Re: Bug#6654

[David Engster <deng@randomsample.de>]

[-- Attachment #1: Type: text/plain, Size: 1068 bytes --]

Daiki Ueno writes:
> Dave Goldberg <david.goldberg6@verizon.net> writes:
>> ... which parses the To: Cc: and Gcc: headers to come up with the list
>> of recipients and fill in the certfile tags based on that (the Gcc
>> check just results in a call for my personal key if Gcc exists)
>
> FWIW, you may want to try epg backend of mml-smime.  IIRC, it collects
> recipient addresses from To/Cc/Bcc, and uses gpgsm (GnuPG's S/MIME tool)
> to pick certificate by email address.

Yes, let me second that. I switched from openssl to gpgsm and I think
it's much more comfortable to use.

However, the epg backend can't yet decrypt S/MIME messages, but I think
it just needs a few lines to add this - see the attached patch. At the
moment it just silently decrypts the message; there should surely be
some hint that this message was actually decrypted, but first I'd like
to know if adding the decryption in mm-view.el is the right choice. I'm
still working on understanding where all the S/MIME decoding is
happening - it seems there is a lot of historical baggage.

-David


[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: mm-view-smime-decrypt.diff --]
[-- Type: text/x-patch, Size: 1482 bytes --]

diff --git a/lisp/mm-view.el b/lisp/mm-view.el
index 42e21ca..91fba5d 100644
--- a/lisp/mm-view.el
+++ b/lisp/mm-view.el
@@ -669,18 +669,24 @@
 (defun mm-view-pkcs7-decrypt (handle)
   (insert-buffer-substring (mm-handle-buffer handle))
   (goto-char (point-min))
-  (insert "MIME-Version: 1.0\n")
-  (mm-insert-headers "application/pkcs7-mime" "base64" "smime.p7m")
-  (smime-decrypt-region
-   (point-min) (point-max)
-   (if (= (length smime-keys) 1)
-       (cadar smime-keys)
-     (smime-get-key-by-email
-      (completing-read
-       (concat "Decipher using key"
-	       (if smime-keys (concat "(default " (caar smime-keys) "): ")
-		 ": "))
-       smime-keys nil nil nil nil (car-safe (car-safe smime-keys))))))
+  (if (eq mml-smime-use 'epg)
+      ;; Use EPG/gpgsm
+      (let ((part (base64-decode-string (buffer-string))))
+	(erase-buffer)
+	(insert (epg-decrypt-string (epg-make-context 'CMS) part)))
+    ;; Use openssl
+    (insert "MIME-Version: 1.0\n")
+    (mm-insert-headers "application/pkcs7-mime" "base64" "smime.p7m")
+    (smime-decrypt-region
+     (point-min) (point-max)
+     (if (= (length smime-keys) 1)
+	 (cadar smime-keys)
+       (smime-get-key-by-email
+	(completing-read
+	 (concat "Decipher using key"
+		 (if smime-keys (concat "(default " (caar smime-keys) "): ")
+		   ": "))
+	 smime-keys nil nil nil nil (car-safe (car-safe smime-keys)))))))
   (goto-char (point-min))
   (while (search-forward "\r\n" nil t)
     (replace-match "\n"))