From: "Arne Jørgensen" <arne@arnested.dk>
Subject: Re: x-pkcs7-mime verification?
Date: Wed, 06 Apr 2005 15:55:57 +0200 [thread overview]
Message-ID: <878y3wko0i.fsf@seamus.arnested.dk> (raw)
In-Reply-To: <87vf77bl2r.fsf@blackbird.zamazal.org>
Milan Zamazal <pdm@brailcom.org> writes:
>>>>>> "AJ" == Arne Jørgensen <arne@arnested.dk> writes:
>
> AJ> What is the difference/why isn't it decsrypting?
>
> It's a clear text message encoded in base64, not a message encrypted
> with the recipient's key.
>
> AJ> I can find the message in the source code but I never see the
> AJ> message myself. When I read a message that is both encrypted and
> AJ> signed I'm asked the same question as you (whether the message
> AJ> should be decrypted or not). On a positive answer I see the
> AJ> decrypted message and if I verify it (`W s') it succeeds too.
>
> And do the headers contain the application/x-pkcs7-mime MIME type?
Yes.
> The mail I have problems with is produced by Outlook and contains the
> following content-type headers in the main mail headers:
>
> Content-Type: application/x-pkcs7-mime; name="smime.p7m"
> Content-Transfer-Encoding: base64
> Content-Disposition: attachment; filename="smime.p7m"
>
> The mail body is base64 encoded and contains a signed message in the
> PKCS7 (I assume) format. The Gnus function handling it is:
I think I finally understand a bit about what this is about. I didn't
know that a message with a application/x-pkcs7-mime MIME type could
be just a signed (not encrypted) message until I read some of RFC
2311. Part of why I it was difficult for me to understand this is
because Gnus doesn't generate that kind of signed mails, but used
multipart/signed instead.
Milan Zamazal <pdm@brailcom.org> writes:
> The following patch against Emacs CVS makes Gnus verify pkcs7-mime
> signatures:
>
> --- mm-view.el.orig 2005-04-05 18:05:25.599196219 +0200
> +++ mm-view.el 2005-04-05 18:03:59.177559850 +0200
> @@ -538,18 +538,24 @@
>
> (defun mm-view-pkcs7-verify (handle)
> ;; A bogus implementation of PKCS#7. FIXME::
> - (mm-insert-part handle)
> - (goto-char (point-min))
> - (if (search-forward "Content-Type: " nil t)
> - (delete-region (point-min) (match-beginning 0)))
> - (goto-char (point-max))
> - (if (re-search-backward "--\r?\n?" nil t)
> - (delete-region (match-end 0) (point-max)))
> + (let ((verified nil))
> + (with-temp-buffer
> + (insert "MIME-Version: 1.0\n")
> + (mm-insert-headers "application/pkcs7-mime" "base64" "smime.p7m")
> + (insert-buffer-substring (mm-handle-buffer handle))
> + (setq verified (smime-verify-region (point-min) (point-max))))
> + (goto-char (point-min))
> + (mm-insert-part handle)
> + (if (search-forward "Content-Type: " nil t)
> + (delete-region (point-min) (match-beginning 0)))
> + (goto-char (point-max))
> + (if (re-search-backward "--\r?\n?" nil t)
> + (delete-region (match-end 0) (point-max)))
> + (unless verified
> + (insert-buffer-substring smime-details-buffer)))
> (goto-char (point-min))
> (while (search-forward "\r\n" nil t)
> (replace-match "\n"))
> - (message "Verify signed PKCS#7 message is unimplemented.")
> - (sit-for 1)
> t)
>
> (autoload 'gnus-completing-read-maybe-default "gnus-util" nil nil 'macro)
I have tested your patch with the messages in my test colection and
your patch doesn't break any of these.
So if it works with your messages (and I guess it does since you
posted it) I think it would be worth installing it in Gnus.
Kind regards,
--
Arne Jørgensen <http://arnested.dk/>
next prev parent reply other threads:[~2005-04-06 13:55 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-03-31 18:12 Milan Zamazal
2005-03-31 18:17 ` David S. Goldberg
2005-03-31 19:20 ` Milan Zamazal
2005-03-31 20:18 ` Arne Jørgensen
2005-03-31 20:46 ` Milan Zamazal
2005-04-06 13:55 ` Arne Jørgensen [this message]
2005-04-07 10:13 ` Milan Zamazal
2005-03-31 18:54 ` Arne Jørgensen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=878y3wko0i.fsf@seamus.arnested.dk \
--to=arne@arnested.dk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).