From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/44289 Path: main.gmane.org!not-for-mail From: david.goldberg6@verizon.net (David S. Goldberg) Newsgroups: gmane.emacs.gnus.general Subject: Re: signing and encrypting with new <#secure> tag Date: Tue, 16 Apr 2002 14:28:23 -0400 Sender: owner-ding@hpc.uh.edu Message-ID: References: <874rif2b3u.fsf@alum.wpi.edu> NNTP-Posting-Host: localhost.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: main.gmane.org 1018981912 20937 127.0.0.1 (16 Apr 2002 18:31:52 GMT) X-Complaints-To: usenet@main.gmane.org NNTP-Posting-Date: Tue, 16 Apr 2002 18:31:52 +0000 (UTC) Return-path: Original-Received: from malifon.math.uh.edu ([129.7.128.13]) by main.gmane.org with esmtp (Exim 3.33 #1 (Debian)) id 16xXk7-0005Ra-00 for ; Tue, 16 Apr 2002 20:31:51 +0200 Original-Received: from sina.hpc.uh.edu ([129.7.128.10] ident=lists) by malifon.math.uh.edu with esmtp (Exim 3.20 #1) id 16xXhD-0000bG-00; Tue, 16 Apr 2002 13:28:51 -0500 Original-Received: by sina.hpc.uh.edu (TLB v0.09a (1.20 tibbs 1996/10/09 22:03:07)); Tue, 16 Apr 2002 13:29:01 -0500 (CDT) Original-Received: from sclp3.sclp.com (qmailr@sclp3.sclp.com [209.196.61.66]) by sina.hpc.uh.edu (8.9.3/8.9.3) with SMTP id NAA17641 for ; Tue, 16 Apr 2002 13:28:48 -0500 (CDT) Original-Received: (qmail 4205 invoked by alias); 16 Apr 2002 18:28:33 -0000 Original-Received: (qmail 4200 invoked from network); 16 Apr 2002 18:28:33 -0000 Original-Received: from smtpproxy2.mitre.org (192.80.55.70) by gnus.org with SMTP; 16 Apr 2002 18:28:33 -0000 Original-Received: from avsrv2.mitre.org (avsrv2.mitre.org [128.29.154.4]) by smtpproxy2.mitre.org (8.11.3/8.11.3) with ESMTP id g3GISVx25535 for ; Tue, 16 Apr 2002 14:28:32 -0400 (EDT) Original-Received: from MAILHUB2 (mailhub2.mitre.org [129.83.221.18]) by smtpsrv2.mitre.org (8.11.3/8.11.3) with ESMTP id g3GISUu06197 for ; Tue, 16 Apr 2002 14:28:30 -0400 (EDT) Original-Received: from blackbird.mitre.org (129.83.10.221) by mailhub2.mitre.org with SMTP id 9913267; Tue, 16 Apr 2002 14:28:22 -0400 Original-To: The Gnus Mailing List X-Face: GUaHTH@nS>[7,ME@-gYZ4#Wl{z"99k@[[Y8AcP0x1paqu.,z9,XSV1WI>{q3f6^e5(zrit <4fV&VHhmE`uidRqtmG27;si9&r;#KSF~E#$%W8w(xdp)H4tW=\2XOk~3=@oGqqpj;m4xf Ow;y26396&,34@9#~4;@*S;E0cq"LM9N(us4P%F(Nxis'Vvfm9?KufH;:Q$dMa-QWGLR&K d0`LJZE8xb*>^yN>b]_NcU:E=Zn\1=#/(OS2 In-Reply-To: <874rif2b3u.fsf@alum.wpi.edu> (Josh Huber's message of "Sat, 13 Apr 2002 23:49:25 -0400") Original-Lines: 45 User-Agent: Gnus/5.090006 (Oort Gnus v0.06) XEmacs/21.4 (Common Lisp, sparc-sun-solaris2.7) Precedence: list X-Majordomo: 1.94.jlt7 Xref: main.gmane.org gmane.emacs.gnus.general:44289 X-Report-Spam: http://spam.gmane.org/gmane.emacs.gnus.general:44289 >>>>> On Sat, 13 Apr 2002 23:49:25 -0400, Josh Huber >>>>> said: > Well, they're not deprecated really, but they don't do the Right Thing > when your message has multiple parts. Those functions are for signing > & encrypting parts of a message, and the <#secure tags are basically a > meta tag which expands to either a part or multipart tag depending on > if there are attachments in the message. Ah. Thank you for that. I hadn't tried doing anything with attachments and so didn't notice. > Now, as for encrypt & sign, what to do? > I don't use S/MIME, so I didn't get a chance to test the secure tags > for it. > With PGP/MIME right now encrypting signs as well... > There are basically 2 ways to do it with PGP/MIME: > 1) sign the message using standard PGP/MIME signing, then encrypt that > message. > 2) encrypt the message with an embedded signature (using --sign with > GnuPG) > How does S/MIME handle sign+encrypt? I've only ever got openssl to handle option 1. It looks like it should be able to do option 2, but I haven't ever figured out how to do so properly. If I try to sign and encrypt in the same command line I end up with complaints about unable to decrypt PKCS7 structure. > Basically, the pgp and pgpmime functions use mode=encrypt for now > (always), but the smime ones default to signencrypt. I've set it up > so if you give the encrypt option a prefix argument it goes back to > only encrypting. > Please try it out! It works great. Thanks! -- Dave Goldberg david.goldberg6@verizon.net