From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/60649 Path: news.gmane.org!not-for-mail From: Reiner Steib Newsgroups: gmane.emacs.gnus.general Subject: Fwd: [PATCH]: gnus: use correct GPG hash algorithm in 'micalg' field (was: Broken GPG signatures due to bad 'micalg' value) Date: Thu, 28 Jul 2005 17:02:17 +0200 Message-ID: NNTP-Posting-Host: main.gmane.org Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="===-=-=" X-Trace: sea.gmane.org 1122608301 30448 80.91.229.2 (29 Jul 2005 03:38:21 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Fri, 29 Jul 2005 03:38:21 +0000 (UTC) Original-X-From: ding-owner+M9177@lists.math.uh.edu Fri Jul 29 05:38:19 2005 Return-path: Original-Received: from malifon.math.uh.edu ([129.7.128.13]) by ciao.gmane.org with esmtp (Exim 4.43) id 1DyLh3-0004y7-4F for ding-account@gmane.org; Fri, 29 Jul 2005 05:37:53 +0200 Original-Received: from localhost ([127.0.0.1] helo=lists.math.uh.edu ident=lists) by malifon.math.uh.edu with smtp (Exim 3.20 #1) id 1DyLcH-0004OU-00; Thu, 28 Jul 2005 22:32:57 -0500 Original-Received: from util2.math.uh.edu ([129.7.128.23]) by malifon.math.uh.edu with esmtp (Exim 3.20 #1) id 1Dy9tw-0002ma-00 for ding@lists.math.uh.edu; Thu, 28 Jul 2005 10:02:24 -0500 Original-Received: from quimby.gnus.org ([80.91.224.244]) by util2.math.uh.edu with esmtp (Exim 4.30) id 1Dy9tu-0003V2-Tt for ding@lists.math.uh.edu; Thu, 28 Jul 2005 10:02:23 -0500 Original-Received: from mail.uni-ulm.de ([134.60.1.1]) by quimby.gnus.org with esmtp (Exim 3.35 #1 (Debian)) id 1Dy9tt-0007pG-00 for ; Thu, 28 Jul 2005 17:02:22 +0200 Original-Received: from bridgekeeper.physik.uni-ulm.de (bridgekeeper.physik.uni-ulm.de [134.60.10.123]) by mail.uni-ulm.de (8.13.3/8.13.3) with ESMTP id j6SF2IkY017918 for ; Thu, 28 Jul 2005 17:02:18 +0200 (MEST) Original-Received: by bridgekeeper.physik.uni-ulm.de (Postfix, from userid 170) id 0BD431091A; Thu, 28 Jul 2005 17:02:18 +0200 (CEST) Original-To: Ding List User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.0.50 (gnu/linux) X-DCC--Metrics: gemini 1074; Body=1 Fuz1=1 Fuz2=1 X-Spam-Score: -4.6 (----) Precedence: bulk Original-Sender: ding-owner@lists.math.uh.edu Xref: news.gmane.org gmane.emacs.gnus.general:60649 X-Report-Spam: http://spam.gmane.org/gmane.emacs.gnus.general:60649 --===-=-= Hi, could someone familiar with PGG/mml2015 take a look into this patch? Bye, Reiner. PS: It seem that the QP encoding of the attachment got broken when forwarding. Here's a link to the patch: http://cache.gmane.org/gmane/emacs/xemacs/beta/20059-001.bin --===-=-= Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 8bit From: Enrico Scholz Newsgroups: gmane.emacs.xemacs.beta Subject: [PATCH]: gnus: use correct GPG hash algorithm in 'micalg' field (was: Broken GPG signatures due to bad 'micalg' value) Date: Sun, 24 Jul 2005 17:48:54 +0200 Message-ID: <87ackctdax.fsf@kosh.bigo.ensc.de> References: <87r7dpbtev.fsf@kosh.bigo.ensc.de> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="==-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" In-Reply-To: <87r7dpbtev.fsf@kosh.bigo.ensc.de> (Enrico Scholz's message of "Sat, 23 Jul 2005 14:26:00 +0200") User-Agent: Gnus/5.1007 (Gnus v5.10.7) XEmacs/21.4.17 (Jumbo Shrimp, linux) Precedence: list List-Id: XEmacs Beta Testers List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Original-Sender: xemacs-beta-bounces@xemacs.org Errors-To: xemacs-beta-bounces@xemacs.org --==-=-= Content-Type: multipart/mixed; boundary="=-=-=" --=-=-= Content-Type: text/plain; charset=iso-8859-1 Enrico Scholz writes: > when creating 'PGP/MIME Sign' signatures with Gnus v5.10.7 (from the > xemacs-sumo-20050715 tarball) the Content-Type: will be always something > like > > | Content-Type: multipart/signed; boundary="=-=-="; > | micalg=pgp-sha1; protocol="application/pgp-signature" > ~~~~ The attached patch fixes this; currently, it relies on the special status-fd format of gnupg. I do not know if this is standardized across all pgp implementations (are there other ones in use with gnus?). The new method 'ensc/mml2015-pgg-signinfo' should be moved into pgg.el, but I do not have the overview about the gnus/pgg design to touch two packages. I am completely unexperienced in elisp also, so some of my changes can be done probably better in another way. Enrico --=-=-= Content-Type: text/x-patch; charset=iso-8859-1 Content-Disposition: attachment; filename=mml2015-sign.patch Content-Transfer-Encoding: quoted-printable Content-Description: sets correct 'micalg' field 2005-07-24 Enrico Scholz * mml2015-pgg-sign(): determine the actual hash-algorithm instead of using 'sha1' everytime. Else, signatures for non-sha1 hashes can not be verified with Thunderbird/Enigmail. Currently, this change was applied to mml2015-pgg-sign() only. The other mml2015-*-sign() functions should get it also, but I did not get them to run and could not test the change therefore. * ensc/mml2015-pgg-signinfo(): added; it uses the specially formated SIG_CREATED lines of gnupg to determine the used algorithms plus some other (currently unused) information. Perhaps, this function should be moved into 'pgg.el'. --- gnus/lisp/mml2015.el.orig 2005-07-24 17:30:50.000000000 +0200 +++ gnus/lisp/mml2015.el 2005-07-24 17:32:05.000000000 +0200 @@ -74,6 +74,24 @@ mml2015-pgg-clear-decrypt)) "Alist of PGP/MIME functions.") =20 +(defconst mml2015-gpg-pubkeyalgo-alist + '(( "1" . "rsa") + ( "2" . "rsa-e") + ( "3" . "rsa-s") + ("16" . "elg-e") + ("17" . "dsa") + ("18" . "ecliptic-curve") + ("19" . "ecdsa") + ("21" . "dh"))) + +(defconst mml2015-gpg-hashalgo-alist + '(( "1" . "md5") + ( "2" . "sha1") + ( "3" . "ripemd160") + ( "8" . "sha256") + ( "9" . "sha386") + ("10" . "sha512"))) + (defvar mml2015-result-buffer nil) =20 (defcustom mml2015-unabbrev-trust-alist @@ -558,6 +576,14 @@ (unless (> (point-max) (point-min)) (pop-to-buffer mml2015-result-buffer) (error "Sign error"))) + + (goto-char (point-min mml2015-result-buffer) mml2015-result-buffer) + (setq gpg-sign-hash-algostr + (or (if (re-search-forward "^\\[\\S-+:\\] SIG_CREATED \\(\\S-+\\) \\(= \\S-+\\) \\(\\S-+\\) \\(\\S-+\\) \\(\\S-+\\) \\(\\S-+\\)" + nil t 1 mml2015-result-buffer) + (assoc (match-string 3) 'mml2015-gpg-algo-alist)) + "sha1")) +=20=20=20=20=20=20 (goto-char (point-min)) (while (re-search-forward "\r+$" nil t) (replace-match "" t t)) @@ -565,8 +591,8 @@ (goto-char (point-min)) (insert (format "Content-Type: multipart/signed; boundary=3D\"%s\";\= n" boundary)) - ;;; FIXME: what is the micalg? - (insert "\tmicalg=3Dpgp-sha1; protocol=3D\"application/pgp-signature= \"\n") + (insert (format "\tmicalg=3Dpgp-%s; protocol=3D\"application/pgp-sig= nature\"\n" + gpg-sign-hash-algostr)) (insert (format "\n--%s\n" boundary)) (goto-char (point-max)) (insert (format "\n--%s\n" boundary)) @@ -803,6 +829,36 @@ (mm-set-handle-multipart-parameter mm-security-handle 'gnus-info "Failed")))) =20 +(defun ensc/match-buffer-string (num buf) + (buffer-substring (match-beginning num) + (match-end num) + buf)) + +(defun ensc/mml2015-pgg-signinfo () + "Returns a tuple consisting of [, , , , +, , ]. It expects that +the information in 'mml2015-result-buffer are using the encoding +described in the DETAILS file of the gnupg package." +=20=20 + (goto-char (point-min mml2015-result-buffer) mml2015-result-buffer) + (if (re-search-forward "^\\[\\S-+:\\] SIG_CREATED \\(\\S-+\\) \\(\\S-+\\= ) \\(\\S-+\\) \\(\\S-+\\) \\(\\S-+\\) \\(\\S-+\\)" + nil t 1 mml2015-result-buffer) + (list (or (cdr (assoc (ensc/match-buffer-string 2 mml2015-result-buf= fer) + mml2015-gpg-pubkeyalgo-alist)) + ("rsa")) + (or (cdr (assoc (ensc/match-buffer-string 3 mml2015-result-buffer) + mml2015-gpg-hashalgo-alist)) + ("sha1")) + (ensc/match-buffer-string 4 mml2015-result-buffer) ; class + (ensc/match-buffer-string 5 mml2015-result-buffer) ; timestamp + (ensc/match-buffer-string 6 mml2015-result-buffer) ; fingerprint + (ensc/match-buffer-string 2 mml2015-result-buffer) ; raw pubkey-algo + (ensc/match-buffer-string 3 mml2015-result-buffer) ; raw hash-algo + ) + (list "rsa" "sha1" "0" (current-time) nil "1" "2"))) + +=09=20=20=20=20 +=20=20=20=20=20=20 (defun mml2015-pgg-sign (cont) (let ((pgg-errors-buffer mml2015-result-buffer) (boundary (mml-compute-boundary cont)) @@ -814,8 +870,8 @@ (goto-char (point-min)) (insert (format "Content-Type: multipart/signed; boundary=3D\"%s\";\n" boundary)) - ;;; FIXME: what is the micalg? - (insert "\tmicalg=3Dpgp-sha1; protocol=3D\"application/pgp-signature\"= \n") + (insert (format "\tmicalg=3Dpgp-%s; protocol=3D\"application/pgp-signa= ture\"\n" + (nth 1 (ensc/mml2015-pgg-signinfo)))) (insert (format "\n--%s\n" boundary)) (goto-char (point-max)) (insert (format "\n--%s\n" boundary)) --=-=-=-- --==-=-= Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iQEVAwUAQuO4ZzyfXseeoEz2AQoJMggArcGx8nhA21/J5QSaiWKC7FzzB2DLSMiq D4FQD26NEW38CjcBBq9TqTHm8yCI5dOsTjoiMVfhooBMKTel4P0yAhiuqXthx1Im J7LCIyVtEGJcBeOioN4c/wu0yHUsDM+E4Xuso56M2PpBGOekWO65fmEPRLFULP6b mreYBrPqApD49Ow7x2qa65Jy1hhSA0tcXYaqW7IfNciUjVLmsV+e4JrJYXQfwD86 wI2A0/WoxQAD8VMH81MUggclmm41drddz3ceSA3PlRHcFL0vQ1/mCHXJ+o5BwuvW gA4a+S5wTg51RZ/tAfbeIQEkB7sxmjMDLLdCxA26zptt5YILMvNkuQ== =Et6W -----END PGP SIGNATURE----- --==-=-=-- --===-=-=--