PGG and signature details in combined signed/encrypted mails

PGG and signature details in combined signed/encrypted mails

[Michael Teichgräber]

Hi,

the mml2015-pgg-[clear-]verify functions add some information about the
signature to the button 'gnus-info, if the verification has succeeded.

This also works for separately signed/encrypted messages, since the
mml2015*-verify functions are called in this case too.

For combined s/e messages this is different, since the signature is
being checked on the fly. When viewing messages of this kind, I see
just `Encrypted Part: OK', also if verification has failed because a
public key is not available.

I have seen some people ask about whether in this case some more
information could be visible inside the butten, like `Signer: ...'

The mml2015-pgg-[clear-]verify functions use
mml2015-gpg-extract-signature-details for getting this
information. But I suppose this would not give details if one is using
a pgg-scheme other than `gpg'.

To get a brief information about a verified signature in all cases
there could be a new function pgg-extract-signature-details in pgg.el,
that is called from within mml2015-pgg-[clear-]{decrypt,verify}.

This new function could then delegate the call via pgg-invoke
depending on `pgg-scheme'. The appended example patch demonstrates
this, implemented only for the gpg scheme. In pgg-gpg.el
pgg-gpg-extract-signature-details is a modified copy of the original
function in mml2015.el, and it detects failure because of missing
public key.

I am not sure whether this approach makes sense for the other PGG
schemes, since the pgp binaries perhaps don't give the sort of
details into pgg-errors-buffer as gpg does.

Michael

------------------------------------------------------------>8----------
Index: mml2015.el
===================================================================
RCS file: /usr/local/cvsroot/gnus/lisp/mml2015.el,v
retrieving revision 6.58
diff -u -p -r6.58 mml2015.el
--- mml2015.el	6 Apr 2003 01:23:53 -0000	6.58
+++ mml2015.el	6 Apr 2003 15:31:44 -0000
@@ -639,6 +639,7 @@
 (eval-and-compile
   (autoload 'pgg-decrypt-region "pgg")
   (autoload 'pgg-verify-region "pgg")
+  (autoload 'pgg-extract-signature-details "pgg")
   (autoload 'pgg-sign-region "pgg")
   (autoload 'pgg-encrypt-region "pgg"))
 
@@ -672,13 +673,16 @@
 		mm-security-handle 'gnus-details "Quit.")
 	       nil))
 	    (with-current-buffer pgg-output-buffer
-	      (goto-char (point-min))
-	      (while (search-forward "\r\n" nil t)
-		(replace-match "\n" t t))
-	      (setq handles (mm-dissect-buffer t))
-	      (mm-destroy-parts handle)
-	      (mm-set-handle-multipart-parameter
-	       mm-security-handle 'gnus-info "OK")
+	      (let ((sig (pgg-extract-signature-details)))
+		(goto-char (point-min))
+		(while (search-forward "\r\n" nil t)
+		  (replace-match "\n" t t))
+		(setq handles (mm-dissect-buffer t))
+		(mm-destroy-parts handle)
+		(mm-set-handle-multipart-parameter
+		 mm-security-handle 'gnus-info (if sig 
+						   (concat "OK, Signer:" sig) 
+						 "OK")))
 	      (mm-set-handle-multipart-parameter
 	       mm-security-handle 'gnus-details
 	       (concat decrypt-status
@@ -706,8 +710,10 @@
 	  (goto-char (point-min))
 	  (while (search-forward "\r\n" nil t)
 	    (replace-match "\n" t t))
-	  (mm-set-handle-multipart-parameter
-	   mm-security-handle 'gnus-info "OK"))
+	  (let ((sig (pgg-extract-signature-details)))
+	    (mm-set-handle-multipart-parameter
+	     mm-security-handle 'gnus-info (if sig (concat "OK, Signer:" sig) 
+					     "OK"))))
       (mm-set-handle-multipart-parameter
        mm-security-handle 'gnus-info "Failed"))))
 
@@ -764,8 +770,7 @@
 	      (delete-file signature-file)
 	      (mm-set-handle-multipart-parameter
 	       mm-security-handle 'gnus-info
-	       (with-current-buffer pgg-errors-buffer
-		 (mml2015-gpg-extract-signature-details))))
+	       (pgg-extract-signature-details)))
 	  (delete-file signature-file)
 	  (mm-set-handle-multipart-parameter
 	   mm-security-handle 'gnus-info "Failed")))))
@@ -798,9 +803,7 @@
 	    mm-security-handle 'gnus-details "Quit.")
 	   nil))
 	(mm-set-handle-multipart-parameter
-	 mm-security-handle 'gnus-info
-	 (with-current-buffer pgg-errors-buffer
-	   (mml2015-gpg-extract-signature-details)))
+	 mm-security-handle 'gnus-info (pgg-extract-signature-details))
       (mm-set-handle-multipart-parameter
        mm-security-handle 'gnus-info "Failed"))))
 
Index: pgg-gpg.el
===================================================================
RCS file: /usr/local/cvsroot/gnus/lisp/pgg-gpg.el,v
retrieving revision 6.13
diff -u -p -r6.13 pgg-gpg.el
--- pgg-gpg.el	6 Apr 2003 00:18:33 -0000	6.13
+++ pgg-gpg.el	6 Apr 2003 15:31:44 -0000
@@ -194,6 +194,43 @@ If optional argument SIGN is non-nil, do
       (goto-char (point-min))
       (re-search-forward "^\\[GNUPG:] GOODSIG\\>" nil t))))
 
+(defun pgg-gpg-extract-signature-details ()
+  "Extract details about signature verification from current buffer, that
+is supposed to contain the output of the last gpg invocation."
+  (goto-char (point-min))
+  (let* ((expired (re-search-forward
+		   "^\\[GNUPG:\\] SIGEXPIRED$"
+		   nil t))
+	 (signer (and (re-search-forward
+		       "^\\[GNUPG:\\] GOODSIG \\([0-9A-Za-z]*\\) \\(.*\\)$"
+		       nil t)
+		      (cons (match-string 1) (match-string 2))))
+	 (fprint (and (re-search-forward
+		       "^\\[GNUPG:\\] VALIDSIG \\([0-9a-zA-Z]*\\) "
+		       nil t)
+		      (match-string 1)))
+	 (trust  (and (re-search-forward
+		       "^\\[GNUPG:\\] \\(TRUST_.*\\)$"
+		       nil t)
+		      (match-string 1)))
+	 (trust-good-enough-p
+	  (cdr (assoc trust mml2015-unabbrev-trust-alist))))
+    (cond ((and signer fprint)
+	   (concat (cdr signer)
+		   (unless trust-good-enough-p
+		     (concat "\nUntrusted, Fingerprint: "
+			     (mml2015-gpg-pretty-print-fpr fprint)))
+		   (when expired
+		     (format "\nWARNING: Signature from expired key (%s)"
+			     (car signer)))))
+	  ((re-search-forward
+	    "^\\(gpg: \\)?Good signature from \"\\(.*\\)\"$" nil t)
+	   (match-string 2))
+	  ((re-search-forward
+	    "^\\[GNUPG:\\] NO_PUBKEY ........\\(.*\\)$" nil t)
+	   (concat "0x" (match-string 1) 
+		   ", public key not found!" )))))
+
 (defun pgg-gpg-insert-key ()
   "Insert public key at point."
   (let* ((pgg-gpg-user-id (or pgg-gpg-user-id pgg-default-user-id))
Index: pgg.el
===================================================================
RCS file: /usr/local/cvsroot/gnus/lisp/pgg.el,v
retrieving revision 6.13
diff -u -p -r6.13 pgg.el
--- pgg.el	6 Apr 2003 00:18:33 -0000	6.13
+++ pgg.el	6 Apr 2003 15:31:45 -0000
@@ -306,6 +306,14 @@ within the region."
 				     pgg-errors-buffer)))))))
 
 ;;;###autoload
+(defun pgg-extract-signature-details ()
+  "Parses the output of the last PGP signature verification process. Returns 
+nil, if no details are found."
+  (with-current-buffer pgg-errors-buffer
+    (pgg-invoke 
+     "extract-signature-details" (or pgg-scheme pgg-default-scheme))))
+
+;;;###autoload
 (defun pgg-insert-key ()
   "Insert the ASCII armored public key."
   (interactive)
----------8<------------------------------------------------------------

Re: PGG and signature details in combined signed/encrypted mails

[Lars Magne Ingebrigtsen]

Michael Teichgräber <mt@wmipf.in-berlin.de> writes:

> This new function could then delegate the call via pgg-invoke
> depending on `pgg-scheme'. The appended example patch demonstrates
> this, implemented only for the gpg scheme. In pgg-gpg.el
> pgg-gpg-extract-signature-details is a modified copy of the original
> function in mml2015.el, and it detects failure because of missing
> public key.

I'm not really familiar with the encryption stuff, but I think this
makes sense.

Do you have FSF copyright assignment papers on file?  I need that
before I can apply patches of this magnitude to Gnus.

-- 
(domestic pets only, the antidote for overdose, milk.)
   larsi@gnus.org * Lars Magne Ingebrigtsen