From: David Engster <deng@randomsample.de>
To: ding@gnus.org
Subject: Re: Decoding application/x-pkcs7-mime?
Date: Wed, 17 Sep 2008 12:34:07 +0200 [thread overview]
Message-ID: <kzljxr5ae8.fsf@kafka.physik3.gwdg.de> (raw)
In-Reply-To: <87r67jqm1i.fsf@broken.deisui.org> (Daiki Ueno's message of "Wed, 17 Sep 2008 16:16:57 +0900")
[-- Attachment #1: Type: text/plain, Size: 1730 bytes --]
Daiki Ueno <ueno@unixuser.org> writes:
> Well, S/MIME may have several different formats (see RFC2633 3.8). As
> of now Gnus' gpgsm backend does not handle all of them. In summary:
>
> * sign using multipart/signed - supported
> * verify using multipart/signed - supported
> * verify using application/x-pkcs7-mime - not supported
> * encrypt using application/pkcs7-mime - supported
> * decrypt using application/pkcs7-mime - not supported
>
> Other combinations of operations and formats such as:
>
> * sign using application/pkcs7-mime
> * decrypt using application/octet-stream
>
> are not even supported by the OpenSSL backend.
Thank you for that overview.
> By the way, for those who are interested in playing around gpgsm, I
> wrote a short instruction to setup gpgsm with CAcert's client
> certificates. After the setup, you can use it from Gnus with:
>
> (setq mml-smime-use 'epg)
>
> 0. Install gpgsm, dirmngr, etc.
[...]
This works! Thank you for that HOWTO, it is very helpful.
As you state above, signing and verifying with mulipart/signed works
without problems. I can also encrypt, but not decrypt with
application/pkcs7-mime.
I only noted one problem: I often get signed mails which have a protocol
"application/x-pkcs7-signature", instead of
"application/pkcs7-signature". I usually get those "x-pkcs7-signature"
from people using MS Exchange. It isn't even mentioned in the RFC - is
this a standard? Otherwise, they don't seem to be different in any way
from those messages with a "pkcs7-signature" part.
Anyway, I attached a patch for mml-smime.el which also checks for
"x-pkcs7-signature". I'm not familiar with this part of Gnus, so
I'd appreciate any comments regarding this issue.
Regards,
David
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: mml-smime-x-pkcs7-patch.diff --]
[-- Type: text/x-diff, Size: 696 bytes --]
--- mml-smime.el.~7.23.~ 2008-05-19 10:47:42.000000000 +0200
+++ mml-smime.el 2008-09-17 11:56:12.000000000 +0200
@@ -520,10 +520,14 @@
ctl 'protocol)
"application/pkcs7-signature")
t)))
- (null (setq signature (mm-find-part-by-type
- (cdr handle)
- "application/pkcs7-signature"
- nil t))))
+ (null (setq signature (or (mm-find-part-by-type
+ (cdr handle)
+ "application/pkcs7-signature"
+ nil t)
+ (mm-find-part-by-type
+ (cdr handle)
+ "application/x-pkcs7-signature"
+ nil t)))))
(mm-set-handle-multipart-parameter
mm-security-handle 'gnus-info "Corrupted")
(throw 'error handle))
prev parent reply other threads:[~2008-09-17 10:34 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-09-15 14:24 Norman Walsh
2008-09-16 8:15 ` Steinar Bang
2008-09-16 8:23 ` Steinar Bang
2008-09-16 8:51 ` David Engster
2008-09-16 9:23 ` Rupert Swarbrick
2008-09-16 9:34 ` David Engster
2008-09-16 9:42 ` Rupert Swarbrick
2008-09-17 7:16 ` Daiki Ueno
2008-09-17 10:34 ` David Engster [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=kzljxr5ae8.fsf@kafka.physik3.gwdg.de \
--to=deng@randomsample.de \
--cc=ding@gnus.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).