Re: Decoding application/x-pkcs7-mime?

[David Engster <deng@randomsample.de>]

[-- Attachment #1: Type: text/plain, Size: 1730 bytes --]

Daiki Ueno <ueno@unixuser.org> writes:
> Well, S/MIME may have several different formats (see RFC2633 3.8).  As
> of now Gnus' gpgsm backend does not handle all of them.  In summary:
>
> * sign using multipart/signed - supported
> * verify using multipart/signed - supported
> * verify using application/x-pkcs7-mime - not supported
> * encrypt using application/pkcs7-mime - supported
> * decrypt using application/pkcs7-mime - not supported
>
> Other combinations of operations and formats such as:
>
> * sign using application/pkcs7-mime
> * decrypt using application/octet-stream
>
> are not even supported by the OpenSSL backend.

Thank you for that overview.

> By the way, for those who are interested in playing around gpgsm, I
> wrote a short instruction to setup gpgsm with CAcert's client
> certificates.  After the setup, you can use it from Gnus with:
>
> (setq mml-smime-use 'epg)
>
> 0. Install gpgsm, dirmngr, etc.
[...]

This works! Thank you for that HOWTO, it is very helpful.

As you state above, signing and verifying with mulipart/signed works
without problems. I can also encrypt, but not decrypt with
application/pkcs7-mime.

I only noted one problem: I often get signed mails which have a protocol
"application/x-pkcs7-signature", instead of
"application/pkcs7-signature". I usually get those "x-pkcs7-signature"
from people using MS Exchange. It isn't even mentioned in the RFC - is
this a standard? Otherwise, they don't seem to be different in any way
from those messages with a "pkcs7-signature" part.

Anyway, I attached a patch for mml-smime.el which also checks for
"x-pkcs7-signature". I'm not familiar with this part of Gnus, so
I'd appreciate any comments regarding this issue.

Regards,
David


[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: mml-smime-x-pkcs7-patch.diff --]
[-- Type: text/x-diff, Size: 696 bytes --]

--- mml-smime.el.~7.23.~	2008-05-19 10:47:42.000000000 +0200
+++ mml-smime.el	2008-09-17 11:56:12.000000000 +0200
@@ -520,10 +520,14 @@
 					   ctl 'protocol)
 					  "application/pkcs7-signature")
 				  t)))
-		(null (setq signature (mm-find-part-by-type
-				       (cdr handle)
-				       "application/pkcs7-signature"
-				       nil t))))
+		(null (setq signature (or (mm-find-part-by-type
+					   (cdr handle)
+					   "application/pkcs7-signature"
+					   nil t)
+					  (mm-find-part-by-type
+					   (cdr handle)
+					   "application/x-pkcs7-signature"
+					   nil t)))))
 	(mm-set-handle-multipart-parameter
 	 mm-security-handle 'gnus-info "Corrupted")
 	(throw 'error handle))