_apps\security\smtp_wolfssl\smtp_wolfssl_mqx\kds

3- Build all the libraries and run the example project.

4- To allow SMTP + SSL , you will need to change your Gmail account settings

5- Using a Serial terminal (115200 bps,8N1) connected to the OpenSDA CDC interface (COM port), connect it to see the shell.Type ipconfig init and ipconfig dhcp to init the Ethernet interface and get a valid IP from the router.

132810_132810.pngpastedImage_32.png

 

6- Type help to see all the commands available.

7- To send a e-mail using the secure channel, you will need a valid gmail account and use the command:       

sec_email -f <sender@email.com > -t <recipient@email.com> -s <www.mail.server.com> [-u <Username>] [-p <Password>] [-j <"email subject">] [-m <"text of email message"]>

 

For example:       

sec_email -f user@gmail.com -t recipient@email.com -s smtp.gmail.com -u user@gmail.com -p mypassword -j "email subject" -m "text of email message"

 

Some additional notes:

 

- The Certificate Authority (CA) file from Equifax, used for Gmail, is decoded in hexadecimal to a c array and it is located in the file rtcs_smtp_ssl.c , in the \middleware\tcpip\rtcs\source\apps folder:

 

132816_132816.pngpastedImage_2.png

 

- To connect to other servers with SSL support, you will need to obtain a valid Certificate Authority file for this server. You can do it in three steps: 1) Verify what is the certificate authority used by the server. One way to do it is using OpenSSL ( OpenSSL  ) ,  with s_client and the option -showcerts to see the server certificates and check the certificate Authority.Gmail uses Equifax as CA 2) After you know the Certificate Authority of the server, you can get the certificate file in pem file format on a e-mail client for PC (e.g. Outlook).In this case , Outlook has the Equifax certificate file.All the certificate files need to start with -----BEGIN CERTIFICATE----- and to finish with -----END CERTIFICATE----- ,as below 3) You need to convert your CA file to a c language array. You can use Bin2h to do the task.

 

132813_132813.pngpastedImage_47.png

     PEM file generated by Equifax before to be converted to a c array

 

All the files used to build the demo are included on the file attached. The SSL connection using the WolfSSL software is made on the file rtcs_smtp_ssl.c.

Labels (1)
Attachments
Comments

Hi Denis,

Thanks for putting together this example!  Do you mind if we blog about your example on the wolfSSL blog?

Best Regards,

Chris

Hello Chris! Absolutely! Feel free to do it, and let me know if you need any additional information!

Hi Denis,

Thanks for putting up this example together.

While I try to run this project, I keep getting this error,

SMTPClient - Connection failed. Error: 0x1649
ASN no signer error to confirm failure
  Unable to connect to smtp.gmail.com.
  Email sending failed.

Could you point me as to where I could be going wrong?

Thanks & Regards

Manju Narayan

Every time I try to set up the SMTP server for the gmail I receive an gmail server error 007

Please help me to fix the problem. I want the solution fast because I could not use my gmail in any other mailbox.

Version history
Revision #:
1 of 1
Last update:
‎01-26-2016 04:14 PM
Updated by: