[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: epg.el: epg--status-GET_LINE not working?
From: |
Teemu Likonen |
Subject: |
Re: epg.el: epg--status-GET_LINE not working? |
Date: |
Wed, 05 Jul 2017 22:03:30 +0300 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux) |
Daiki Ueno [2017-07-05 18:25:29+02] wrote:
> Teemu Likonen <address@hidden> writes:
>> I suggest a minimal handler so that epg wouldn't wait GET_LINE input in
>> tofu conflicts (which currently doesn't work anyway) and
>> epg-signature-to-string function would return a string like this:
>>
>> Good signature from [keyid] [user id] (tofu conflict) created at
>> [date] using [algorithm]
>>
>> I believe epg is mostly used with Gnus and that line alone is useful.
>
> Would that work? I mean, if there is an unresolved tofu conflict,
> shouldn't signature verification fail?
Yes and no. There are two different point of views in verification:
1. Signature is "good" if message's content matches the signature hash
(message were not altered). Otherwise the signatures is "bad". This
part can be "good" even if there is a tofu conflict.
2. The key that made the signature is valid (we trust that it belong to
the person we think). Gpg returns: TRUST_ULTIMATE, TRUST_FULLY,
TRUST_MARGINAL etc. If there is a tofu conflict we don't get that
TRUST_* information at all from gpg.
> Anyway, I would rather ignore "tofu.conflict" like the attached patch
> (not tested), until it becomes really useful.
I agree but with a small addition. That skips the "GET_LINE
tofu.conflict" case (which I think is good) but user is left without any
information about what happened. Function epg-signature-to-string will
return a string like this:
Good signature from [keyid] [user id] created at
2017-07-05T21:25:57+0300 using RSA
The signature is good but the usual "(trust ...)" is missing so there is
no information about key's validity. I suggest adding just the tofu
conflict info. With a patch like below the mentioned function would
return:
Good signature from [keyid] [user id] (trust: tofu-conflict) created
at 2017-07-05T21:25:57+0300 using RSA
diff --git i/lisp/epg.el w/lisp/epg.el
index c701954b75..80bcea8064 100644
--- i/lisp/epg.el
+++ w/lisp/epg.el
@@ -421,7 +421,7 @@ epg-signature-to-string
(epg-decode-dn user-id)))
"")
(if (epg-signature-validity signature)
- (format " (trust %s)" (epg-signature-validity signature))
+ (format " (trust: %s)" (epg-signature-validity signature))
"")
(if (epg-signature-creation-time signature)
(format-time-string " created at %Y-%m-%dT%T%z"
@@ -905,12 +905,21 @@ epg--status-GET_LINE
(let ((entry (assoc string epg-prompt-alist))
inhibit-quit)
(condition-case nil
- (process-send-string (epg-context-process context)
- (concat (read-string
- (if entry
- (cdr entry)
- (concat string ": ")))
- "\n"))
+ (process-send-string
+ (epg-context-process context)
+ (cond ((equal string "tofu.conflict")
+ (let ((signature
+ (car (epg-context-result-for context 'verify))))
+ (when (and signature
+ (eq (epg-signature-status signature) 'good))
+ (setf (epg-signature-validity signature)
+ 'tofu-conflict))
+ "\n"))
+ (t (concat (read-string
+ (if entry
+ (cdr entry)
+ (concat string ": ")))
+ "\n"))))
(quit
(epg-context-set-result-for
context 'error
signature.asc
Description: PGP signature