2005-07-24 Enrico Scholz * mml2015-pgg-sign(): determine the actual hash-algorithm instead of using 'sha1' everytime. Else, signatures for non-sha1 hashes can not be verified with Thunderbird/Enigmail. Currently, this change was applied to mml2015-pgg-sign() only. The other mml2015-*-sign() functions should get it also, but I did not get them to run and could not test the change therefore. * ensc/mml2015-pgg-signinfo(): added; it uses the specially formated SIG_CREATED lines of gnupg to determine the used algorithms plus some other (currently unused) information. Perhaps, this function should be moved into 'pgg.el'. --- gnus/lisp/mml2015.el.orig 2005-07-24 17:30:50.000000000 +0200 +++ gnus/lisp/mml2015.el 2005-07-24 17:32:05.000000000 +0200 @@ -74,6 +74,24 @@ mml2015-pgg-clear-decrypt)) "Alist of PGP/MIME functions.") +(defconst mml2015-gpg-pubkeyalgo-alist + '(( "1" . "rsa") + ( "2" . "rsa-e") + ( "3" . "rsa-s") + ("16" . "elg-e") + ("17" . "dsa") + ("18" . "ecliptic-curve") + ("19" . "ecdsa") + ("21" . "dh"))) + +(defconst mml2015-gpg-hashalgo-alist + '(( "1" . "md5") + ( "2" . "sha1") + ( "3" . "ripemd160") + ( "8" . "sha256") + ( "9" . "sha386") + ("10" . "sha512"))) + (defvar mml2015-result-buffer nil) (defcustom mml2015-unabbrev-trust-alist @@ -558,6 +576,14 @@ (unless (> (point-max) (point-min)) (pop-to-buffer mml2015-result-buffer) (error "Sign error"))) + + (goto-char (point-min mml2015-result-buffer) mml2015-result-buffer) + (setq gpg-sign-hash-algostr + (or (if (re-search-forward "^\\[\\S-+:\\] SIG_CREATED \\(\\S-+\\) \\(\\S-+\\) \\(\\S-+\\) \\(\\S-+\\) \\(\\S-+\\) \\(\\S-+\\)" + nil t 1 mml2015-result-buffer) + (assoc (match-string 3) 'mml2015-gpg-algo-alist)) + "sha1")) + (goto-char (point-min)) (while (re-search-forward "\r+$" nil t) (replace-match "" t t)) @@ -565,8 +591,8 @@ (goto-char (point-min)) (insert (format "Content-Type: multipart/signed; boundary=\"%s\";\n" boundary)) - ;;; FIXME: what is the micalg? - (insert "\tmicalg=pgp-sha1; protocol=\"application/pgp-signature\"\n") + (insert (format "\tmicalg=pgp-%s; protocol=\"application/pgp-signature\"\n" + gpg-sign-hash-algostr)) (insert (format "\n--%s\n" boundary)) (goto-char (point-max)) (insert (format "\n--%s\n" boundary)) @@ -803,6 +829,36 @@ (mm-set-handle-multipart-parameter mm-security-handle 'gnus-info "Failed")))) +(defun ensc/match-buffer-string (num buf) + (buffer-substring (match-beginning num) + (match-end num) + buf)) + +(defun ensc/mml2015-pgg-signinfo () + "Returns a tuple consisting of [, , , , +, , ]. It expects that +the information in 'mml2015-result-buffer are using the encoding +described in the DETAILS file of the gnupg package." + + (goto-char (point-min mml2015-result-buffer) mml2015-result-buffer) + (if (re-search-forward "^\\[\\S-+:\\] SIG_CREATED \\(\\S-+\\) \\(\\S-+\\) \\(\\S-+\\) \\(\\S-+\\) \\(\\S-+\\) \\(\\S-+\\)" + nil t 1 mml2015-result-buffer) + (list (or (cdr (assoc (ensc/match-buffer-string 2 mml2015-result-buffer) + mml2015-gpg-pubkeyalgo-alist)) + ("rsa")) + (or (cdr (assoc (ensc/match-buffer-string 3 mml2015-result-buffer) + mml2015-gpg-hashalgo-alist)) + ("sha1")) + (ensc/match-buffer-string 4 mml2015-result-buffer) ; class + (ensc/match-buffer-string 5 mml2015-result-buffer) ; timestamp + (ensc/match-buffer-string 6 mml2015-result-buffer) ; fingerprint + (ensc/match-buffer-string 2 mml2015-result-buffer) ; raw pubkey-algo + (ensc/match-buffer-string 3 mml2015-result-buffer) ; raw hash-algo + ) + (list "rsa" "sha1" "0" (current-time) nil "1" "2"))) + + + (defun mml2015-pgg-sign (cont) (let ((pgg-errors-buffer mml2015-result-buffer) (boundary (mml-compute-boundary cont)) @@ -814,8 +870,8 @@ (goto-char (point-min)) (insert (format "Content-Type: multipart/signed; boundary=\"%s\";\n" boundary)) - ;;; FIXME: what is the micalg? - (insert "\tmicalg=pgp-sha1; protocol=\"application/pgp-signature\"\n") + (insert (format "\tmicalg=pgp-%s; protocol=\"application/pgp-signature\"\n" + (nth 1 (ensc/mml2015-pgg-signinfo)))) (insert (format "\n--%s\n" boundary)) (goto-char (point-max)) (insert (format "\n--%s\n" boundary))