Automatically sign/encrypt messages

Automatically sign/encrypt messages

[Klaus Uhl]

[-- Attachment #1: Type: text/plain, Size: 1522 bytes --]

Hi,

I am not sure if this of interest for anybody here on this list nor if
it was already discussed before. But as I did not find any information
via a google search I post this here anyway.

First I wanted gnus to automatically sign all sent messages. This was
rather easy as a simple

(add-hook gnus-message-setup-hook 'mml-secure-message-sign-pgpmime)

did the job.

But then I wanted to go one step further and not only sign but also
encrypt all messages, at least if this is possible (i.e. if the
recipient also uses PGP).

The first attempt was the following:

(add-hook gnus-message-setup-hook 'mml-secure-message-encrypt-pgpmime)

But this _always_ tries to encrypt the message, even if the recipient
has no PGP key. So I wrote the following hook:

(add-hook
 'message-send-hook
 (lambda ()
   (let ((recipient (message-fetch-field "To")))
     (cond ((and (not (null recipient))
		 (or (pgg-lookup-key recipient)
		     (pgg-fetch-key pgg-default-keyserver-address recipient)))
	    (mml-secure-message-encrypt-pgpmime))
	   (t
	    (mml-secure-message-sign-pgpmime))))))

This works perfectly for me. Gnus encrypts the message if gpg already
has the recipient's key in its keyring or if it can get the key from a
keyserver. Otherwise the message is only signed.

Maybe this helps someone.

-- 

                 God is real ...
\|/ ____ \|/     ... unless declared integer.
"@'/ ,. \`@"     
\_| \__/ |_/     Mail me : news@u-h-l.de
   \__U_/        WWW     : www.u-h-l.de
                 PGP     : 0x128F9DEC

[-- Attachment #2: Type: application/pgp-signature, Size: 188 bytes --]

Re: Automatically sign/encrypt messages

[Ted Zlatanov]

On Thu, 29 Jan 2004, news@u-h-l.de wrote:

> But then I wanted to go one step further and not only sign but also
> encrypt all messages, at least if this is possible (i.e. if the
> recipient also uses PGP).

[...]

(add-hook
 'message-send-hook
 (lambda ()
   (let ((recipient (message-fetch-field "To")))
     (cond ((and (not (null recipient))
		 (or (pgg-lookup-key recipient)
		     (pgg-fetch-key pgg-default-keyserver-address recipient)))
	    (mml-secure-message-encrypt-pgpmime))
	   (t
	    (mml-secure-message-sign-pgpmime))))))

> This works perfectly for me. Gnus encrypts the message if gpg
> already has the recipient's key in its keyring or if it can get the
> key from a keyserver. Otherwise the message is only signed.

This looks useful enough to be in the main Gnus code, if it's not
already.  Maybe as mml-secure-message-encrypt-or-sign-pgpmime?

Ted

Re: Automatically sign/encrypt messages

[Ted Zlatanov]

On Sat, 31 Jan 2004, news@u-h-l.de wrote:

> Ted Zlatanov <tzz@lifelogs.com> writes:
> 
>> This looks useful enough to be in the main Gnus code, if it's not
>> already.  Maybe as mml-secure-message-encrypt-or-sign-pgpmime?
> 
> I just grep'ed through the gnus code (version 5.10.6) for
> mml-secure-message and only found mml-secure-message-sign-pgpmime,
> mml-secure-message-sign-pgp, mml-secure-message-sign-smime,
> mml-secure-message-sign-pgpauto, mml-secure-message-encrypt-pgpmime,
> mml-secure-message-encrypt-pgp, mml-secure-message-encrypt-smime and
> mml-secure-message-encrypt-pgpauto. So it seems to me that it's
> either not there or it is named differently (which would probably be
> misleading).

I think we agree, then.  Can you produce a patch against the Gnus CVS
for your function or do you want me to do it?

Thanks
Ted

Re: Automatically sign/encrypt messages

[Eric Simon]

[-- Attachment #1: Type: text/plain, Size: 1591 bytes --]

Klaus Uhl <news@u-h-l.de> writes:

> (add-hook
>  'message-send-hook
>  (lambda ()
>    (let ((recipient (message-fetch-field "To")))
>      (cond ((and (not (null recipient))
> 		 (or (pgg-lookup-key recipient)
> 		     (pgg-fetch-key pgg-default-keyserver-address recipient)))
> 	    (mml-secure-message-encrypt-pgpmime))
> 	   (t
> 	    (mml-secure-message-sign-pgpmime))))))

Nice indeed. Been using it today. Then I noticed sometimes it's not able
to find the key in my ring or on the server because (message-fetch-field
"To") returns the whole header. There is a function to parse a string
and get a pair email/name: mail-header-parse-address, so I thought
getting only the actual address would be better.

So below is a slightly modified version that's been working nice for me
for the past... 2 hours or so? Oh, not exactly, one friend had a public
key published but didn't use encryption anymore and didn't have the
secret counterpart, so he complained I was using cryptography with
him...

Anyway:

(add-hook 
 'message-send-hook
 (lambda ()
   (let* ((recipient (message-fetch-field "To"))
	  (recid (if (not (null recipient)) 
		     (car (mail-header-parse-address recipient)))))
     (cond ((and (not (null recipient))
		 (or 
		  (pgg-lookup-key recid)
		  (pgg-fetch-key pgg-default-keyserver-address recid))
		 )
	    (mml-secure-message-encrypt-pgpmime))
	   (t
	    (mml-secure-message-sign-pgpmime))))))


The first (if (not (null recipient)) is to avoid trying to take the car
of something bad, dunno if needed really, quite ugly, but safer in my
opinion.

Cheers

Eric

[-- Attachment #2: Type: application/pgp-signature, Size: 188 bytes --]

Re: Automatically sign/encrypt messages

[Klaus Uhl]

[-- Attachment #1: Type: text/plain, Size: 1732 bytes --]

Eric Simon <erik.simon@unine.ch> writes:

> Nice indeed. Been using it today. Then I noticed sometimes it's not able
> to find the key in my ring or on the server because (message-fetch-field
> "To") returns the whole header. There is a function to parse a string
> and get a pair email/name: mail-header-parse-address, so I thought
> getting only the actual address would be better.
>
> So below is a slightly modified version that's been working nice for me
> for the past... 2 hours or so? Oh, not exactly, one friend had a public
> key published but didn't use encryption anymore and didn't have the
> secret counterpart, so he complained I was using cryptography with
> him...
>
>    (let* ((recipient (message-fetch-field "To"))
> 	  (recid (if (not (null recipient)) 
> 		     (car (mail-header-parse-address recipient)))))

You should probably set recid to nil if recipient is nil and use recid
instead of recipient in the cond below.

>      (cond ((and (not (null recipient))

I rewrote the hook this way and changed the variable names to name
what they actually hold:

(add-hook
 'message-send-hook
 (lambda ()
   (let* ((to-header (message-fetch-field "To"))
	  (recipient (if (null to-header)
			 nil
		       (car (mail-header-parse-address to-header)))))
     (cond ((and (not (null recipient))
		 (or (pgg-lookup-key recipient)
		     (pgg-fetch-key pgg-default-keyserver-address recipient)))
	    (mml-secure-message-encrypt-pgpmime))
	   (t
	    (mml-secure-message-sign-pgpmime))))))

Klaus

-- 

                 God is real ...
\|/ ____ \|/     ... unless declared integer.
"@'/ ,. \`@"     
\_| \__/ |_/     Mail me : news@u-h-l.de
   \__U_/        WWW     : www.u-h-l.de
                 PGP     : 0x128F9DEC

[-- Attachment #2: Type: application/pgp-signature, Size: 188 bytes --]

Re: Automatically sign/encrypt messages

[Eric Simon]

[-- Attachment #1: Type: text/plain, Size: 2945 bytes --]

Hallo Klaus,

Klaus Uhl <news@u-h-l.de> writes:

> The problem is that Gnus separately encrypts a mail for _all_
> recipients and if you have a recipient without a PGP key you will get
> an error message.

Indeed.

> I tried to fix this problem with the following code:
>
> (defun extract-addresses (header-string)
>   (when (not (null header-string))
>     (mapcar #'car (mail-header-parse-addresses header-string))))
> (add-hook
>  'message-send-hook
>  (lambda ()
>    (let* ((to-header (message-fetch-field "To"))
> 	  (cc-header (message-fetch-field "Cc"))
> 	  (bcc-header (message-fetch-field "Bcc"))
> 	  (to (when (not (null to-header)) (substring to-header 3)))
> 	  (cc (when (not (null cc-header)) (substring cc-header 3)))
> 	  (bcc (when (not (null bcc-header)) (substring bcc-header 4)))
> 	  (recipients
> 	   (append (extract-addresses to)
> 		   (extract-addresses cc)
> 		   (extract-addresses bcc))))
>      (cond ((every (lambda (rec)
> 		     (or
> 		      (pgg-lookup-key rec)
> 		      (pgg-fetch-key pgg-default-keyserver-address rec)))
> 		   recipients)
> 	    (mml-secure-message-encrypt-pgpmime))
> 	   (t
> 	    (mml-secure-message-sign-pgpmime))))))
>
> You can see that I read all three headers, strip off the header
> "prefix", extract all addresses and concatenate them to a single
> list. Then I test if _all_ recipients have a PGP key.
>
> The only problem is: it does not work! It always tries to encrypt the
> messages. Does anyone have an idea/suggestion?

It *does* work for email messages, at least for things like a To: with
key and a Cc: without, three To's: with keys, etc etc. Needs testing in
real life for a bit, I'll report any scenario that doesn't work.

Only problem is that it doesn't check for empty recipient anymore, so
when you post in a newgroup, somehow the condition is true: (every
lambda ... recipients) must return true for empty recipient list or
something, need to investigate this.

Anyway, a quick hack that works for me (proof is this message):

(add-hook
 'message-send-hook
 (lambda ()
   (let* ((to-header (message-fetch-field "To"))
	  (cc-header (message-fetch-field "Cc"))
	  (bcc-header (message-fetch-field "Bcc"))
	  (to (when (not (null to-header)) (substring to-header 3)))
	  (cc (when (not (null cc-header)) (substring cc-header 3)))
	  (bcc (when (not (null bcc-header)) (substring bcc-header 4)))
	  (recipients
	   (append (extract-addresses to)
		   (extract-addresses cc)
		   (extract-addresses bcc))))
     (cond ((and (not (null recipients))
		(every (lambda (rec)
		     (or
		      (pgg-lookup-key rec)
		      (pgg-fetch-key pgg-default-keyserver-address rec)))
		   recipients))
	    (mml-secure-message-encrypt-pgpmime))
	   (t
	    (mml-secure-message-sign-pgpmime))))))

I'm sure you can enhance this again :-)

Now thank you for the work in any case and whatever form this code is
going to take, it's going to be very useful to me.

Take care

Eric

[-- Attachment #2: Type: application/pgp-signature, Size: 188 bytes --]

Re: Automatically sign/encrypt messages

[Peter Münster]

On Mon, Feb 02 2004, Ted Zlatanov wrote:

> On Sat, 31 Jan 2004, news@u-h-l.de wrote:
>
>> Ted Zlatanov <tzz@lifelogs.com> writes:
>> 
>>> This looks useful enough to be in the main Gnus code, if it's not
>>> already.  Maybe as mml-secure-message-encrypt-or-sign-pgpmime?
>> 
>> I just grep'ed through the gnus code (version 5.10.6) for
>> mml-secure-message and only found mml-secure-message-sign-pgpmime,
>> mml-secure-message-sign-pgp, mml-secure-message-sign-smime,
>> mml-secure-message-sign-pgpauto, mml-secure-message-encrypt-pgpmime,
>> mml-secure-message-encrypt-pgp, mml-secure-message-encrypt-smime and
>> mml-secure-message-encrypt-pgpauto. So it seems to me that it's
>> either not there or it is named differently (which would probably be
>> misleading).
>
> I think we agree, then.  Can you produce a patch against the Gnus CVS
> for your function or do you want me to do it?

Hi,

Is there such a function in latest git-gnus?

TIA for any hints,
-- 
           Peter