From: Jeffrey Stedfast Date: Thu, 29 Jan 2015 14:40:59 +0000 (+1900) Subject: Re: [gmime-devel] gmime and S/MIME X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=baa359cf82061814d7579d6d35f0ace83443084d;p=notmuch-archives.git Re: [gmime-devel] gmime and S/MIME --- diff --git a/c5/9ef9d4d48215f23d1567d7af0f4fc82f1800e2 b/c5/9ef9d4d48215f23d1567d7af0f4fc82f1800e2 new file mode 100644 index 000000000..45c118e8b --- /dev/null +++ b/c5/9ef9d4d48215f23d1567d7af0f4fc82f1800e2 @@ -0,0 +1,112 @@ +Return-Path: +X-Original-To: notmuch@notmuchmail.org +Delivered-To: notmuch@notmuchmail.org +Received: from localhost (localhost [127.0.0.1]) + by olra.theworths.org (Postfix) with ESMTP id 3B21D431FC4 + for ; Thu, 29 Jan 2015 06:40:58 -0800 (PST) +X-Virus-Scanned: Debian amavisd-new at olra.theworths.org +X-Spam-Flag: NO +X-Spam-Score: 2.438 +X-Spam-Level: ** +X-Spam-Status: No, score=2.438 tagged_above=-999 required=5 + tests=[DNS_FROM_AHBL_RHSBL=2.438, RCVD_IN_DNSWL_NONE=-0.0001] + autolearn=disabled +Received: from olra.theworths.org ([127.0.0.1]) + by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024) + with ESMTP id H+pjH8h+CXKV for ; + Thu, 29 Jan 2015 06:40:54 -0800 (PST) +Received: from resqmta-po-10v.sys.comcast.net (resqmta-po-10v.sys.comcast.net + [96.114.154.169]) + (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) + (No client certificate requested) + by olra.theworths.org (Postfix) with ESMTPS id 94619431FBC + for ; Thu, 29 Jan 2015 06:40:54 -0800 (PST) +Received: from resomta-po-12v.sys.comcast.net ([96.114.154.236]) + by resqmta-po-10v.sys.comcast.net with comcast + id lqg51p00C56HXL001qgtqe; Thu, 29 Jan 2015 14:40:53 +0000 +Received: from [192.168.1.102] ([24.91.170.86]) + by resomta-po-12v.sys.comcast.net with comcast + id lqgr1p00a1sBWGw01qgsuU; Thu, 29 Jan 2015 14:40:53 +0000 +Message-ID: <54CA467B.30408@gnome.org> +Date: Thu, 29 Jan 2015 09:40:59 -0500 +From: Jeffrey Stedfast +User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; + rv:31.0) Gecko/20100101 Thunderbird/31.4.0 +MIME-Version: 1.0 +To: David Bremner , gmime-devel-list@gnome.org +Subject: Re: [gmime-devel] gmime and S/MIME +References: <87twz9wyf8.fsf@maritornes.cs.unb.ca> +In-Reply-To: <87twz9wyf8.fsf@maritornes.cs.unb.ca> +Content-Type: text/plain; charset=windows-1252; format=flowed +Content-Transfer-Encoding: quoted-printable +Cc: notmuch@notmuchmail.org +X-BeenThere: notmuch@notmuchmail.org +X-Mailman-Version: 2.1.13 +Precedence: list +List-Id: "Use and development of the notmuch mail system." + +List-Unsubscribe: , + +List-Archive: +List-Post: +List-Help: +List-Subscribe: , + +X-List-Received-Date: Thu, 29 Jan 2015 14:40:59 -0000 + +Hi David, + +On 1/29/2015 7:42 AM, David Bremner wrote: +> With a few others, I've been attempting to get S/MIME supported in +> notmuch (which as you might or might not remember is using gmime +> underneath). The signature verification part is working OK, but I've +> gotten a bit bogged down trying to get decryption working. +> +> What I have learned is that according RFC5751, smime message (parts) +> look like +> +> Media type: application/pkcs7-mime +> parameters: any +> file suffix: any +> +> Media type: multipart/signed +> parameters: protocol=3D"application/pkcs7-signature" +> file suffix: any +> +> Media type: application/octet-stream +> parameters: any +> file suffix: p7m, p7s, p7c, p7z +> +> Unless I miss something, out of the box there is only support for +> decrypting multipart/encrypted. In particular the gmime tests for +> S/MIME use this "container format" [1]. + +Correct, I don't think I ever got around to implementing the=20 +GMimeApplicationPkcs7Mime class. + +> +> So I'm wondering if I'm confused about the RFC(s), or about GMIME, or i= +s +> one suppose to write analogs of g_mime_multipart_encrypted_decrypt for +> other top level parts? + +You are not confused. I would probably hesitate to say that it was my=20 +*intention* for everyone to implement their own S/MIME class for=20 +pkcs7-mime, but in any case, that is what needs to be done right now :( + +FWIW, I've written another library called MimeKit in C# which shares a=20 +similar design to GMime that is hosted on GitHub that implements the=20 +pkcs7-mime class: + +https://github.com/jstedfast/MimeKit/blob/master/MimeKit/Cryptography/App= +licationPkcs7Mime.cs + +Hopefully that helps provide you with ideas on how to implement the same = + +sort of thing using GMime for notmuch. + +(btw, if you end up implementing this, I'd love to accept your patches=20 +into GMime proper) + +Jeff +