From f64a3e8d2805652f8e8a6e3bc6ba6a7a5b8ef487 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Fri, 29 Jan 2016 01:56:05 +1900 Subject: [PATCH] Re: SMIME signature verification patches, v4 --- a7/d8fde2aea5e34295306ac1cd5944caf89a6276 | 172 ++++++++++++++++++++++ 1 file changed, 172 insertions(+) create mode 100644 a7/d8fde2aea5e34295306ac1cd5944caf89a6276 diff --git a/a7/d8fde2aea5e34295306ac1cd5944caf89a6276 b/a7/d8fde2aea5e34295306ac1cd5944caf89a6276 new file mode 100644 index 000000000..7bd49246e --- /dev/null +++ b/a7/d8fde2aea5e34295306ac1cd5944caf89a6276 @@ -0,0 +1,172 @@ +Return-Path: +X-Original-To: notmuch@notmuchmail.org +Delivered-To: notmuch@notmuchmail.org +Received: from localhost (localhost [127.0.0.1]) + by arlo.cworth.org (Postfix) with ESMTP id 8B16F6DE014A + for ; Wed, 27 Jan 2016 22:56:34 -0800 (PST) +X-Virus-Scanned: Debian amavisd-new at cworth.org +X-Spam-Flag: NO +X-Spam-Score: -0.053 +X-Spam-Level: +X-Spam-Status: No, score=-0.053 tagged_above=-999 required=5 + tests=[AWL=-0.053] autolearn=disabled +Received: from arlo.cworth.org ([127.0.0.1]) + by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024) + with ESMTP id oamW-fIcmEpH for ; + Wed, 27 Jan 2016 22:56:31 -0800 (PST) +Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) + by arlo.cworth.org (Postfix) with ESMTP id B68646DE0173 + for ; Wed, 27 Jan 2016 22:56:31 -0800 (PST) +Received: from fifthhorseman.net (ool-6c3a0662.static.optonline.net + [108.58.6.98]) + by che.mayfirst.org (Postfix) with ESMTPSA id 0191FF991; + Thu, 28 Jan 2016 01:56:11 -0500 (EST) +Received: by fifthhorseman.net (Postfix, from userid 1000) + id CCDB71FF94; Thu, 28 Jan 2016 01:56:12 -0500 (EST) +From: Daniel Kahn Gillmor +To: David Bremner , notmuch@notmuchmail.org +Subject: Re: SMIME signature verification patches, v4 +In-Reply-To: <1453652479-15968-1-git-send-email-david@tethera.net> +References: <1453652479-15968-1-git-send-email-david@tethera.net> +User-Agent: Notmuch/0.21+72~gd8c4f1c (http://notmuchmail.org) Emacs/24.5.1 + (x86_64-pc-linux-gnu) +Date: Thu, 28 Jan 2016 01:56:05 -0500 +Message-ID: <87lh7ab3ay.fsf@alice.fifthhorseman.net> +MIME-Version: 1.0 +Content-Type: multipart/signed; boundary="=-=-="; + micalg=sha256; protocol="application/pkcs7-signature" +X-BeenThere: notmuch@notmuchmail.org +X-Mailman-Version: 2.1.20 +Precedence: list +List-Id: "Use and development of the notmuch mail system." + +List-Unsubscribe: , + +List-Archive: +List-Post: +List-Help: +List-Subscribe: , + +X-List-Received-Date: Thu, 28 Jan 2016 06:56:34 -0000 + +--=-=-= +Content-Type: text/plain + +On Sun 2016-01-24 11:21:14 -0500, David Bremner wrote: +> This is a simple rebase of +> +> id:1450100337-31655-1-git-send-email-david@tethera.net +> +> The first 3 patches of that series are now in master. + +FWIW, i'm now running with this patch series, and i can verify S/MIME +signatures with it. + +When verifying a correct signature, though, the only thing i seem to get +in notmuch-emacs (or in the notmuch show --verify output) is the view of +some kind of fingerprint of the key, with no human-readable name or +e-mail address associated with it. + +for example: + + "sigstatus" : [ + { + "created" : 1453962340, + "status" : "good", + "fingerprint" : "3E65C58C306C1C42CA5056903B4E6C3C7DF15AD8", + "expires" : 1485215999 + } + ], + +whereas the OpenPGP PGP/MIME cleartext signature show: + + "sigstatus" : [ + { + "status" : "good", + "userid" : " Daniel Kahn Gillmor ", + "fingerprint" : "EDB2E74F56FCF2B67297B73524ECFF5AFF68370A", + "created" : 1453925746 + } + +This lack of userid be a function of my own S/MIME setup (i'm not sure +whether i've got the keys and certs set up exactly right), or of a +failure in gmime's pkcs7 signature handling code. But this is an +improvement over the unpatched notmuch anyway. + +Note that none of this deals with S/MIME-enveloped (encrypted) e-mails +yet either. + +My e-mail certificates and things are now set up within emacs (i'm using +EPG instead of openssl) -- i should be able to sign this mail, +and anyone else running this series should be able to verify it. + +I've rebased my own crypto series (indexing cleartext) on top of this +series, and it also works fine (though there were a few commits that +were tricky to rebase). I'd like it if this S/MIME patch series would +get upstreamed! + + --dkg + +--=-=-= +Content-Type: application/pkcs7-signature; name=smime.p7s +Content-Transfer-Encoding: base64 +Content-Disposition: attachment; filename=smime.p7s + +MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCCCfgw +ggSvMIIDl6ADAgECAhEA4CPLFRKDU4mtYW56VGdrITANBgkqhkiG9w0BAQsFADBvMQswCQYDVQQG +EwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFsIFRU +UCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290MB4XDTE0MTIyMjAw +MDAwMFoXDTIwMDUzMDEwNDgzOFowgZsxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1h +bmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMUEw +PwYDVQQDEzhDT01PRE8gU0hBLTI1NiBDbGllbnQgQXV0aGVudGljYXRpb24gYW5kIFNlY3VyZSBF +bWFpbCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAImxDdp6UxlOcFIdvFamBia3 +uEngludRq/HwWhNJFaO0jBtgvHpRQqd5jKQi3xdhTpHVdiMKFNNKAn+2HQmAbqUEPdm6uxb+oYep +LkNSQxZ8rzJQyKZPWukI2M+TJZx7iOgwZOak+FaA/SokFDMXmaxE5WmLo0YGS8Iz1OlAnwawsayT +QLm1CJM6nCpToxDbPSBhPFUDjtlOdiUCISn6o3xxdk/u4V+B6ftUgNvDezVSt4TeIj0sMC0xf1m9 +UjewM2ktQ+v61qXxl3dnUYzZ7ifrvKUHOHaMpKk4/9+M9QOsSb7K93OZOg8yq5yVOhM9DkY6V3Rh +UL7GQD/L5OKfoiECAwEAAaOCARcwggETMB8GA1UdIwQYMBaAFK29mHo0tCb3+sQmVO8DveAky1Qa +MB0GA1UdDgQWBBSSYWuC4aKgqk/sZ/HCo/e0gADB7DAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/ +BAgwBgEB/wIBADAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwEQYDVR0gBAowCDAGBgRV +HSAAMEQGA1UdHwQ9MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9BZGRUcnVzdEV4 +dGVybmFsQ0FSb290LmNybDA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3Nw +LnVzZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQELBQADggEBABsqbqxVwTqriMXY7c1V86prYSvACRAj +mQ/FZmpvsfW0tXdeDwJhAN99Bf4Ss6SAgAD8+x1banICCkG8BbrBWNUmwurVTYT7/oKYz1gb4yJj +nFL4uwU2q31Ypd6rO2Pl2tVz7+zg+3vio//wQiOcyraNTT7kSxgDsqgt1Ni7QkuQaYUQ26Y3NOh7 +4AEQpZzKOsefT4g0bopl0BqKu6ncyso20fT8wmQpNa/WsadxEdIDQ7GPPprsnjJT9HaSyoY0B7ks +yuYcStiZDcGG4pCS+1pCaiMhEOllx/XVu37qjIUgAmLq0ToHLFnFmTPyOInltukWeh95FPZKEBom ++nyK+5swggVBMIIEKaADAgECAhB9gwtCT/pRNF/1IXxNcw7PMA0GCSqGSIb3DQEBCwUAMIGbMQsw +CQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3Jk +MRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDFBMD8GA1UEAxM4Q09NT0RPIFNIQS0yNTYgQ2xp +ZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1haWwgQ0EwHhcNMTYwMTI0MDAwMDAwWhcN +MTcwMTIzMjM1OTU5WjAmMSQwIgYJKoZIhvcNAQkBFhVka2dAZmlmdGhob3JzZW1hbi5uZXQwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxPWBtSuDu5vFkO6vURZx+YIa5XUenadS58lOR +58M17BwpKYFzKDXrSAUt7Ynw04u09c5mbTSBS5NPMlNmOcEI5b2QbDJda7NaOkGaiwOFDgks7EAr +v3ib/ZXLn+R/t7fImi/VStYTEGIYMcUqg4+ssSxh1/3/8n4uFj9LLIR1KwfDVwv0NiYAol6dZ2zt +deFvICVB19VfthUsWlIWP7cxUwrfplsOCsJ8+bwAzZVgb+tBcvCvXVtNaU+11BEoK/fOIZoI3CDw +PMOgKNf9suUx2U2k4+plIz0dBWNwAWWAH6pfilyXzlGRP6za4pGC0XWGGMltKIUkfGev7q+DfxGD +AgMBAAGjggHzMIIB7zAfBgNVHSMEGDAWgBSSYWuC4aKgqk/sZ/HCo/e0gADB7DAdBgNVHQ4EFgQU +D/GO20jlXABuew/mfu4UsxsFfkswDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwIAYDVR0l +BBkwFwYIKwYBBQUHAwQGCysGAQQBsjEBAwUCMBEGCWCGSAGG+EIBAQQEAwIFIDBGBgNVHSAEPzA9 +MDsGDCsGAQQBsjEBAgEBATArMCkGCCsGAQUFBwIBFh1odHRwczovL3NlY3VyZS5jb21vZG8ubmV0 +L0NQUzBdBgNVHR8EVjBUMFKgUKBOhkxodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9DT01PRE9TSEEy +NTZDbGllbnRBdXRoZW50aWNhdGlvbmFuZFNlY3VyZUVtYWlsQ0EuY3JsMIGQBggrBgEFBQcBAQSB +gzCBgDBYBggrBgEFBQcwAoZMaHR0cDovL2NydC5jb21vZG9jYS5jb20vQ09NT0RPU0hBMjU2Q2xp +ZW50QXV0aGVudGljYXRpb25hbmRTZWN1cmVFbWFpbENBLmNydDAkBggrBgEFBQcwAYYYaHR0cDov +L29jc3AuY29tb2RvY2EuY29tMCAGA1UdEQQZMBeBFWRrZ0BmaWZ0aGhvcnNlbWFuLm5ldDANBgkq +hkiG9w0BAQsFAAOCAQEAUQsoIz1JUYDR3CLTRWucX2+I8JwVkwGR4iwrpgiqi+HLcAinFaUPB3jH +WJBU9761W1BZh+vZOHXHIKReADgplLylRx3wiDDyA2Uv+CREJyNZm3V0S5M5n4chQhcTjd127RHJ +KusuSVMmCiV2w6K+JKanJRKOYw4LSB+45K+20exR9GnnrAbBYPqutiHmK5q60At+sXhTceLt3c9B +ebFybFAU9vTTn4SvUu87TZ6gWyPJ2VSBQWDdsIV8h7PT+FdmYR16kIFI6eu4Z5FpoVbB9neNE9b8 +ir4WbS+neCkaCRUTkhOHXwHnfAno+cEcNRRFeBc30Hl357HPh0dscGRQvTGCAnIwggJuAgEBMIGw +MIGbMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdT +YWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDFBMD8GA1UEAxM4Q09NT0RPIFNIQS0y +NTYgQ2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1haWwgQ0ECEH2DC0JP+lE0X/Uh +fE1zDs8wDQYJYIZIAWUDBAIBBQCggZMwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG +9w0BCQUxDxcNMTYwMTI4MDY1NjA2WjAoBgkqhkiG9w0BCQ8xGzAZMAsGCWCGSAFlAwQBAjAKBggq +hkiG9w0DBzAvBgkqhkiG9w0BCQQxIgQg5B+hCFR0TPkdaOz8MuOFE5QtrAxin21sulqcc9b7/vYw +DQYJKoZIhvcNAQEBBQAEggEAhLxXYrVVGfUtFRpiz5ht4Ln+b9ZKtvLXbTDsvNNHTk1thXEJiD61 +ro71fjgy9pnVNfudKMY/JGvs4lHDOoo5KzCKHDOiF4mCuEfNe9RIN9qrXM4gMiWX9QneHaQXkyOC +yYMo2Fuf48V0ciiR4WDnWJCK+Kx046KltML7c8nh9y3JRXoI4XSr12gfbCGFBw1qooQfxizQM6rL +nHFntFKTgbW9gaVlpAkAeqvB+Qj6vMaWgBuZP/jE10BE8YOfTecmsMrOrLIDEiPJ3HbOqb7nBh8i +a0JypUUFs9Md4eGfIVKW3lADk/I3h7z7ADQYbmGcnCw4+GTUdvUWcYZNB+hVmgAAAAAAAA== +--=-=-=-- -- 2.26.2