From: Simon Josefsson <jas@extundo.com>
Subject: Re: Automatic retrieval of certificates (S/MIME)
Date: Thu, 27 Jan 2005 19:33:02 +0100 [thread overview]
Message-ID: <ilu3bwm90yp.fsf@latte.josefsson.org> (raw)
In-Reply-To: <85vf9jw2e2.fsf@news.individual.de>
Stefan Kamphausen <skampi@gmx.de> writes:
> Hi,
>
> today I've been playing around with the S/MIME stuff in Gnus. While
> it all works as expected there is one glitch that I can't fix anyhow.
>
> When I send a message to a friend using his certificate to encrypt and
> mine to sign the message I have to explicitly state which certificate
> to use for signing (at least this is filled with a reasonable default
> from smime-keys) and which for encryption (this is just a
> read-file-name on the smime-certificate-directory. It would be very
> nice if those were picked according to the recipients email adress
> taken from the "To:"-header and the "From:" adress respectively.
Yes, although I'm not sure how to implement that. Mapping e-mail
addresses to S/MIME certificates is not well standardized under Unix.
There is no per-user S/MIME directory on the local machine to use.
If you want to think about how this would work, and perhaps implement
it, that would be very useful.
> Furthermore the sending of the message keeps asking me for another
> round of signature and encryption certificate. This time it's for the
> saving of the message in the Gcc-Header (at least I think I found that
> by doing some experiments, giving the false encryption argument leads
> to my not being able to decrypt the message when viewing my
> sent-box). The most confusing part in this is that I can't see from
> the prompts or the message display for which recipient I have to give
> the encryption key.
Your analysis is correct. There is a variable that you can set so the
GCC'd copy contain the raw MML tags instead of the encoded version.
The reason for encoding things twice is that encoding a message for
mail/news is in theory different from encoding it for GCC. The same
formatting logic cannot always be used. So that's why Gnus encode the
message twice. It is arguable a bug. On the other hand, a better
solution might be to make S/MIME sign/encrypt so smooth that you
wouldn't care that it is encoded twice.
If you want what is sent through mail, you can use 'Bcc' instead of
'Gcc'.
> Am I missing something here? I've dived into mml-sec.el and
> mml-smime.el and I think that the insertion of the mml statement
> _might_ already contain the certificates but maybe I just didn't
> understand it.
You can specify the key/cert in the MML tags, if that is what you
meant. See 'MML Definition' in the Emacs MIME manual. You can say,
e.g.:
<#part sign=smime keyfile="~/cacert.user.key">
Hm. I now realize that part of what you are wishing for is already
implemented for the S/MIME partial signing. When I pressed "Secure
MIME Part" -> "S/MIME Sign Part" it automatically added the 'keyfile'
parameter, because my smime-keys variable says:
'(smime-keys (quote (("simon@josefsson.org" "~/certs/jas.key+cert" nil) ("jas@extundo.com" "~/cacert.user.key" ("~/cacert.crt")) ("sj@extundo.com" "~/certs/sj.key+cert" nil))))
Can you try if
<#!secure method=smime mode=sign keyfile="foo">
works? If so, perhaps you can locate the code that add the keyfile
parameter to the MIME part tags, and add it to the full-message MML
tag code.
next prev parent reply other threads:[~2005-01-27 18:33 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-01-27 11:13 Stefan Kamphausen
2005-01-27 18:33 ` Simon Josefsson [this message]
2005-01-27 19:31 ` David S. Goldberg
2005-02-05 11:25 ` Simon Josefsson
2005-02-07 15:46 ` David S. Goldberg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ilu3bwm90yp.fsf@latte.josefsson.org \
--to=jas@extundo.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).