S/MIME support

Bryant, Daniel B. Mon, 9 Jul 2012 14:33:17 -0400

Jamie,

I was able to get signature verification working with your patchset (with a 
caveat) but not decryption.


Signature Verification
----------------------

The caveat is that GMime is still borked with handling signatures with content 
type application/x-pkcs7-signature (vs. application/pkcs7-signature, which 
works fine). This is upstream GNOME bug #674032 that was supposed to have been 
fixed in GMime 2.6.9, but that original fix is also broken.

One possible workaround is to twiddle the content-type of the signature part 
(and the corresponding protocol in the multipart/signed part). I implemented 
this by looping over each message part in mime_node_open() and modifying as 
necessary using the following logic:


    GMimeContentType *content_type = g_mime_object_get_content_type (part);

    const char *subtype = g_mime_content_type_get_media_subtype (content_type);
    const char *protocol = g_mime_content_type_get_parameter (content_type, 
"protocol");

    if (!strcmp(subtype, "x-pkcs7-signature")) {
        g_mime_content_type_set_media_subtype (content_type, "pkcs7-signature");
    }

    if (protocol && !strcmp(protocol, "application/x-pkcs7-signature")) {
        g_mime_content_type_set_parameter (content_type, 
"protocol","application/pkcs7-signature");
    }    


Decryption
----------

All of my S/MIME encrypted mail consists of single part messages with 
content-type "application/x-pkcs7-mime". These conform to RFC3851, section 
3.3/3.4. (sample messages are included in the RFC as well). This fails to be 
decrypted by notmuch because the mime node traversal code assumes that every 
encrypted message is multipart/encrypted, which appears to only be true for 
PGP/MIME.


Dan



-----Original Message-----
From: notmuch-bounces at notmuchmail.org 
[mailto:[email protected]] On Behalf Of Jameson Graef Rollins
Sent: Friday, June 29, 2012 2:38 PM
To: Notmuch Mail
Subject: S/MIME support

Hey, folks.  This patch adds S/MIME support to notmuch-show.  It's
pretty simple, now that the crypto rework [0] is complete.

I was going to wait to submit this patch until we had a test suite
(ehem, dkg!), but seeing as there has been some other interest
expressed in seeing this feature I'm going to go ahead and send it to
the list in the hopes that it might spur development of the needed
tests.

jamie.

[0] id:"1338057946-29209-2-git-send-email-jrollins at finestructure.net"

_______________________________________________
notmuch mailing list
notmuch at notmuchmail.org
http://notmuchmail.org/mailman/listinfo/notmuch

S/MIME support

Reply via email to