From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/67401
Path: news.gmane.org!not-for-mail
From: David Engster <deng@randomsample.de>
Newsgroups: gmane.emacs.gnus.general
Subject: Re: Decoding application/x-pkcs7-mime?
Date: Wed, 17 Sep 2008 12:34:07 +0200
Message-ID: <kzljxr5ae8.fsf@kafka.physik3.gwdg.de>
References: <m2zlm9sd07.fsf@nwalsh.com> <kz4p4giicc.fsf@kafka.physik3.gwdg.de>
	<87r67jqm1i.fsf@broken.deisui.org>
NNTP-Posting-Host: lo.gmane.org
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="=-=-="
X-Trace: ger.gmane.org 1221647712 5269 80.91.229.12 (17 Sep 2008 10:35:12 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Wed, 17 Sep 2008 10:35:12 +0000 (UTC)
To: ding@gnus.org
Original-X-From: ding-owner+M15852@lists.math.uh.edu Wed Sep 17 12:36:09 2008
Return-path: <ding-owner+M15852@lists.math.uh.edu>
Envelope-to: ding-account@gmane.org
Original-Received: from util0.math.uh.edu ([129.7.128.18])
	by lo.gmane.org with esmtp (Exim 4.50)
	id 1KfuOB-0003HH-MY
	for ding-account@gmane.org; Wed, 17 Sep 2008 12:36:04 +0200
Original-Received: from localhost ([127.0.0.1] helo=lists.math.uh.edu)
	by util0.math.uh.edu with smtp (Exim 4.63)
	(envelope-from <ding-owner+M15852@lists.math.uh.edu>)
	id 1KfuMR-0006fm-Km; Wed, 17 Sep 2008 05:34:15 -0500
Original-Received: from mx2.math.uh.edu ([129.7.128.33])
	by util0.math.uh.edu with esmtps (TLSv1:AES256-SHA:256)
	(Exim 4.63)
	(envelope-from <deng@randomsample.de>)
	id 1KfuMQ-0006fa-AR
	for ding@lists.math.uh.edu; Wed, 17 Sep 2008 05:34:14 -0500
Original-Received: from quimby.gnus.org ([80.91.231.51])
	by mx2.math.uh.edu with esmtp (Exim 4.69)
	(envelope-from <deng@randomsample.de>)
	id 1KfuML-00077X-Sb
	for ding@lists.math.uh.edu; Wed, 17 Sep 2008 05:34:14 -0500
Original-Received: from m61s02.vlinux.de ([83.151.21.164])
	by quimby.gnus.org with esmtp (Exim 3.36 #1 (Debian))
	id 1KfuMP-000804-00
	for <ding@gnus.org>; Wed, 17 Sep 2008 12:34:13 +0200
Original-Received: from kafka.physik3.gwdg.de ([134.76.92.48])
	by m61s02.vlinux.de with esmtpsa (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32)
	(Exim 4.63)
	(envelope-from <deng@randomsample.de>)
	id 1KfuMS-00080v-1R
	for ding@gnus.org; Wed, 17 Sep 2008 12:34:16 +0200
Mail-Copies-To: never
Mail-Followup-To: ding@gnus.org
In-Reply-To: <87r67jqm1i.fsf@broken.deisui.org> (Daiki Ueno's message of "Wed,
	17 Sep 2008 16:16:57 +0900")
User-Agent: Gnus/5.110011 (No Gnus v0.11) Emacs/22.2.90 (gnu/linux)
X-Spam-Score: -2.6 (--)
List-ID: <ding.gnus.org>
Precedence: bulk
Xref: news.gmane.org gmane.emacs.gnus.general:67401
Archived-At: <http://permalink.gmane.org/gmane.emacs.gnus.general/67401>

--=-=-=

Daiki Ueno <ueno@unixuser.org> writes:
> Well, S/MIME may have several different formats (see RFC2633 3.8).  As
> of now Gnus' gpgsm backend does not handle all of them.  In summary:
>
> * sign using multipart/signed - supported
> * verify using multipart/signed - supported
> * verify using application/x-pkcs7-mime - not supported
> * encrypt using application/pkcs7-mime - supported
> * decrypt using application/pkcs7-mime - not supported
>
> Other combinations of operations and formats such as:
>
> * sign using application/pkcs7-mime
> * decrypt using application/octet-stream
>
> are not even supported by the OpenSSL backend.

Thank you for that overview.

> By the way, for those who are interested in playing around gpgsm, I
> wrote a short instruction to setup gpgsm with CAcert's client
> certificates.  After the setup, you can use it from Gnus with:
>
> (setq mml-smime-use 'epg)
>
> 0. Install gpgsm, dirmngr, etc.
[...]

This works! Thank you for that HOWTO, it is very helpful.

As you state above, signing and verifying with mulipart/signed works
without problems. I can also encrypt, but not decrypt with
application/pkcs7-mime.

I only noted one problem: I often get signed mails which have a protocol
"application/x-pkcs7-signature", instead of
"application/pkcs7-signature". I usually get those "x-pkcs7-signature"
from people using MS Exchange. It isn't even mentioned in the RFC - is
this a standard? Otherwise, they don't seem to be different in any way
from those messages with a "pkcs7-signature" part.

Anyway, I attached a patch for mml-smime.el which also checks for
"x-pkcs7-signature". I'm not familiar with this part of Gnus, so
I'd appreciate any comments regarding this issue.

Regards,
David


--=-=-=
Content-Type: text/x-diff
Content-Disposition: inline; filename=mml-smime-x-pkcs7-patch.diff

--- mml-smime.el.~7.23.~	2008-05-19 10:47:42.000000000 +0200
+++ mml-smime.el	2008-09-17 11:56:12.000000000 +0200
@@ -520,10 +520,14 @@
 					   ctl 'protocol)
 					  "application/pkcs7-signature")
 				  t)))
-		(null (setq signature (mm-find-part-by-type
-				       (cdr handle)
-				       "application/pkcs7-signature"
-				       nil t))))
+		(null (setq signature (or (mm-find-part-by-type
+					   (cdr handle)
+					   "application/pkcs7-signature"
+					   nil t)
+					  (mm-find-part-by-type
+					   (cdr handle)
+					   "application/x-pkcs7-signature"
+					   nil t)))))
 	(mm-set-handle-multipart-parameter
 	 mm-security-handle 'gnus-info "Corrupted")
 	(throw 'error handle))

--=-=-=--