Re: MML, message-send-hook and automatically GnuPG-signing messages.

Re: MML, message-send-hook and automatically GnuPG-signing messages.

[Florian Weimer]

Jonas Steverud <d4jonas@dtek.chalmers.se> writes:

> I use mc-bbdb.el to automatically encrypt to some people (using
> Mailcrypt and depening on what a special field in the BBDB is saying)
> and this adds mc-bbdb-auto-encrypt-send to message-send-hook. I also
> had until just recently

> What is the best way of solving this?
> 
> 1. Force evaluate MML before my encryption (either by hand or by
>    adding something to message-send-hook). Kludge?
> 
> 2. Add the sign/encrypt parts *after* the MML evaluation, but how is
>    this done? I think this is preferred since encryption and signing
>    should go after all other mail processing is finished and right
>    before the mail actually goes away.

3.  Use `mml-generate-multipart-alist'. Example (untested with current
    Gnus version):

(setq mml-generate-multipart-alist
  '(("signed" . rfc2015-generate-signed-multipart)
    ("encrypted" . rfc2015-generate-encrypted-multipart)))

(defun rfc2015-generate-enclosed-parts-and-funcall (cont func)
  "Generate the the parts in a temporary buffer and call FUNC.
Returns the result of FUNC."
  ;; Descend one level.
  (setq cont (cddr cont))
  (if (> (length cont) 1)
      ;; multipart/signed may not to contain more than one part.
      ;; Add an intermediate multipart/mixed if necessary.
      (setq cont (append '(multipart (type . "mixed")) cont))
    ;; Descend to the contained part.
    (setq cont (car cont)))
  ;; Generate contained parts and signature.  Do not include the
  ;; enclosing MIME boundaries in the signature.
  (with-temp-buffer
    ;; Generate subparts.
    (mml-generate-mime-1 cont)
    ;; Make sure that last line ends with <LF>.
    (goto-char (point-max))
    (unless (bolp)
      (insert "\n"))
    (funcall func)))

(defun rfc2015-generate-signed-multipart (cont)
  (let* ((mml-boundary (mml-compute-boundary cont))
         ;; Make sure that the enclosed parts are encoded in the safest way.
         (quoted-printable-encode-from t)
         (mm-encode-no-7/8bit t)
         (parts-and-signature
          (rfc2015-generate-enclosed-parts-and-funcall
           cont
           (lambda ()
             (cons 
              (buffer-string)
              (rfc2015-gpg-sign (current-buffer))))))
         (parts (car parts-and-signature))
         (signature (cdr parts-and-signature)))
    (insert (format "Content-Type: multipart/signed; boundary=\"%s\";\n"
                    mml-boundary)
            "\tmicalg=pgp-md5; protocol=\"application/pgp-signature\"\n"
            "\n"
            "\n--" mml-boundary "\n")
    ;; Insert generated parts and signature.
    (insert parts)
    (insert "\n--" mml-boundary "\n"
            "Content-Type: application/pgp-signature\n"
            "\n"
            signature
            "\n--" mml-boundary "--\n")))

(defun rfc2015-generate-encrypted-multipart (cont)
  (let* ((mml-boundary (mml-compute-boundary cont))
         (encrypted-parts
          (rfc2015-generate-enclosed-parts-and-funcall
           cont
           (lambda ()
             (rfc2015-gpg-encrypt)
             (buffer-string)))))
    (insert (format "Content-Type: multipart/encrypted; boundary=\"%s\";\n"
                    mml-boundary)
            "\tprotocol=\"application/pgp-encrypted\"\n"
            "\n"
            "\n--" mml-boundary "\n"
            "Content-Type: application/pgp-encrypted\n"
            "\n"
            "Version: 1\n")
    (insert "\n--" mml-boundary "\n"
            "Content-Type: application/octet-stream\n"
            "\n"
            encrypted-parts
            "\n--" mml-boundary "\n")))

Re: MML, message-send-hook and automatically GnuPG-signing messages.

[Kai Großjohann]

Jonas Steverud <d4jonas@dtek.chalmers.se> writes:

> An example would be nice.

But Florian gave an example?  I thought it was clear what it was
supposed to do?

Maybe the variable is new in CVS?

kai
-- 
A large number of young women don't trust men with beards.  (BFBS Radio)

Re: MML, message-send-hook and automatically GnuPG-signing messages.

[Florian Weimer]

Jonas Steverud <d4jonas@dtek.chalmers.se> writes:

> Since I do not use MML myself (I trust Gnus on this) I really don't
> see how I am supposed to use them. My manuals contained nothing about
> mml-generate-multipart-alist. Gnus 5.8.3.
> 
> An example would be nice.

Do you need an example for `mml-generate-multipart-alist'?  This was
contained in my previous message.

The following MML code illustrates how to create such parts when
composing a message:

<#multipart type=signed>
This is a signed multipart.
<#part type="text/plain" filename="~/file2"
  disposition=attachment description="signed attachment">
<#/part>
<#multipart type=encrypted>
This is an encrypted multipart.
<#part type="text/plain" filename="~/file3"
  disposition=attachment description="encrypted attachment">
<#/part>
<#multipart type=signed>
This is a signed part in an encrypted part.
<#/multipart>
<#/multipart>
<#/multipart>

Re: MML, message-send-hook and automatically GnuPG-signing messages.

[Florian Weimer]

Jonas Steverud <d4jonas@dtek.chalmers.se> writes:

> > <#multipart type=signed>
> [...]
> 
> How can I ensure that this will be expanded _last_? Signing and
> encrypting demands that it is done last.

Look at the code.  It compiles the contained MML directives and, as a
result, gets the raw representation of the contained parts.  After that,
you can calculate signatures, encrypt it, in short: do whatever you want.

I don't think an additional hook is required, in fact, I would be
surprised. ;)

You only need additional data structures for decrypting and verifying
signatures.

But the whole discussion is unnecessary at the moment.  There is no
safe way to invoke PGP or GnuPG from Emacs on most systems (at least
on all I tested except Solaris), so it's probably not very wise to use
Mailcrypt and similar packages on a multi-user machine.

Re: MML, message-send-hook and automatically GnuPG-signing messages.

[Florian Weimer]

Jonas Steverud <d4jonas@dtek.chalmers.se> writes:

> If I understand it correctly this would work:
> In message-send-hook having a function adding
> <#encrypted>/<#/encrypted> (or whatever) around the entire text and
> then having a buffer that looks like:
> 
> ----------8<--------
> -----texts follows...----
> <#encrypted>
> Some text...
> <#attachment ...>
> ...more text.
> -- 
> .sig
> <#/encrypted>
> ----------8<--------

Yes, that's the idea.  You probably want to add extra information to the
`<#encrypted>' tag, for example the recpients' key ID.

> I will dig into it later when I have a Gnus that works with
> mml-blah-alist.

Glad you found it.  I guess the variable is only defined if `mml' has
been loaded, which happens automatically when you compose a message
(and not upon Gnus startup).

> > I don't think an additional hook is required, in fact, I would be
> > surprised. ;)
> 
> See other mail, I found message-send-*-hook. I blame the manual.

`message-send-*-hook' won't work, that's too late.  You have to bind
`mm-use-ultra-safe-encoding' to `t' while encoding the parts over which
the signature is to be calculated (this prohibits 8-bit data and other
nasty things, as mandated by RFC 2015).

> > You only need additional data structures for decrypting and verifying
> > signatures.
> 
> You forgot the `"' around the word "only"... ;-)

Well, I should have put it before `for'. ;)

> I spoke with the people in se.dator.sys.unix (swedish *nix group) and
> the conclusion was that although it was not 100% safe one could fairly
> sure that it was safe enough to use on Linux/Solaris. 

Linux and Solaris are completely different in this regard. Solaris
(at least the version I tested) is safe, while Linux isn't.

> There where possibilities to intercept my passphrase but the work
> and luck that was needed was too great. You needed to be root to
> begin with (which is a bit hard on a well administred system).

In fact, this is not necessary, and that's the problem. :(

Re: MML, message-send-hook and automatically GnuPG-signing messages.

[Florian Weimer]

Jonas Steverud <d4jonas@dtek.chalmers.se> writes:

> > Yes, that's the idea.  You probably want to add extra information to the
> > `<#encrypted>' tag, for example the recpients' key ID.
> 
> Could you please explain what you ment with that? I have spend almost
> half the day hacking on this so if you have some idea on how to make
> my life more easy I am most happy to listen. 

By private mail, I'll send you all my code and some discussion which
has taken place on this list over a year ago.

> The probelm with the code
> you presented was that mc/gnupg did not find any information regarding
> whom to send to. 

Well, it was a crude hack to see which interfaces are necessary.

> I have made a hack for that (an additional argument to
> rfc2015-generate-enclosed-parts-and-funcall) but you maybe have come
> accross a better solution.

No, that's the correct solution, I think.  Perhaps you should pass the
intitial value of the `cont' parameter, IIRC it contains all the
necessary information.

> (A "feature" I see now:
> To: a@b.c, e@b.c, q@p.c
>  #multipart type=encrypted recpients="a@b.c">
>  Secret text to a.
>  #/multipart>

Yes, that's the idea.  Ideally, the user wouldn't write MML on his own,
but invoke a command which displays a suitable subset of the public key
ring, lets the user mark the keys he wants to use, and Emacs generates
the appropriate MML directives.

> > > There where possibilities to intercept my passphrase but the work
> > > and luck that was needed was too great. You needed to be root to
> > > begin with (which is a bit hard on a well administred system).
> > 
> > In fact, this is not necessary, and that's the problem. :(
> 
> Can you develop that? Let us presume a system where we can trust the
> sysadmin to be competent.

I'm sorry, the fix isn't ready yet, so I won't elaborate it in public.