[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: x-pkcs7-mime verification?
|
From: |
Arne Jørgensen |
|
Subject: |
Re: x-pkcs7-mime verification? |
|
Date: |
Wed, 06 Apr 2005 15:55:57 +0200 |
|
User-agent: |
Gnus/5.110003 (No Gnus v0.3) Emacs/22.0.50 (gnu/linux) |
Milan Zamazal <pdm@brailcom.org> writes:
>>>>>> "AJ" == Arne Jørgensen <arne@arnested.dk> writes:
>
> AJ> What is the difference/why isn't it decsrypting?
>
> It's a clear text message encoded in base64, not a message encrypted
> with the recipient's key.
>
> AJ> I can find the message in the source code but I never see the
> AJ> message myself. When I read a message that is both encrypted and
> AJ> signed I'm asked the same question as you (whether the message
> AJ> should be decrypted or not). On a positive answer I see the
> AJ> decrypted message and if I verify it (`W s') it succeeds too.
>
> And do the headers contain the application/x-pkcs7-mime MIME type?
Yes.
> The mail I have problems with is produced by Outlook and contains the
> following content-type headers in the main mail headers:
>
> Content-Type: application/x-pkcs7-mime; name="smime.p7m"
> Content-Transfer-Encoding: base64
> Content-Disposition: attachment; filename="smime.p7m"
>
> The mail body is base64 encoded and contains a signed message in the
> PKCS7 (I assume) format. The Gnus function handling it is:
I think I finally understand a bit about what this is about. I didn't
know that a message with a application/x-pkcs7-mime MIME type could
be just a signed (not encrypted) message until I read some of RFC
2311. Part of why I it was difficult for me to understand this is
because Gnus doesn't generate that kind of signed mails, but used
multipart/signed instead.
Milan Zamazal <pdm@brailcom.org> writes:
> The following patch against Emacs CVS makes Gnus verify pkcs7-mime
> signatures:
>
> --- mm-view.el.orig 2005-04-05 18:05:25.599196219 +0200
> +++ mm-view.el 2005-04-05 18:03:59.177559850 +0200
> @@ -538,18 +538,24 @@
>
> (defun mm-view-pkcs7-verify (handle)
> ;; A bogus implementation of PKCS#7. FIXME::
> - (mm-insert-part handle)
> - (goto-char (point-min))
> - (if (search-forward "Content-Type: " nil t)
> - (delete-region (point-min) (match-beginning 0)))
> - (goto-char (point-max))
> - (if (re-search-backward "--\r?\n?" nil t)
> - (delete-region (match-end 0) (point-max)))
> + (let ((verified nil))
> + (with-temp-buffer
> + (insert "MIME-Version: 1.0\n")
> + (mm-insert-headers "application/pkcs7-mime" "base64" "smime.p7m")
> + (insert-buffer-substring (mm-handle-buffer handle))
> + (setq verified (smime-verify-region (point-min) (point-max))))
> + (goto-char (point-min))
> + (mm-insert-part handle)
> + (if (search-forward "Content-Type: " nil t)
> + (delete-region (point-min) (match-beginning 0)))
> + (goto-char (point-max))
> + (if (re-search-backward "--\r?\n?" nil t)
> + (delete-region (match-end 0) (point-max)))
> + (unless verified
> + (insert-buffer-substring smime-details-buffer)))
> (goto-char (point-min))
> (while (search-forward "\r\n" nil t)
> (replace-match "\n"))
> - (message "Verify signed PKCS#7 message is unimplemented.")
> - (sit-for 1)
> t)
>
> (autoload 'gnus-completing-read-maybe-default "gnus-util" nil nil 'macro)
I have tested your patch with the messages in my test colection and
your patch doesn't break any of these.
So if it works with your messages (and I guess it does since you
posted it) I think it would be worth installing it in Gnus.
Kind regards,
--
Arne Jørgensen <http://arnested.dk/>
- Re: x-pkcs7-mime verification?,
Arne Jørgensen <=