From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.user/4388 Path: news.gmane.org!not-for-mail From: Simon Josefsson Newsgroups: gmane.emacs.gnus.user Subject: Re: Automatic retrieval of certificates (S/MIME) Date: Thu, 27 Jan 2005 19:33:02 +0100 Message-ID: References: <85vf9jw2e2.fsf@news.individual.de> NNTP-Posting-Host: main.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: sea.gmane.org 1138670320 23036 80.91.229.2 (31 Jan 2006 01:18:40 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Tue, 31 Jan 2006 01:18:40 +0000 (UTC) Original-X-From: nobody Tue Jan 17 17:33:41 2006 Original-Path: quimby.gnus.org!not-for-mail Original-Newsgroups: gnu.emacs.gnus Original-NNTP-Posting-Host: my.nada.kth.se Original-X-Trace: quimby.gnus.org 1106850797 14002 130.237.226.234 (27 Jan 2005 18:33:17 GMT) Original-X-Complaints-To: usenet@quimby.gnus.org Original-NNTP-Posting-Date: Thu, 27 Jan 2005 18:33:17 +0000 (UTC) OpenPGP: id=B565716F; url=http://josefsson.org/key.txt X-Hashcash: 1:21:050127:gnu.emacs.gnus::MxWO4TYuwEM1hXVV:22W User-Agent: Gnus/5.110003 (No Gnus v0.3) Emacs/21.3.50 (gnu/linux) Cancel-Lock: sha1:Wn+G+Q7QhuMroVqbblnLPbWgzNk= Original-Xref: bridgekeeper.physik.uni-ulm.de gnus-emacs-gnus:4529 Original-Lines: 68 X-Gnus-Article-Number: 4529 Tue Jan 17 17:33:41 2006 Xref: news.gmane.org gmane.emacs.gnus.user:4388 Archived-At: Stefan Kamphausen writes: > Hi, > > today I've been playing around with the S/MIME stuff in Gnus. While > it all works as expected there is one glitch that I can't fix anyhow. > > When I send a message to a friend using his certificate to encrypt and > mine to sign the message I have to explicitly state which certificate > to use for signing (at least this is filled with a reasonable default > from smime-keys) and which for encryption (this is just a > read-file-name on the smime-certificate-directory. It would be very > nice if those were picked according to the recipients email adress > taken from the "To:"-header and the "From:" adress respectively. Yes, although I'm not sure how to implement that. Mapping e-mail addresses to S/MIME certificates is not well standardized under Unix. There is no per-user S/MIME directory on the local machine to use. If you want to think about how this would work, and perhaps implement it, that would be very useful. > Furthermore the sending of the message keeps asking me for another > round of signature and encryption certificate. This time it's for the > saving of the message in the Gcc-Header (at least I think I found that > by doing some experiments, giving the false encryption argument leads > to my not being able to decrypt the message when viewing my > sent-box). The most confusing part in this is that I can't see from > the prompts or the message display for which recipient I have to give > the encryption key. Your analysis is correct. There is a variable that you can set so the GCC'd copy contain the raw MML tags instead of the encoded version. The reason for encoding things twice is that encoding a message for mail/news is in theory different from encoding it for GCC. The same formatting logic cannot always be used. So that's why Gnus encode the message twice. It is arguable a bug. On the other hand, a better solution might be to make S/MIME sign/encrypt so smooth that you wouldn't care that it is encoded twice. If you want what is sent through mail, you can use 'Bcc' instead of 'Gcc'. > Am I missing something here? I've dived into mml-sec.el and > mml-smime.el and I think that the insertion of the mml statement > _might_ already contain the certificates but maybe I just didn't > understand it. You can specify the key/cert in the MML tags, if that is what you meant. See 'MML Definition' in the Emacs MIME manual. You can say, e.g.: <#part sign=smime keyfile="~/cacert.user.key"> Hm. I now realize that part of what you are wishing for is already implemented for the S/MIME partial signing. When I pressed "Secure MIME Part" -> "S/MIME Sign Part" it automatically added the 'keyfile' parameter, because my smime-keys variable says: '(smime-keys (quote (("simon@josefsson.org" "~/certs/jas.key+cert" nil) ("jas@extundo.com" "~/cacert.user.key" ("~/cacert.crt")) ("sj@extundo.com" "~/certs/sj.key+cert" nil)))) Can you try if <#!secure method=smime mode=sign keyfile="foo"> works? If so, perhaps you can locate the code that add the keyfile parameter to the MIME part tags, and add it to the full-message MML tag code.