Return-Path: X-Original-To: notmuch@notmuchmail.org Delivered-To: notmuch@notmuchmail.org Received: from localhost (localhost [127.0.0.1]) by olra.theworths.org (Postfix) with ESMTP id 58036431FB6 for ; Sat, 27 Nov 2010 11:35:13 -0800 (PST) X-Virus-Scanned: Debian amavisd-new at olra.theworths.org X-Spam-Flag: NO X-Spam-Score: 0.001 X-Spam-Level: X-Spam-Status: No, score=0.001 tagged_above=-999 required=5 tests=[UNPARSEABLE_RELAY=0.001] autolearn=disabled Received: from olra.theworths.org ([127.0.0.1]) by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZbYJOwGaBZYk for ; Sat, 27 Nov 2010 11:35:12 -0800 (PST) Received: from rodolpho.mayfirst.org (rodolpho.mayfirst.org [209.234.253.107]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by olra.theworths.org (Postfix) with ESMTPS id 9962F431FB5 for ; Sat, 27 Nov 2010 11:35:12 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by rodolpho.mayfirst.org (Postfix) with ESMTP id E14A63CD67 for ; Sat, 27 Nov 2010 14:35:09 -0500 (EST) X-Virus-Scanned: Debian amavisd-new at rodolpho.mayfirst.org Received: from rodolpho.mayfirst.org ([127.0.0.1]) by localhost (rodolpho.mayfirst.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GzAOTGS6JLw8 for ; Sat, 27 Nov 2010 14:35:09 -0500 (EST) Received: from [127.0.0.1] (localhost [127.0.0.1]) (Authenticated sender: smtpauth@rodolpho.mayfirst.org) with ESMTPSA id B25FB3CD61 Message-ID: <4CF15D67.1070904@fifthhorseman.net> Date: Sat, 27 Nov 2010 14:35:03 -0500 From: Daniel Kahn Gillmor User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.12) Gecko/20101110 Icedove/3.1.6 MIME-Version: 1.0 To: notmuch Subject: PGP/MIME signature verification X-Enigmail-Version: 1.1.2 OpenPGP: id=D21739E9 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="------------enig9659FA14D89BBA62DEF020C0" X-BeenThere: notmuch@notmuchmail.org X-Mailman-Version: 2.1.13 Precedence: list Reply-To: notmuch List-Id: "Use and development of the notmuch mail system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Nov 2010 19:35:13 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig9659FA14D89BBA62DEF020C0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable hey folks-- the signature-verification branch on my git repo [0] contains functional PGP/MIME signature verification if you supply the --verify argument to notmuch show --format=3Djson It relies on gpg being in the path, and on the user having the signer's key in their gnupg keyring. The patchset depends on the MIME reorganization produced initially by dme (and rebased against 0.5 in my mp3-on-0.5 branch). the emacs frontend doesn't yet know how to deal with the resultant data, so the signature verification doesn't reach the user yet. The JSON this change produces is similar (but not identical) to my earlier proposal on this list. In particular, the parent MIME part (content-type: multipart/signed) is what gets the sigstatus object, which is itself a list of signature objects, like this: "sigstatus": [ { "created": 1290557507, "fingerprint": "0EE5BE979282D80B9F7540F1CCD2ED94D21739E9", "status": "good" }, { "keyid": "DEADBEEFDECAFBAD", "status": "bad" } ] (this example shows a mime part signed by two keys, the signature from one checking out properly, and the signature from the other failing -- most multipart/signed MIME parts will only be signed by one party) I'd appreciate any feedback people have on the change, and any suggestions on how to integrate its results into the emacs interface. Also, i'm curious what i can do to make these changes more acceptable for the mainline. should i rebase them against mainline master? or demonstrate a functional merge? i'm new to how this community likes to use git, so pointers to suggested approaches would be welcome. I should also note that in the course of pursuing this, i found that GMime's upstream author is very receptive to suggestions and feedback about crypto. If anyone else in the notmuch community wants to make suggestions about what we might need for future extensions in this direction, he's probably a good resource to help us get there. Regards, --dkg [0] git://lair.fifthhorseman.net/~dkg/notmuch --------------enig9659FA14D89BBA62DEF020C0 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBCgAGBQJM8V1nAAoJEMzS7ZTSFznpRYoP/RWLtozm6Nh3HB1vA+Hk1tFl YtPdzbSu3masLY6QHViNckowp1l5SzAfIKBssbZUXH2J6Fj7492JVm49sb0LmPdp 33ZX8XojD/PGJH3kthpGTCyhYg6w6XqmDiviYiF+66w8eiZefl4lhvzahxoARvkz k7yp53u9l4vbJB+ac/++EbyfvwdfyxR8voyex5a6aRAA68OBRV6ut11pa7+eagzw fCEL1QzMEJKYfvsQ9OlHo6g9bbK6N5lTKWgjo9eKTMFRx6hE5YPBC8sZOdEYZDtv MyliQp1AWEnYQYiOu5BK3+w7la4nvOpBuuu9dHR9uSRLBxGMvFV+asuG/HNz0HmV Z4PMFVnj/8PVd52yZKwdsy0MtOJZHJNuB8x4WYdtbriebnnAa55MUCCkFOBeQdrz 7xo4jHwhHA+/kLYa44vZzsDQNllzGMbaARrrMP8cWQ/3YjVSi0Rs7+Nu9OLjn4X4 Q3pmDp08m569Ct3m6jsiB/O+IHHosunPjqYbZuRXFoANZg4qjxvEoev4GnMjRozg pBUxSWXCXCKa89iGj7uzhboDILpwgyVSBS8xfhn+Px56x/17mefC+XqAfwoJW7mI 4wBoOOtSTdDIexzAkWITQZoo5DzdBaWaq/LSBZnfZMDKpo+iaiFc6rwfB91QRL/u 82ReY28t/BqeHD0qAqTh =1wrH -----END PGP SIGNATURE----- --------------enig9659FA14D89BBA62DEF020C0--