From: Josh Huber <huber@alum.wpi.edu>
Subject: [COMMIT] sign & encrypt changes
Date: Wed, 01 May 2002 18:22:05 -0400 [thread overview]
Message-ID: <87adrjse42.fsf@alum.wpi.edu> (raw)
NOTE: This patch has been committed.
Please take a look at this, and test it out.
As I've mentioned before, there are two ways to sign & encrypt a
message:
1. perform the two operations separately: sign, then encrypt.
2. perform the two operations as one: sign & encrypt at the same time.
#2 is generally desireable. I've made the changes for pgpmime to
support this style of signencrypt. Whether or not Gnus tries to do
this is controlled by the mml-signencrypt-style alist -- as you can
see the only method using it is pgpmime.
For other methods, signencrypt == style #1 still. I haven't changed
the code for pgp or smime yet, as I don't use those methods and I'd
like to make sure things are still sane at this point.
I've also fixed some documentation, and changed the default for
gnus-message-replysignencrypted. (t just makes more sense).
So, now when you C-c C-m c p, you'll get a secure tag which has
signencrypt as the mode, and you should get a single encrypted (and
also signed) part instead of an encrypted part which contains a signed
part. Less overhead is good.
I'd also like to know if smime can perform this operation -- I seem to
remember someone mentioning that it didn't work for them. Are you
supposed to be able to sign & encrypt in one invocation of
openssl (this is the utility used for smime, correct?)?
lisp/ChangeLog addition:
2002-05-01 Josh Huber <huber@alum.wpi.edu>
* gnus-msg.el (gnus-message-replysignencrypted): enabled by
default.
* mml-sec.el:
* mml-sec.el (mml-signencrypt-style): New.
* mml-sec.el (mml-pgpmime-encrypt-buffer): Accept optional
argument `sign'.
* mml-sec.el (mml-secure-message-encrypt-pgp): Changed default to
signencrypt.
* mml-sec.el (mml-secure-message-encrypt-pgpmime): Ditto.
* mml.el (mml-generate-mime-1): Changed logic so a part which is
both signed & encryped is processed in one operation. (rather than
two separate ops: sign, then encrypt)
* mml2015.el (mml2015-gpg-extract-signature-details): Give some
indication if a message is signed by an expired key.
* mml2015.el (mml2015-gpg-encrypt): Accept optional argument which
enables combined sign & encrypt operation. (this was always on
before).
* mml2015.el (mml2015-encrypt): Accept optional argument `sign'.
texi/ChangeLog addition:
2002-05-01 Josh Huber <huber@alum.wpi.edu>
* gnus.texi (Signing and encrypting): Fix doc. Also, add a
paragraph about replysign/replyencrypt/replysignencryped use.
gnus source patch:
Diff command: cvs -q diff -u
Files affected: texi/gnus.texi lisp/mml2015.el lisp/mml.el lisp/mml-sec.el lisp/gnus-msg.el
Index: lisp/gnus-msg.el
===================================================================
RCS file: /usr/local/cvsroot/gnus/lisp/gnus-msg.el,v
retrieving revision 6.87
diff -u -r6.87 gnus-msg.el
--- lisp/gnus-msg.el 2002/04/27 23:07:35 6.87
+++ lisp/gnus-msg.el 2002/05/01 22:06:22
@@ -234,7 +234,7 @@
:type 'boolean)
(defcustom gnus-message-replysignencrypted
- nil
+ t
"Setting this causes automatically encryped messages to also be signed."
:group 'gnus-message
:type 'boolean)
Index: lisp/mml-sec.el
===================================================================
RCS file: /usr/local/cvsroot/gnus/lisp/mml-sec.el,v
retrieving revision 1.13
diff -u -r1.13 mml-sec.el
--- lisp/mml-sec.el 2002/04/14 04:10:15 1.13
+++ lisp/mml-sec.el 2002/05/01 22:06:22
@@ -46,6 +46,13 @@
(defvar mml-default-encrypt-method (caar mml-encrypt-alist)
"Default encryption method.")
+(defvar mml-signencrypt-style
+ '(("smime" separate)
+ ("pgp" separate)
+ ("pgpmime" combined))
+ "Alist specifying whether or not a single sign & encrypt
+operation should be perfomed when requesting signencrypt.")
+
;;; Security functions
(defun mml-smime-sign-buffer (cont)
@@ -68,8 +75,8 @@
(or (mml2015-sign cont)
(error "Signing failed... inspect message logs for errors")))
-(defun mml-pgpmime-encrypt-buffer (cont)
- (or (mml2015-encrypt cont)
+(defun mml-pgpmime-encrypt-buffer (cont &optional sign)
+ (or (mml2015-encrypt cont sign)
(error "Encryption failed... inspect message logs for errors")))
(defun mml-secure-part (method &optional sign)
@@ -174,21 +181,17 @@
(interactive "P")
(mml-secure-message "smime" (if dontsign 'encrypt 'signencrypt)))
-;;; NOTE: this should be switched to use signencrypt
-;;; once it does something sensible
(defun mml-secure-message-encrypt-pgp (&optional dontsign)
"Add MML tag to encrypt and sign the entire message.
If called with a prefix argument, only encrypt (do NOT sign)."
(interactive "P")
- (mml-secure-message "pgp" (if dontsign 'encrypt 'encrypt)))
+ (mml-secure-message "pgp" (if dontsign 'encrypt 'signencrypt)))
-;;; NOTE: this should be switched to use signencrypt
-;;; once it does something sensible
(defun mml-secure-message-encrypt-pgpmime (&optional dontsign)
"Add MML tag to encrypt and sign the entire message.
If called with a prefix argument, only encrypt (do NOT sign)."
(interactive "P")
- (mml-secure-message "pgpmime" (if dontsign 'encrypt 'encrypt)))
+ (mml-secure-message "pgpmime" (if dontsign 'encrypt 'signencrypt)))
(provide 'mml-sec)
Index: lisp/mml.el
===================================================================
RCS file: /usr/local/cvsroot/gnus/lisp/mml.el,v
retrieving revision 6.53
diff -u -r6.53 mml.el
--- lisp/mml.el 2002/04/14 04:10:15 6.53
+++ lisp/mml.el 2002/05/01 22:06:22
@@ -530,22 +530,30 @@
(insert "\n--" mml-boundary "--\n")))))
(t
(error "Invalid element: %S" cont)))
- (let ((item (assoc (cdr (assq 'sign cont)) mml-sign-alist))
+ ;; handle sign & encrypt tags in a semi-smart way.
+ (let ((sign-item (assoc (cdr (assq 'sign cont)) mml-sign-alist))
+ (encrypt-item (assoc (cdr (assq 'encrypt cont))
+ mml-encrypt-alist))
sender recipients)
- (when item
+ (when (or sign-item encrypt-item)
(if (setq sender (cdr (assq 'sender cont)))
(message-options-set 'message-sender sender))
(if (setq recipients (cdr (assq 'recipients cont)))
(message-options-set 'message-recipients recipients))
- (funcall (nth 1 item) cont)))
- (let ((item (assoc (cdr (assq 'encrypt cont)) mml-encrypt-alist))
- sender recipients)
- (when item
- (if (setq sender (cdr (assq 'sender cont)))
- (message-options-set 'message-sender sender))
- (if (setq recipients (cdr (assq 'recipients cont)))
- (message-options-set 'message-recipients recipients))
- (funcall (nth 1 item) cont))))))
+ (let ((style (second (assoc (first sign-item)
+ mml-signencrypt-style))))
+ ;; check if: we're both signing & encrypting, both methods
+ ;; are the same (why would they be different?!), and that
+ ;; the signencrypt style allows for combined operation.
+ (if (and sign-item encrypt-item (equal (first sign-item)
+ (first encrypt-item))
+ (equal style 'combined))
+ (funcall (nth 1 encrypt-item) cont t)
+ ;; otherwise, revert to the old behavior.
+ (when sign-item
+ (funcall (nth 1 sign-item) cont))
+ (when encrypt-item
+ (funcall (nth 1 encrypt-item) cont)))))))))
(defun mml-compute-boundary (cont)
"Return a unique boundary that does not exist in CONT."
Index: lisp/mml2015.el
===================================================================
RCS file: /usr/local/cvsroot/gnus/lisp/mml2015.el,v
retrieving revision 6.43
diff -u -r6.43 mml2015.el
--- lisp/mml2015.el 2002/02/20 00:15:32 6.43
+++ lisp/mml2015.el 2002/05/01 22:06:22
@@ -414,10 +414,13 @@
(defun mml2015-gpg-extract-signature-details ()
(goto-char (point-min))
(if (boundp 'gpg-unabbrev-trust-alist)
- (let* ((signer (and (re-search-forward
- "^\\[GNUPG:\\] GOODSIG [0-9A-Za-z]* \\(.*\\)$"
+ (let* ((expired (re-search-forward
+ "^\\[GNUPG:\\] SIGEXPIRED$"
+ nil t))
+ (signer (and (re-search-forward
+ "^\\[GNUPG:\\] GOODSIG \\([0-9A-Za-z]*\\) \\(.*\\)$"
nil t)
- (match-string 1)))
+ (cons (match-string 1) (match-string 2))))
(fprint (and (re-search-forward
"^\\[GNUPG:\\] VALIDSIG \\([0-9a-zA-Z]*\\) "
nil t)
@@ -429,12 +432,16 @@
(trust-good-enough-p
(cdr (assoc (cdr (assoc trust gpg-unabbrev-trust-alist))
mml2015-trust-boundaries-alist))))
- (if (and signer trust fprint)
- (concat signer
- (unless trust-good-enough-p
- (concat "\nUntrusted, Fingerprint: "
- (mml2015-gpg-pretty-print-fpr fprint))))
- "From unknown user"))
+ (cond ((and signer fprint)
+ (concat (cdr signer)
+ (unless trust-good-enough-p
+ (concat "\nUntrusted, Fingerprint: "
+ (mml2015-gpg-pretty-print-fpr fprint)))
+ (when expired
+ (format "\nWARNING: Signature from expired key (%s)"
+ (car signer)))))
+ (t
+ "From unknown user")))
(if (re-search-forward "^gpg: Good signature from \"\\(.*\\)\"$" nil t)
(match-string 1)
"From unknown user")))
@@ -559,28 +566,39 @@
(insert (format "--%s--\n" boundary))
(goto-char (point-max)))))
-(defun mml2015-gpg-encrypt (cont)
+(defun mml2015-gpg-encrypt (cont &optional sign-also)
(let ((boundary
(funcall mml-boundary-function (incf mml-multipart-number)))
(text (current-buffer))
cipher)
(mm-with-unibyte-current-buffer-mule4
(with-temp-buffer
- (unless (gpg-sign-encrypt
- text (setq cipher (current-buffer))
- mml2015-result-buffer
- (split-string
- (or
- (message-options-get 'message-recipients)
- (message-options-set 'message-recipients
- (read-string "Recipients: ")))
- "[ \f\t\n\r\v,]+")
- nil
- (message-options-get 'message-sender)
- t t) ; armor & textmode
- (unless (> (point-max) (point-min))
- (pop-to-buffer mml2015-result-buffer)
- (error "Encrypt error")))
+ (flet ((gpg-encrypt-func
+ (sign plaintext ciphertext result recipients &optional
+ passphrase sign-with-key armor textmode)
+ (if sign-also
+ (gpg-sign-encrypt
+ plaintext ciphertext result recipients passphrase
+ sign-with-key armor textmode)
+ (gpg-encrypt
+ plaintext ciphertext result recipients passphrase
+ armor textmode))))
+ (unless (gpg-encrypt-func
+ sign-also ; passed in when using signencrypt
+ text (setq cipher (current-buffer))
+ mml2015-result-buffer
+ (split-string
+ (or
+ (message-options-get 'message-recipients)
+ (message-options-set 'message-recipients
+ (read-string "Recipients: ")))
+ "[ \f\t\n\r\v,]+")
+ nil
+ (message-options-get 'message-sender)
+ t t) ; armor & textmode
+ (unless (> (point-max) (point-min))
+ (pop-to-buffer mml2015-result-buffer)
+ (error "Encrypt error"))))
(goto-char (point-min))
(while (re-search-forward "\r+$" nil t)
(replace-match "" t t))
@@ -641,11 +659,11 @@
mml2015-use)
;;;###autoload
-(defun mml2015-encrypt (cont)
+(defun mml2015-encrypt (cont &optional sign)
(mml2015-clean-buffer)
(let ((func (nth 2 (assq mml2015-use mml2015-function-alist))))
(if func
- (funcall func cont)
+ (funcall func cont sign)
(error "Cannot find encrypt function"))))
;;;###autoload
Index: texi/gnus.texi
===================================================================
RCS file: /usr/local/cvsroot/gnus/texi/gnus.texi,v
retrieving revision 6.276
diff -u -r6.276 gnus.texi
--- texi/gnus.texi 2002/05/01 00:18:31 6.276
+++ texi/gnus.texi 2002/05/01 22:06:28
@@ -11226,6 +11226,14 @@
@sc{Mailcrypt}, you need to install at least one of them. The
@sc{s/mime} support in Gnus requires the external program OpenSSL.
+Often, you would like to sign replies to people who send you signed
+messages. Even more often, you might want to encrypt messages which
+are in reply to encrypted messages. Gnus offers
+@code{gnus-message-replysign} to enable the former, and
+@code{gnus-message-replyencrypt} for the latter. In addition, setting
+@code{gnus-message-replysignencrypted} (on by default) will sign
+automatically encrypted messages.
+
Instructing MML to perform security operations on a @sc{mime} part is
done using the @kbd{C-c C-m s} key map for signing and the @kbd{C-c
C-m c} key map for encryption, as follows.
@@ -11234,39 +11242,39 @@
@item C-c C-m s s
@kindex C-c C-m s s
-@findex mml-secure-sign-smime
+@findex mml-secure-message-sign-smime
-Digitally sign current @sc{mime} part using @sc{s/mime}.
+Digitally sign current message using @sc{s/mime}.
@item C-c C-m s o
@kindex C-c C-m s o
-@findex mml-secure-sign-pgp
+@findex mml-secure-message-sign-pgp
-Digitally sign current @sc{mime} part using PGP.
+Digitally sign current message using PGP.
@item C-c C-m s p
@kindex C-c C-m s p
-@findex mml-secure-sign-pgp
+@findex mml-secure-message-sign-pgp
-Digitally sign current @sc{mime} part using @sc{pgp/mime}.
+Digitally sign current message using @sc{pgp/mime}.
@item C-c C-m c s
@kindex C-c C-m c s
-@findex mml-secure-encrypt-smime
+@findex mml-secure-message-encrypt-smime
-Digitally encrypt current @sc{mime} part using @sc{s/mime}.
+Digitally encrypt current message using @sc{s/mime}.
@item C-c C-m c o
@kindex C-c C-m c o
-@findex mml-secure-encrypt-pgp
+@findex mml-secure-message-encrypt-pgp
-Digitally encrypt current @sc{mime} part using PGP.
+Digitally encrypt current message using PGP.
@item C-c C-m c p
@kindex C-c C-m c p
-@findex mml-secure-encrypt-pgpmime
+@findex mml-secure-message-encrypt-pgpmime
-Digitally encrypt current @sc{mime} part using @sc{pgp/mime}.
+Digitally encrypt current message using @sc{pgp/mime}.
@item C-c C-m C-n
@kindex C-c C-m C-n
--
Josh Huber
next reply other threads:[~2002-05-01 22:22 UTC|newest]
Thread overview: 68+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-05-01 22:22 Josh Huber [this message]
2002-05-02 6:46 ` Florian Weimer
2002-05-02 13:13 ` Josh Huber
2002-05-02 14:14 ` Florian Weimer
2002-05-02 15:02 ` Josh Huber
2002-05-02 16:06 ` Dmitry Bely
2002-05-02 16:16 ` Josh Huber
2002-05-02 17:44 ` Dmitry Bely
2002-05-02 17:57 ` Florian Weimer
2002-05-02 16:49 ` Florian Weimer
2002-05-02 17:11 ` Dmitry Bely
2002-05-02 17:19 ` Florian Weimer
2002-05-02 17:37 ` Copyright/license issues (was: [COMMIT] sign & encrypt changes) Dmitry Bely
2002-05-02 17:48 ` Florian Weimer
2002-05-02 18:04 ` Jorgen Schaefer
2002-05-03 13:57 ` Dmitry Bely
2002-05-03 14:10 ` Kai Großjohann
2002-05-03 14:45 ` Dmitry Bely
2002-05-03 15:20 ` Paul Jarc
2002-05-03 17:46 ` Kai Großjohann
2002-05-04 14:15 ` Per Abrahamsen
2002-05-04 14:37 ` Simon Josefsson
2002-05-06 8:20 ` Dmitry Bely
2002-05-06 8:37 ` Matthieu Moy
2002-05-06 11:44 ` Dmitry Bely
2002-05-06 12:27 ` Matthieu Moy
2002-05-06 11:53 ` Per Abrahamsen
2002-05-06 12:31 ` Sean Neakums
2002-05-06 14:09 ` Wes Hardaker
2002-05-06 15:31 ` William M. Perry
2002-05-06 15:43 ` Wes Hardaker
2002-05-06 21:22 ` Florian Weimer
2002-05-07 13:50 ` Per Abrahamsen
2002-05-06 13:07 ` Dmitry Bely
2002-05-06 13:25 ` Simon Josefsson
2002-05-06 13:48 ` Dmitry Bely
2002-05-06 14:09 ` Simon Josefsson
2002-05-06 21:31 ` Florian Weimer
2002-05-07 13:56 ` Per Abrahamsen
2002-05-07 14:54 ` Simon Josefsson
2002-05-07 17:16 ` Dmitry Bely
2002-05-07 18:21 ` Wes Hardaker
2002-05-08 8:46 ` Dmitry Bely
2002-05-08 19:06 ` Russ Allbery
2002-05-13 13:40 ` Per Abrahamsen
2002-05-08 2:37 ` Russ Allbery
2002-05-06 18:56 ` Russ Allbery
2002-05-06 18:55 ` Russ Allbery
2002-05-06 19:50 ` Amos Gouaux
2002-05-06 20:06 ` Wes Hardaker
2002-05-06 20:25 ` Russ Allbery
2002-05-06 21:14 ` Wes Hardaker
2002-05-06 21:20 ` Russ Allbery
2002-05-06 21:37 ` Florian Weimer
2002-05-07 3:24 ` Wes Hardaker
2002-05-07 10:57 ` Kai Großjohann
2002-05-06 21:18 ` Florian Weimer
2002-05-03 19:18 ` Florian Weimer
2002-05-03 22:44 ` Wes Hardaker
2002-05-04 8:57 ` Florian Weimer
2002-05-04 14:27 ` Per Abrahamsen
2002-05-06 14:05 ` Wes Hardaker
2002-05-07 13:39 ` Per Abrahamsen
2002-05-08 15:29 ` Copyright/license issues Werner Koch
2002-05-03 19:21 ` [COMMIT] sign & encrypt changes Florian Weimer
2002-05-06 15:25 ` Josh Huber
2002-05-08 15:32 ` Werner Koch
2002-05-08 16:26 ` Josh Huber
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87adrjse42.fsf@alum.wpi.edu \
--to=huber@alum.wpi.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).