Re: Smime signature verification in Notmuch - Emacs

diff --git a/19/d7239d31c6ebbde24362e4254915fb192627d6 b/19/d7239d31c6ebbde24362e4254915fb192627d6
new file mode 100644 (file)
index 0000000..69a174b
--- /dev/null
+++ b/19/d7239d31c6ebbde24362e4254915fb192627d6
@@ -0,0 +1,254 @@
+Return-Path: <bateast@bat.fr.eu.org>\r
+X-Original-To: notmuch@notmuchmail.org\r
+Delivered-To: notmuch@notmuchmail.org\r
+Received: from localhost (localhost [127.0.0.1])\r
+       by olra.theworths.org (Postfix) with ESMTP id 3C397431FAF\r
+       for <notmuch@notmuchmail.org>; Fri, 14 Mar 2014 04:00:25 -0700 (PDT)\r
+X-Virus-Scanned: Debian amavisd-new at olra.theworths.org\r
+X-Spam-Flag: NO\r
+X-Spam-Score: 1.741\r
+X-Spam-Level: *\r
+X-Spam-Status: No, score=1.741 tagged_above=-999 required=5\r
+       tests=[HTML_MESSAGE=0.001, HTML_MIME_NO_HTML_TAG=0.635,\r
+       MIME_HTML_ONLY=1.105] autolearn=disabled\r
+Received: from olra.theworths.org ([127.0.0.1])\r
+       by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024)\r
+       with ESMTP id dwe1n+PAlwDg for <notmuch@notmuchmail.org>;\r
+       Fri, 14 Mar 2014 04:00:18 -0700 (PDT)\r
+Received: from mx1a.lautre.net (mx1a.lautre.net [80.67.160.71])\r
+       (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))\r
+       (No client certificate requested)\r
+       by olra.theworths.org (Postfix) with ESMTPS id 25188431FAE\r
+       for <notmuch@notmuchmail.org>; Fri, 14 Mar 2014 04:00:18 -0700 (PDT)\r
+Received: from arch-vm (unknown [109.21.163.7])\r
+       (using TLSv1 with cipher AES128-SHA (128/128 bits))\r
+       (No client certificate requested)\r
+       (Authenticated sender: bateast@bat.fr.eu.org)\r
+       by mx1a.lautre.net (Postfix) with ESMTPSA id 796E8A108A;\r
+       Fri, 14 Mar 2014 12:00:13 +0100 (CET)\r
+From: Baptiste <bateast@bat.fr.eu.org>\r
+To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>, notmuch@notmuchmail.org\r
+Subject: Re: Smime signature verification in Notmuch - Emacs\r
+In-Reply-To: <531F4FDD.6000506@fifthhorseman.net>\r
+Organization: bat.fr.eu.org\r
+References: <87y50r42do.fsf@bat.fr.eu.org>\r
+ <531F4FDD.6000506@fifthhorseman.net>\r
+User-Agent: Notmuch/0.17+81~g718d58a (http://notmuchmail.org) Emacs/24.3.50.2\r
+       (i686-pc-linux-gnu)\r
+Date: Fri, 14 Mar 2014 11:58:55 +0100\r
+Message-ID: <87siqlrqq8.fsf@bat.fr.eu.org>\r
+MIME-Version: 1.0\r
+Content-Type: multipart/signed; protocol="application/x-pkcs7-signature";\r
+       micalg="sha1"; boundary="----7A9AC58F7D949A2C35A72AFA089957FC"\r
+X-Mailman-Approved-At: Mon, 17 Mar 2014 02:21:11 -0700\r
+X-BeenThere: notmuch@notmuchmail.org\r
+X-Mailman-Version: 2.1.13\r
+Precedence: list\r
+List-Id: "Use and development of the notmuch mail system."\r
+       <notmuch.notmuchmail.org>\r
+List-Unsubscribe: <http://notmuchmail.org/mailman/options/notmuch>,\r
+       <mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>\r
+List-Archive: <http://notmuchmail.org/pipermail/notmuch>\r
+List-Post: <mailto:notmuch@notmuchmail.org>\r
+List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>\r
+List-Subscribe: <http://notmuchmail.org/mailman/listinfo/notmuch>,\r
+       <mailto:notmuch-request@notmuchmail.org?subject=subscribe>\r
+X-List-Received-Date: Fri, 14 Mar 2014 11:00:25 -0000\r
+\r
+This is an S/MIME signed message\r
+\r
+------7A9AC58F7D949A2C35A72AFA089957FC\r
+Content-Type: text/html; charset=utf-8\r
+Content-Transfer-Encoding: quoted-printable\r
+\r
+<p>\r
+Hi,<br  />\r
+</p>\r
+\r
+<p>\r
+thanks you for your answer.<br  />\r
+</p>\r
+\r
+<p>\r
+firstly, sorry for my previous mail, you are right, it was broken. This one=\r
+ should be better.<br  />\r
+</p>\r
+\r
+<p>\r
+Anyway, my goal was to make S/MIME messages to work with <code>notmuch</cod=\r
+e>. Actually, I am not looking to modify directly <i>notmuch</i> (well, I h=\r
+ave no good reason for not doing it), so I hooked the notmuch emacs interfa=\r
+ce. I does work today with S/MIME signature and I am currently working on e=\r
+ncryption, though it have no clew how to recreate s-exp after decryption to=\r
+ re-inject into <i>notmuch-show</i> emacs function.<br  />\r
+</p>\r
+\r
+<p>\r
+Truly, it would be better to implement it directly in notmuch core.<br  />\r
+</p>\r
+\r
+<p>\r
+Signature verification just present a line with the signature owner and the=\r
+ trust chain status (<i>green</i> for good verification, <i>orange</i> for =\r
+self signed only signature). No verification is made today against :From fi=\r
+eld.<br  />\r
+</p>\r
+\r
+<p>\r
+As for example=C2=A0:<br  />\r
+</p>\r
+<pre class=3D"example">\r
+(green)  [ Good signature by: bateast@bat.fr.eu.org - 08F4ED ]\r
+</pre>\r
+<p>\r
+or<br  />\r
+</p>\r
+<pre class=3D"example">\r
+(orange) [ Good signature by key: 0x08F4ED self signed for bateast@bat.fr.e=\r
+u.org ]\r
+</pre>\r
+\r
+<p>\r
+and if you click on button, you get key description=C2=A0:<br  />\r
+</p>\r
+\r
+<pre class=3D"example">\r
+Certificate:\r
+    Data:\r
+        Version: 3 (0x2)\r
+        Serial Number: 586989 (0x8f4ed)\r
+    Signature Algorithm: sha1WithRSAEncryption\r
+        Issuer: C=3DIL, O=3DStartCom Ltd., OU=3DSecure Digital Certificate =\r
+Signing, CN=3DStartCom Class 1 Primary Intermediate Client CA\r
+        Validity\r
+            Not Before: Feb 11 19:01:56 2014 GMT\r
+...\r
+</pre>\r
+\r
+<p>\r
+My opinion is that S/MIME is more and more widely used today, and then rely=\r
+ing only on gpg for signature or encryption is a bit rough.<br  />\r
+</p>\r
+\r
+<p>\r
+Thank you,<br  />\r
+</p>\r
+\r
+<hr  />\r
+<p>\r
+<b>Le mar., mars 11 2014, Daniel Kahn Gillmor a =C3=A9crit</b><br  />\r
+</p>\r
+\r
+<p>\r
+Hi Baptiste<br  />\r
+</p>\r
+\r
+<p>\r
+i'm interested in the functionality you're describing, but i confess i'm co=\r
+nfused by the syntax of your e-mail and the structure of the file in questi=\r
+on, as well as how you think it should be related to the notmuch project.  =\r
+This might all be obvious to other people; sorry for my confusion!<br  />\r
+</p>\r
+\r
+<p>\r
+Do you think this should be integrated into notmuch and shipped with it? if=\r
+ so, can you provide it as a standard patch for folks here to review?<br  />\r
+</p>\r
+\r
+<p>\r
+Some questions worth documenting if possible:<br  />\r
+</p>\r
+\r
+<ul class=3D"org-ul">\r
+<li>do you expect this to work for S/MIME encrypted messages as well as S/M=\r
+IME signed messages?<br  />\r
+</li>\r
+\r
+<li>is there a reason to do this only in emacs?  PGP/MIME-signed (and -encr=\r
+ypted) messages can be parsed directly by libnotmuch so they are useful in =\r
+other contexts as well<br  />\r
+</li>\r
+\r
+<li>what key management model does this code assume and/or enforce?  how do=\r
+ we know which keys belong to which users?<br  />\r
+</li>\r
+</ul>\r
+\r
+<p>\r
+Thanks for working on notmuch!<br  />\r
+</p>\r
+\r
+<p>\r
+Regards,<br  />\r
+</p>\r
+\r
+<p>\r
+&#x2013;dkg<br  />\r
+</p>\r
+\r
+\r
+<p>\r
+&#x2013;<br  />\r
+</p>\r
+\r
+<pre class=3D"example">\r
+~^v^~ Bat\r
+</pre>\r
+\r
+------7A9AC58F7D949A2C35A72AFA089957FC\r
+Content-Type: application/x-pkcs7-signature; name="smime.p7s"\r
+Content-Transfer-Encoding: base64\r
+Content-Disposition: attachment; filename="smime.p7s"\r
+\r
+MIIJGwYJKoZIhvcNAQcCoIIJDDCCCQgCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3\r
+DQEHAaCCBkwwggZIMIIFMKADAgECAgMI9O0wDQYJKoZIhvcNAQEFBQAwgYwxCzAJ\r
+BgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1\r
+cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENv\r
+bSBDbGFzcyAxIFByaW1hcnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQTAeFw0xNDAy\r
+MTExOTAxNTZaFw0xNTAyMTIyMjAxMThaMGExGTAXBgNVBA0TEEY2NkE5OGZkb2FN\r
+Q0k4Qk4xHjAcBgNVBAMMFWJhdGVhc3RAYmF0LmZyLmV1Lm9yZzEkMCIGCSqGSIb3\r
+DQEJARYVYmF0ZWFzdEBiYXQuZnIuZXUub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOC\r
+AQ8AMIIBCgKCAQEAyZVzZ9wZRF2ws0rxniwRZ66Eyd+G98Cx61SPc7X1siZFsdwt\r
+yF+L2KI5tDIBt3uhbM5uLSNQIxysz2iDyLWxo7+u+Ot5MYOu3BCCcWyrqHJMErZG\r
+dWte3HlyN2suzK9j4NDwHippcgCH8ImRJ/sPH+Q9tRnr2Y6fs0LH4fH9WCrr/kR9\r
+kniUSnyVL5iW06ZbIS+6Pwd4VIkB6ctaq5Zro3HA75alsW6qZ5QTwJKPb4zAKMlm\r
+jsbQqd8VtBMjVL9FqDTIGBfvCtsSY3x8WwETw0O0ks6V3KCe3qD9o7bt66QmcH6u\r
+yFLnFwBBWl53q6Uj+f9HyDN6oKlQMEVykDs0KwIDAQABo4IC2zCCAtcwCQYDVR0T\r
+BAIwADALBgNVHQ8EBAMCBLAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwME\r
+MB0GA1UdDgQWBBR1jaZYWD3I4/WRf66Lp+7n1c3CDjAfBgNVHSMEGDAWgBRTcu2S\r
+nODaywFcfH6WNU7y1LhRgjAgBgNVHREEGTAXgRViYXRlYXN0QGJhdC5mci5ldS5v\r
+cmcwggFMBgNVHSAEggFDMIIBPzCCATsGCysGAQQBgbU3AQIDMIIBKjAuBggrBgEF\r
+BQcCARYiaHR0cDovL3d3dy5zdGFydHNzbC5jb20vcG9saWN5LnBkZjCB9wYIKwYB\r
+BQUHAgIwgeowJxYgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwAwIB\r
+ARqBvlRoaXMgY2VydGlmaWNhdGUgd2FzIGlzc3VlZCBhY2NvcmRpbmcgdG8gdGhl\r
+IENsYXNzIDEgVmFsaWRhdGlvbiByZXF1aXJlbWVudHMgb2YgdGhlIFN0YXJ0Q29t\r
+IENBIHBvbGljeSwgcmVsaWFuY2Ugb25seSBmb3IgdGhlIGludGVuZGVkIHB1cnBv\r
+c2UgaW4gY29tcGxpYW5jZSBvZiB0aGUgcmVseWluZyBwYXJ0eSBvYmxpZ2F0aW9u\r
+cy4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5zdGFydHNzbC5jb20vY3J0\r
+dTEtY3JsLmNybDCBjgYIKwYBBQUHAQEEgYEwfzA5BggrBgEFBQcwAYYtaHR0cDov\r
+L29jc3Auc3RhcnRzc2wuY29tL3N1Yi9jbGFzczEvY2xpZW50L2NhMEIGCCsGAQUF\r
+BzAChjZodHRwOi8vYWlhLnN0YXJ0c3NsLmNvbS9jZXJ0cy9zdWIuY2xhc3MxLmNs\r
+aWVudC5jYS5jcnQwIwYDVR0SBBwwGoYYaHR0cDovL3d3dy5zdGFydHNzbC5jb20v\r
+MA0GCSqGSIb3DQEBBQUAA4IBAQBuipeKxSwZNTsTF1uY9CHWFvHDRrhWROKQ/3oB\r
+cI6nV7MgXAvKxXqLGdq+N6URtKTspPuZz0pWMtHF6Sgu6mzeiXGS3ZOtz6Kq/q9Y\r
+raogWBYjgqp5GQwl8uKG7VW4BQPtop8DyrgP0IV97enY5qTTCmT5GsLrT6t2y5CY\r
+o7N1yMcukSq6VlQwm4JNrNcWK16kBO+7HwJ0JYGl9jF9ITyvsVWEg9/6uNjNT4Gs\r
+hZs4T1KFVA+fuKwWQXs0INZevU8UgTduKdofA4Z9+AxCm5yjfV1S+am47LqmX3hQ\r
+6hUtP36pa1OqeeMXYi210UmcnONJsAxFbMYyvWSVq+VntBwyMYIClzCCApMCAQEw\r
+gZQwgYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYD\r
+VQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQD\r
+Ey9TdGFydENvbSBDbGFzcyAxIFByaW1hcnkgSW50ZXJtZWRpYXRlIENsaWVudCBD\r
+QQIDCPTtMAkGBSsOAwIaBQCggdgwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAc\r
+BgkqhkiG9w0BCQUxDxcNMTQwMzE0MTA1OTAwWjAjBgkqhkiG9w0BCQQxFgQUvJap\r
+oazocYXOILg8KwPnQM5tju4weQYJKoZIhvcNAQkPMWwwajALBglghkgBZQMEASow\r
+CwYJYIZIAWUDBAEWMAsGCWCGSAFlAwQBAjAKBggqhkiG9w0DBzAOBggqhkiG9w0D\r
+AgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwDQYJ\r
+KoZIhvcNAQEBBQAEggEAY1Y7F2BmpA8iB/UIgQlB85MrTmRv/L2nrqnHyn5b2TWw\r
+1PXSVvQeUPQVdo472gNeeqjOdUxjyFciLK0fsYXJNBwL991Up3RfBT+2seATtCXK\r
+Q38NidMf2u2+rH3m/WQjEZQ26PxwkoBEqUcBh5BOlvucqZWd65tW3fmeN/cAq6m5\r
+laoLJzM93Xewxekas1QfriSFrWpkZR/yJ9InUJe+sYX/pEAWF50rsSdwkOtb0SbP\r
+gqGOtlcnGpPCOrhCZbz6UaPc7kbxeap6IQo23ni0rSuySjbzizL7wIYGftpHXh5n\r
+Da2BLlSMLw00mj414S25lnXB7SnqtUaYHVDGUrqfIA==\r
+\r
+------7A9AC58F7D949A2C35A72AFA089957FC--\r
+\r