Return-Path: <dan.bryant@jhuapl.edu>
X-Original-To: notmuch@notmuchmail.org
Delivered-To: notmuch@notmuchmail.org
Received: from localhost (localhost [127.0.0.1])
	by olra.theworths.org (Postfix) with ESMTP id 17C3D431FBF
	for <notmuch@notmuchmail.org>; Mon,  9 Jul 2012 11:33:26 -0700 (PDT)
X-Virus-Scanned: Debian amavisd-new at olra.theworths.org
X-Spam-Flag: NO
X-Spam-Score: -2.3
X-Spam-Level: 
X-Spam-Status: No, score=-2.3 tagged_above=-999 required=5
	tests=[RCVD_IN_DNSWL_MED=-2.3] autolearn=disabled
Received: from olra.theworths.org ([127.0.0.1])
	by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id mKsxC2Drg-xr for <notmuch@notmuchmail.org>;
	Mon,  9 Jul 2012 11:33:24 -0700 (PDT)
Received: from jhuapl.edu (piper.jhuapl.edu [128.244.251.37])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by olra.theworths.org (Postfix) with ESMTPS id E7CB1431FAE
	for <notmuch@notmuchmail.org>; Mon,  9 Jul 2012 11:33:23 -0700 (PDT)
Received: from ([128.244.198.90])
	by piper.jhuapl.edu with ESMTP with TLS id 5Y8HCH1.139907146;
	Mon, 09 Jul 2012 14:33:18 -0400
Received: from aplesrepublic.dom1.jhuapl.edu ([128.244.198.191]) by
	aplexcas1.dom1.jhuapl.edu ([128.244.198.90]) with mapi; Mon, 9 Jul 2012
	14:33:17 -0400
From: "Bryant, Daniel B." <Dan.Bryant@jhuapl.edu>
To: 'Jameson Graef Rollins' <jrollins@finestructure.net>, Notmuch Mail
	<notmuch@notmuchmail.org>
Date: Mon, 9 Jul 2012 14:33:17 -0400
Subject: RE: S/MIME support
Thread-Topic: S/MIME support
Thread-Index: Ac1WJpG3cF0T/3SwRbaWe/RvL0uQfAH1xQaQ
Message-ID:
 <24CAA033F4DBCD4DB53CBFB11AEF037C1044F0566F@aplesrepublic.dom1.jhuapl.edu>
References: <1340995101-9616-1-git-send-email-jrollins@finestructure.net>
In-Reply-To: <1340995101-9616-1-git-send-email-jrollins@finestructure.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-BeenThere: notmuch@notmuchmail.org
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: "Use and development of the notmuch mail system."
	<notmuch.notmuchmail.org>
List-Unsubscribe: <http://notmuchmail.org/mailman/options/notmuch>,
	<mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>
List-Archive: <http://notmuchmail.org/pipermail/notmuch>
List-Post: <mailto:notmuch@notmuchmail.org>
List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>
List-Subscribe: <http://notmuchmail.org/mailman/listinfo/notmuch>,
	<mailto:notmuch-request@notmuchmail.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Jul 2012 18:33:26 -0000

Jamie,

I was able to get signature verification working with your patchset (with a=
 caveat) but not decryption.

Signature Verification
----------------------

The caveat is that GMime is still borked with handling signatures with cont=
ent type application/x-pkcs7-signature (vs. application/pkcs7-signature, wh=
ich works fine). This is upstream GNOME bug #674032 that was supposed to ha=
ve been fixed in GMime 2.6.9, but that original fix is also broken.

One possible workaround is to twiddle the content-type of the signature par=
t (and the corresponding protocol in the multipart/signed part). I implemen=
ted this by looping over each message part in mime_node_open() and modifyin=
g as necessary using the following logic:


    GMimeContentType *content_type =3D g_mime_object_get_content_type (part=
);

    const char *subtype =3D g_mime_content_type_get_media_subtype (content_=
type);
    const char *protocol =3D g_mime_content_type_get_parameter (content_typ=
e, "protocol");

    if (!strcmp(subtype, "x-pkcs7-signature")) {
        g_mime_content_type_set_media_subtype (content_type, "pkcs7-signatu=
re");
    }

    if (protocol && !strcmp(protocol, "application/x-pkcs7-signature")) {
        g_mime_content_type_set_parameter (content_type, "protocol","applic=
ation/pkcs7-signature");
    }   =20


Decryption
----------

All of my S/MIME encrypted mail consists of single part messages with conte=
nt-type "application/x-pkcs7-mime". These conform to RFC3851, section 3.3/3=
.4. (sample messages are included in the RFC as well). This fails to be dec=
rypted by notmuch because the mime node traversal code assumes that every e=
ncrypted message is multipart/encrypted, which appears to only be true for =
PGP/MIME.


Dan



-----Original Message-----
From: notmuch-bounces@notmuchmail.org [mailto:notmuch-bounces@notmuchmail.o=
rg] On Behalf Of Jameson Graef Rollins
Sent: Friday, June 29, 2012 2:38 PM
To: Notmuch Mail
Subject: S/MIME support

Hey, folks.  This patch adds S/MIME support to notmuch-show.  It's
pretty simple, now that the crypto rework [0] is complete.

I was going to wait to submit this patch until we had a test suite
(ehem, dkg!), but seeing as there has been some other interest
expressed in seeing this feature I'm going to go ahead and send it to
the list in the hopes that it might spur development of the needed
tests.

jamie.

[0] id:"1338057946-29209-2-git-send-email-jrollins@finestructure.net"

_______________________________________________
notmuch mailing list
notmuch@notmuchmail.org
http://notmuchmail.org/mailman/listinfo/notmuch