#Download Root certificate: wget -O swiss_governmentrootcaii.crt https://www.bit.admin.ch/dam/bit/de/dokumente/pki/scanning_center/swiss_governmentrootcaii.crt.download.crt/swiss_governmentrootcaii.crt #Convert Root certificate: openssl x509 -in swiss_governmentrootcaii.crt -out swiss_governmentrootcaii.pem -outform pem #Download Intermediate certificate: wget -O swiss_governmentregularca01.cer https://www.bit.admin.ch/dam/bit/de/dokumente/pki/scanning_center/swiss_governmentregularca01.cer.download.cer/swiss_governmentregularca01.cer #Convert Intermediate certificate: openssl x509 -inform der -in swiss_governmentregularca01.cer -out swiss_governmentregularca01.pem #Build CAfile (certificate chain): cat swiss_governmentrootcaii.pem swiss_governmentrootcaii.pem > swiss_gov_ca_cert.pem #Download blacklist.eml: wget -O blacklist.eml https://www.esbk.admin.ch/dam/data/esbk/illegalesspiel/zugangssperren/blacklist.eml #Verify blacklist.eml and extract certificate: openssl smime -verify -in blacklist.eml -CAfile swiss_gov_ca_cert.pem -signer cert.pem -out textdata #Expected output: #Verification successful #Check certificate of blacklist.eml has been issued for provider@esbk.admin.ch openssl x509 -noout -text -in cert.pem | grep provider@esbk.admin.ch | grep email | awk -Femail: '{ print $2}' #Expected output: #provider@esbk.admin.ch #Extract Address of revocation list openssl x509 -noout -text -in cert.pem | grep -A 4 'X509v3 CRL Distribution Points' | grep URI | awk -FURI: '{ print $2}' #Output: http://www.pki.admin.ch/crl/RegularCA01.crl #Download Revocation List: wget -O RegularCA01.crl http://www.pki.admin.ch/crl/RegularCA01.crl #Convert Revocation List to pem: openssl crl -inform DER -in RegularCA01.crl -outform PEM -out RegularC01.pem #Build Revocation chain: cat swiss_gov_ca_cert.pem RegularC01.pem > swiss_gov_ca_cert_and_crl.pem #Verify blacklist.eml against Certificate Chain AND Revocation List: openssl smime -verify -crl_check -in blacklist.eml -CAfile swiss_gov_ca_cert_and_crl.pem -out textdata #Expected output: #Verification successful #extract attachments from blacklist.eml: mu extract -a --overwrite blacklist.eml #Output: Textfile "esbk_blacklist.txt"