Easypg: Handling of inline signatures

Easypg: Handling of inline signatures

[Elias Oltmanns]

Hi all,

running gnus cvs from today and easypg 0.0.6, I've stumbled upon some
strange behaviour wrt inline signatures. In my .emacs I have

--8<---------------cut here---------------start------------->8---
(defun custom-sign-hook ()
;  (setq pgg-default-user-id (message-field-value "From")))
  (setq mml2015-signers (list (message-field-value "From"))))
(add-hook 'message-send-hook 'custom-sign-hook)
--8<---------------cut here---------------end--------------->8---

Shipping off a message containing the tag <#secure method=pgp mode=sign>
just signs the message using the default gpg key rather than the one
matching the supplied From header. Viewing this message in the
sent-mail archive afterwards, I get a PGP Signed Part:Failed response
from epg, whereas pgg verifies the message correctly.

Quite different when I use method=pgpmime. In this case, everything
works as expected and the correct key is used for signing in the first
place too.

Do I have to adjust my configuration in order to get inline signatures
handled properly or am I right in considering this a bug?

Regards,

Elias

Re: Easypg: Handling of inline signatures

[Daiki Ueno]

>>>>> In <87y7rau4xf.fsf@denkblock.local> 
>>>>>	Elias Oltmanns <oltmanns@uni-bonn.de> wrote:
> running gnus cvs from today and easypg 0.0.6, I've stumbled upon some
> strange behaviour wrt inline signatures. In my .emacs I have

> --8<---------------cut here---------------start------------->8---
> (defun custom-sign-hook ()
> ;  (setq pgg-default-user-id (message-field-value "From")))
>   (setq mml2015-signers (list (message-field-value "From"))))
> (add-hook 'message-send-hook 'custom-sign-hook)
> --8<---------------cut here---------------end--------------->8---

> Shipping off a message containing the tag <#secure method=pgp mode=sign>
> just signs the message using the default gpg key rather than the one
> matching the supplied From header. Viewing this message in the
> sent-mail archive afterwards, I get a PGP Signed Part:Failed response
> from epg, whereas pgg verifies the message correctly.

Yes, EasyPG 0.0.6 has a bug of clearsign signature handling.  Please try
the CVS version[1] containing the following change.

2006-10-12  Daiki Ueno  <ueno@unixuser.org>

        * epg.el (epg-start-verify): Fixed a clearsign verification bug.
        Reported by Hirohisa Yamaguchi <umq@ueo.co.jp>.

Sorry for inconvenience.

Footnotes: 
[1]  $ cvs -z9 -d :pserver:anonymous@cvs.m17n.org:/cvs/root co epg
     $ cd epg && autoreconf -f -i

Regards,
-- 
Daiki Ueno

Re: Easypg: Handling of inline signatures

[Elias Oltmanns]

Daiki Ueno <ueno@unixuser.org> wrote:
>>>>>> In <87y7rau4xf.fsf@denkblock.local> 
>>>>>>	Elias Oltmanns <oltmanns@uni-bonn.de> wrote:
>> running gnus cvs from today and easypg 0.0.6, I've stumbled upon some
>> strange behaviour wrt inline signatures. In my .emacs I have
>
>> --8<---------------cut here---------------start------------->8---
>> (defun custom-sign-hook ()
>> ;  (setq pgg-default-user-id (message-field-value "From")))
>>   (setq mml2015-signers (list (message-field-value "From"))))
>> (add-hook 'message-send-hook 'custom-sign-hook)
>> --8<---------------cut here---------------end--------------->8---
>
>> Shipping off a message containing the tag <#secure method=pgp mode=sign>
>> just signs the message using the default gpg key rather than the one
>> matching the supplied From header. Viewing this message in the
>> sent-mail archive afterwards, I get a PGP Signed Part:Failed response
>> from epg, whereas pgg verifies the message correctly.
>
> Yes, EasyPG 0.0.6 has a bug of clearsign signature handling.  Please try
> the CVS version[1] containing the following change.

Indeed, this fixes the verification issue. However, when signing,
easypg still uses the default ID rather than the one specified in
mml2015-signers as described above. This is only the case when clear
signing and no issue with pgpmime signatures.

Regards,

Elias

Re: Easypg: Handling of inline signatures

[Daiki Ueno]

>>>>> In <871wp22h8i.fsf@denkblock.local> 
>>>>>	Elias Oltmanns <oltmanns@uni-bonn.de> wrote:
> >> --8<---------------cut here---------------start------------->8---
> >> (defun custom-sign-hook ()
> >> ;  (setq pgg-default-user-id (message-field-value "From")))
> >>   (setq mml2015-signers (list (message-field-value "From"))))
> >> (add-hook 'message-send-hook 'custom-sign-hook)
> >> --8<---------------cut here---------------end--------------->8---
> >
> >> Shipping off a message containing the tag <#secure method=pgp mode=sign>
> >> just signs the message using the default gpg key rather than the one
> >> matching the supplied From header. Viewing this message in the
> >> sent-mail archive afterwards, I get a PGP Signed Part:Failed response
> >> from epg, whereas pgg verifies the message correctly.
> >
> > Yes, EasyPG 0.0.6 has a bug of clearsign signature handling.  Please try
> > the CVS version[1] containing the following change.

> Indeed, this fixes the verification issue.

Thanks for testing.

> However, when signing, easypg still uses the default ID rather than
> the one specified in mml2015-signers as described above. This is only
> the case when clear signing and no issue with pgpmime signatures.

You have to set mml1991-signers instead of mml2015-signers?
;; I think mml<RFC#> is very bad naming though...

Regards,
-- 
Daiki Ueno

mml1991-signers and mml2015-signers (was: Easypg: Handling of inline signatures)

[Reiner Steib]

On Sat, Oct 21 2006, Daiki Ueno wrote:

> You have to set mml1991-signers instead of mml2015-signers?
> ;; I think mml<RFC#> is very bad naming though...

Would it make sense to introduce a new variable, say `mml-signers' (in
`mml-sec.el'?), and let both, `mml1991-signers' and `mml2015-signers',
default to the value of `mml-signers'.  Or make `mml????-signers'
obsolete and use the new variable throughout?

Bye, Reiner.
-- 
       ,,,
      (o o)
---ooO-(_)-Ooo---  |  PGP key available  |  http://rsteib.home.pages.de/

Re: mml1991-signers and mml2015-signers (was: Easypg: Handling of inline signatures)

[Elias Oltmanns]

Reiner Steib <reinersteib+gmane@imap.cc> wrote:
> On Sat, Oct 21 2006, Daiki Ueno wrote:
>
>> You have to set mml1991-signers instead of mml2015-signers?
>> ;; I think mml<RFC#> is very bad naming though...
>
> Would it make sense to introduce a new variable, say `mml-signers' (in
> `mml-sec.el'?), and let both, `mml1991-signers' and `mml2015-signers',
> default to the value of `mml-signers'.  Or make `mml????-signers'
> obsolete and use the new variable throughout?
 
I've just verified that setting mml1991-signers does indeed set my
issue. To me it seems that having one variable to control both cases
at the same time (at least as a fallback solution as suggested by
you) would be far less confusing.

Regards,

Elias

Re: mml1991-signers and mml2015-signers

[Daiki Ueno]

>>>>> In <87zmbpobnj.fsf@denkblock.local> 
>>>>>	Elias Oltmanns <oltmanns@uni-bonn.de> wrote:
> Reiner Steib <reinersteib+gmane@imap.cc> wrote:
> > On Sat, Oct 21 2006, Daiki Ueno wrote:
> >
> >> You have to set mml1991-signers instead of mml2015-signers?
> >> ;; I think mml<RFC#> is very bad naming though...
> >
> > Would it make sense to introduce a new variable, say `mml-signers' (in
> > `mml-sec.el'?), and let both, `mml1991-signers' and `mml2015-signers',
> > default to the value of `mml-signers'.  Or make `mml????-signers'
> > obsolete and use the new variable throughout?

> I've just verified that setting mml1991-signers does indeed set my
> issue. To me it seems that having one variable to control both cases
> at the same time (at least as a fallback solution as suggested by
> you) would be far less confusing.

Indeed there are a few variables in this kind.

mml-secure-verbose
mml-secure-cache-passphrase
mml-secure-passphrase-cache-expiry

mml-sec.el also handles S/MIME, as these variables are general purpuse,
they will make sense when I(?) make mml-smime.el to support EasyPG.

On the other hand, the value of mml-signers will be dependent on the
backend.  How about mml-secure-pgp-signers or mml-pgp-signers?

Regards,
-- 
Daiki Ueno