From b2685229339f98957126dbb3011313947341b0a2 Mon Sep 17 00:00:00 2001 From: Baptiste Date: Fri, 14 Mar 2014 11:58:55 +0100 Subject: [PATCH] Re: Smime signature verification in Notmuch - Emacs --- 19/d7239d31c6ebbde24362e4254915fb192627d6 | 254 ++++++++++++++++++++++ 1 file changed, 254 insertions(+) create mode 100644 19/d7239d31c6ebbde24362e4254915fb192627d6 diff --git a/19/d7239d31c6ebbde24362e4254915fb192627d6 b/19/d7239d31c6ebbde24362e4254915fb192627d6 new file mode 100644 index 000000000..69a174b50 --- /dev/null +++ b/19/d7239d31c6ebbde24362e4254915fb192627d6 @@ -0,0 +1,254 @@ +Return-Path: +X-Original-To: notmuch@notmuchmail.org +Delivered-To: notmuch@notmuchmail.org +Received: from localhost (localhost [127.0.0.1]) + by olra.theworths.org (Postfix) with ESMTP id 3C397431FAF + for ; Fri, 14 Mar 2014 04:00:25 -0700 (PDT) +X-Virus-Scanned: Debian amavisd-new at olra.theworths.org +X-Spam-Flag: NO +X-Spam-Score: 1.741 +X-Spam-Level: * +X-Spam-Status: No, score=1.741 tagged_above=-999 required=5 + tests=[HTML_MESSAGE=0.001, HTML_MIME_NO_HTML_TAG=0.635, + MIME_HTML_ONLY=1.105] autolearn=disabled +Received: from olra.theworths.org ([127.0.0.1]) + by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024) + with ESMTP id dwe1n+PAlwDg for ; + Fri, 14 Mar 2014 04:00:18 -0700 (PDT) +Received: from mx1a.lautre.net (mx1a.lautre.net [80.67.160.71]) + (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) + (No client certificate requested) + by olra.theworths.org (Postfix) with ESMTPS id 25188431FAE + for ; Fri, 14 Mar 2014 04:00:18 -0700 (PDT) +Received: from arch-vm (unknown [109.21.163.7]) + (using TLSv1 with cipher AES128-SHA (128/128 bits)) + (No client certificate requested) + (Authenticated sender: bateast@bat.fr.eu.org) + by mx1a.lautre.net (Postfix) with ESMTPSA id 796E8A108A; + Fri, 14 Mar 2014 12:00:13 +0100 (CET) +From: Baptiste +To: Daniel Kahn Gillmor , notmuch@notmuchmail.org +Subject: Re: Smime signature verification in Notmuch - Emacs +In-Reply-To: <531F4FDD.6000506@fifthhorseman.net> +Organization: bat.fr.eu.org +References: <87y50r42do.fsf@bat.fr.eu.org> + <531F4FDD.6000506@fifthhorseman.net> +User-Agent: Notmuch/0.17+81~g718d58a (http://notmuchmail.org) Emacs/24.3.50.2 + (i686-pc-linux-gnu) +Date: Fri, 14 Mar 2014 11:58:55 +0100 +Message-ID: <87siqlrqq8.fsf@bat.fr.eu.org> +MIME-Version: 1.0 +Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; + micalg="sha1"; boundary="----7A9AC58F7D949A2C35A72AFA089957FC" +X-Mailman-Approved-At: Mon, 17 Mar 2014 02:21:11 -0700 +X-BeenThere: notmuch@notmuchmail.org +X-Mailman-Version: 2.1.13 +Precedence: list +List-Id: "Use and development of the notmuch mail system." + +List-Unsubscribe: , + +List-Archive: +List-Post: +List-Help: +List-Subscribe: , + +X-List-Received-Date: Fri, 14 Mar 2014 11:00:25 -0000 + +This is an S/MIME signed message + +------7A9AC58F7D949A2C35A72AFA089957FC +Content-Type: text/html; charset=utf-8 +Content-Transfer-Encoding: quoted-printable + +

+Hi,
+

+ +

+thanks you for your answer.
+

+ +

+firstly, sorry for my previous mail, you are right, it was broken. This one= + should be better.
+

+ +

+Anyway, my goal was to make S/MIME messages to work with notmuch. Actually, I am not looking to modify directly notmuch (well, I h= +ave no good reason for not doing it), so I hooked the notmuch emacs interfa= +ce. I does work today with S/MIME signature and I am currently working on e= +ncryption, though it have no clew how to recreate s-exp after decryption to= + re-inject into notmuch-show emacs function.
+

+ +

+Truly, it would be better to implement it directly in notmuch core.
+

+ +

+Signature verification just present a line with the signature owner and the= + trust chain status (green for good verification, orange for = +self signed only signature). No verification is made today against :From fi= +eld.
+

+ +

+As for example=C2=A0:
+

+
+(green)  [ Good signature by: bateast@bat.fr.eu.org - 08F4ED ]
+
+

+or
+

+
+(orange) [ Good signature by key: 0x08F4ED self signed for bateast@bat.fr.e=
+u.org ]
+
+ +

+and if you click on button, you get key description=C2=A0:
+

+ +
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 586989 (0x8f4ed)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=3DIL, O=3DStartCom Ltd., OU=3DSecure Digital Certificate =
+Signing, CN=3DStartCom Class 1 Primary Intermediate Client CA
+        Validity
+            Not Before: Feb 11 19:01:56 2014 GMT
+...
+
+ +

+My opinion is that S/MIME is more and more widely used today, and then rely= +ing only on gpg for signature or encryption is a bit rough.
+

+ +

+Thank you,
+

+ +
+

+Le mar., mars 11 2014, Daniel Kahn Gillmor a =C3=A9crit
+

+ +

+Hi Baptiste
+

+ +

+i'm interested in the functionality you're describing, but i confess i'm co= +nfused by the syntax of your e-mail and the structure of the file in questi= +on, as well as how you think it should be related to the notmuch project. = +This might all be obvious to other people; sorry for my confusion!
+

+ +

+Do you think this should be integrated into notmuch and shipped with it? if= + so, can you provide it as a standard patch for folks here to review?
+

+ +

+Some questions worth documenting if possible:
+

+ +
    +
  • do you expect this to work for S/MIME encrypted messages as well as S/M= +IME signed messages?
    +
  • + +
  • is there a reason to do this only in emacs? PGP/MIME-signed (and -encr= +ypted) messages can be parsed directly by libnotmuch so they are useful in = +other contexts as well
    +
  • + +
  • what key management model does this code assume and/or enforce? how do= + we know which keys belong to which users?
    +
  • +
+ +

+Thanks for working on notmuch!
+

+ +

+Regards,
+

+ +

+–dkg
+

+ + +

+–
+

+ +
+~^v^~ Bat
+
+ +------7A9AC58F7D949A2C35A72AFA089957FC +Content-Type: application/x-pkcs7-signature; name="smime.p7s" +Content-Transfer-Encoding: base64 +Content-Disposition: attachment; filename="smime.p7s" + +MIIJGwYJKoZIhvcNAQcCoIIJDDCCCQgCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3 +DQEHAaCCBkwwggZIMIIFMKADAgECAgMI9O0wDQYJKoZIhvcNAQEFBQAwgYwxCzAJ +BgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1 +cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENv +bSBDbGFzcyAxIFByaW1hcnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQTAeFw0xNDAy +MTExOTAxNTZaFw0xNTAyMTIyMjAxMThaMGExGTAXBgNVBA0TEEY2NkE5OGZkb2FN +Q0k4Qk4xHjAcBgNVBAMMFWJhdGVhc3RAYmF0LmZyLmV1Lm9yZzEkMCIGCSqGSIb3 +DQEJARYVYmF0ZWFzdEBiYXQuZnIuZXUub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEAyZVzZ9wZRF2ws0rxniwRZ66Eyd+G98Cx61SPc7X1siZFsdwt +yF+L2KI5tDIBt3uhbM5uLSNQIxysz2iDyLWxo7+u+Ot5MYOu3BCCcWyrqHJMErZG +dWte3HlyN2suzK9j4NDwHippcgCH8ImRJ/sPH+Q9tRnr2Y6fs0LH4fH9WCrr/kR9 +kniUSnyVL5iW06ZbIS+6Pwd4VIkB6ctaq5Zro3HA75alsW6qZ5QTwJKPb4zAKMlm +jsbQqd8VtBMjVL9FqDTIGBfvCtsSY3x8WwETw0O0ks6V3KCe3qD9o7bt66QmcH6u +yFLnFwBBWl53q6Uj+f9HyDN6oKlQMEVykDs0KwIDAQABo4IC2zCCAtcwCQYDVR0T +BAIwADALBgNVHQ8EBAMCBLAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwME +MB0GA1UdDgQWBBR1jaZYWD3I4/WRf66Lp+7n1c3CDjAfBgNVHSMEGDAWgBRTcu2S +nODaywFcfH6WNU7y1LhRgjAgBgNVHREEGTAXgRViYXRlYXN0QGJhdC5mci5ldS5v +cmcwggFMBgNVHSAEggFDMIIBPzCCATsGCysGAQQBgbU3AQIDMIIBKjAuBggrBgEF +BQcCARYiaHR0cDovL3d3dy5zdGFydHNzbC5jb20vcG9saWN5LnBkZjCB9wYIKwYB +BQUHAgIwgeowJxYgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwAwIB +ARqBvlRoaXMgY2VydGlmaWNhdGUgd2FzIGlzc3VlZCBhY2NvcmRpbmcgdG8gdGhl +IENsYXNzIDEgVmFsaWRhdGlvbiByZXF1aXJlbWVudHMgb2YgdGhlIFN0YXJ0Q29t +IENBIHBvbGljeSwgcmVsaWFuY2Ugb25seSBmb3IgdGhlIGludGVuZGVkIHB1cnBv +c2UgaW4gY29tcGxpYW5jZSBvZiB0aGUgcmVseWluZyBwYXJ0eSBvYmxpZ2F0aW9u +cy4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5zdGFydHNzbC5jb20vY3J0 +dTEtY3JsLmNybDCBjgYIKwYBBQUHAQEEgYEwfzA5BggrBgEFBQcwAYYtaHR0cDov +L29jc3Auc3RhcnRzc2wuY29tL3N1Yi9jbGFzczEvY2xpZW50L2NhMEIGCCsGAQUF +BzAChjZodHRwOi8vYWlhLnN0YXJ0c3NsLmNvbS9jZXJ0cy9zdWIuY2xhc3MxLmNs +aWVudC5jYS5jcnQwIwYDVR0SBBwwGoYYaHR0cDovL3d3dy5zdGFydHNzbC5jb20v +MA0GCSqGSIb3DQEBBQUAA4IBAQBuipeKxSwZNTsTF1uY9CHWFvHDRrhWROKQ/3oB +cI6nV7MgXAvKxXqLGdq+N6URtKTspPuZz0pWMtHF6Sgu6mzeiXGS3ZOtz6Kq/q9Y +raogWBYjgqp5GQwl8uKG7VW4BQPtop8DyrgP0IV97enY5qTTCmT5GsLrT6t2y5CY +o7N1yMcukSq6VlQwm4JNrNcWK16kBO+7HwJ0JYGl9jF9ITyvsVWEg9/6uNjNT4Gs +hZs4T1KFVA+fuKwWQXs0INZevU8UgTduKdofA4Z9+AxCm5yjfV1S+am47LqmX3hQ +6hUtP36pa1OqeeMXYi210UmcnONJsAxFbMYyvWSVq+VntBwyMYIClzCCApMCAQEw +gZQwgYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYD +VQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQD +Ey9TdGFydENvbSBDbGFzcyAxIFByaW1hcnkgSW50ZXJtZWRpYXRlIENsaWVudCBD +QQIDCPTtMAkGBSsOAwIaBQCggdgwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAc +BgkqhkiG9w0BCQUxDxcNMTQwMzE0MTA1OTAwWjAjBgkqhkiG9w0BCQQxFgQUvJap +oazocYXOILg8KwPnQM5tju4weQYJKoZIhvcNAQkPMWwwajALBglghkgBZQMEASow +CwYJYIZIAWUDBAEWMAsGCWCGSAFlAwQBAjAKBggqhkiG9w0DBzAOBggqhkiG9w0D +AgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwDQYJ +KoZIhvcNAQEBBQAEggEAY1Y7F2BmpA8iB/UIgQlB85MrTmRv/L2nrqnHyn5b2TWw +1PXSVvQeUPQVdo472gNeeqjOdUxjyFciLK0fsYXJNBwL991Up3RfBT+2seATtCXK +Q38NidMf2u2+rH3m/WQjEZQ26PxwkoBEqUcBh5BOlvucqZWd65tW3fmeN/cAq6m5 +laoLJzM93Xewxekas1QfriSFrWpkZR/yJ9InUJe+sYX/pEAWF50rsSdwkOtb0SbP +gqGOtlcnGpPCOrhCZbz6UaPc7kbxeap6IQo23ni0rSuySjbzizL7wIYGftpHXh5n +Da2BLlSMLw00mj414S25lnXB7SnqtUaYHVDGUrqfIA== + +------7A9AC58F7D949A2C35A72AFA089957FC-- + -- 2.26.2