From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.user/4849 Path: news.gmane.org!not-for-mail From: =?utf-8?Q?Arne_J=C3=B8rgensen?= Newsgroups: gmane.emacs.gnus.user Subject: Re: x-pkcs7-mime verification? Date: Wed, 06 Apr 2005 15:55:57 +0200 Organization: Arne Joergensen -- http://arnested.dk/ Message-ID: <878y3wko0i.fsf@seamus.arnested.dk> References: <87fyybk7lz.fsf@blackbird.zamazal.org> <87acojk4g3.fsf@blackbird.zamazal.org> <87acojefi3.fsf@seamus.arnested.dk> <87vf77bl2r.fsf@blackbird.zamazal.org> NNTP-Posting-Host: main.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Trace: sea.gmane.org 1138670724 25128 80.91.229.2 (31 Jan 2006 01:25:24 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Tue, 31 Jan 2006 01:25:24 +0000 (UTC) Original-X-From: nobody Tue Jan 17 17:34:24 2006 Original-Path: quimby.gnus.org!newsfeed1.e.nsc.no!uninett.no!news.net.uni-c.dk!not-for-mail Original-Newsgroups: gnu.emacs.gnus Original-NNTP-Posting-Host: horse05.daimi.au.dk Original-X-Trace: news.net.uni-c.dk 1112795255 13183 130.225.18.245 (6 Apr 2005 13:47:35 GMT) Original-X-Complaints-To: usenet@news.net.uni-c.dk Original-NNTP-Posting-Date: Wed, 6 Apr 2005 13:47:35 +0000 (UTC) X-Face: 5t,7/Y$&<1A_t.$vC2{pWZ{m@3_06;kcm]no{hgEL/}Uz(>XV6cl4}xO\v?-h3%>znNaZtq `~rf,GY1T%r=a.zH`hOb(-]'x)nI088Z&|e;V^h;/TShou User-Agent: Gnus/5.110003 (No Gnus v0.3) Emacs/22.0.50 (gnu/linux) Cancel-Lock: sha1:OoIcWkE0g/8EdT1G0mcgCU1YaZw= Original-Xref: bridgekeeper.physik.uni-ulm.de gnus-emacs-gnus:4990 Original-Lines: 87 X-Gnus-Article-Number: 4990 Tue Jan 17 17:34:24 2006 Xref: news.gmane.org gmane.emacs.gnus.user:4849 Archived-At: Milan Zamazal writes: >>>>>> "AJ" == Arne Jørgensen writes: > > AJ> What is the difference/why isn't it decsrypting? > > It's a clear text message encoded in base64, not a message encrypted > with the recipient's key. > > AJ> I can find the message in the source code but I never see the > AJ> message myself. When I read a message that is both encrypted and > AJ> signed I'm asked the same question as you (whether the message > AJ> should be decrypted or not). On a positive answer I see the > AJ> decrypted message and if I verify it (`W s') it succeeds too. > > And do the headers contain the application/x-pkcs7-mime MIME type? Yes. > The mail I have problems with is produced by Outlook and contains the > following content-type headers in the main mail headers: > > Content-Type: application/x-pkcs7-mime; name="smime.p7m" > Content-Transfer-Encoding: base64 > Content-Disposition: attachment; filename="smime.p7m" > > The mail body is base64 encoded and contains a signed message in the > PKCS7 (I assume) format. The Gnus function handling it is: I think I finally understand a bit about what this is about. I didn't know that a message with a application/x-pkcs7-mime MIME type could be just a signed (not encrypted) message until I read some of RFC 2311. Part of why I it was difficult for me to understand this is because Gnus doesn't generate that kind of signed mails, but used multipart/signed instead. Milan Zamazal writes: > The following patch against Emacs CVS makes Gnus verify pkcs7-mime > signatures: > > --- mm-view.el.orig 2005-04-05 18:05:25.599196219 +0200 > +++ mm-view.el 2005-04-05 18:03:59.177559850 +0200 > @@ -538,18 +538,24 @@ > > (defun mm-view-pkcs7-verify (handle) > ;; A bogus implementation of PKCS#7. FIXME:: > - (mm-insert-part handle) > - (goto-char (point-min)) > - (if (search-forward "Content-Type: " nil t) > - (delete-region (point-min) (match-beginning 0))) > - (goto-char (point-max)) > - (if (re-search-backward "--\r?\n?" nil t) > - (delete-region (match-end 0) (point-max))) > + (let ((verified nil)) > + (with-temp-buffer > + (insert "MIME-Version: 1.0\n") > + (mm-insert-headers "application/pkcs7-mime" "base64" "smime.p7m") > + (insert-buffer-substring (mm-handle-buffer handle)) > + (setq verified (smime-verify-region (point-min) (point-max)))) > + (goto-char (point-min)) > + (mm-insert-part handle) > + (if (search-forward "Content-Type: " nil t) > + (delete-region (point-min) (match-beginning 0))) > + (goto-char (point-max)) > + (if (re-search-backward "--\r?\n?" nil t) > + (delete-region (match-end 0) (point-max))) > + (unless verified > + (insert-buffer-substring smime-details-buffer))) > (goto-char (point-min)) > (while (search-forward "\r\n" nil t) > (replace-match "\n")) > - (message "Verify signed PKCS#7 message is unimplemented.") > - (sit-for 1) > t) > > (autoload 'gnus-completing-read-maybe-default "gnus-util" nil nil 'macro) I have tested your patch with the messages in my test colection and your patch doesn't break any of these. So if it works with your messages (and I guess it does since you posted it) I think it would be worth installing it in Gnus. Kind regards, -- Arne Jørgensen