GNU bug report logs - #40397
28.0.50; epg decrypt does not verify signed content in smime encrypted and signed message

Previous Next

Full log

Message #8 received at 40397 <at> debbugs.gnu.org (full text, mbox):

From: Sebastian Fieber <sebastian.fieber <at> web.de>
To: 40397 <at> debbugs.gnu.org
Subject: bug#40397: 28.0.50; epg decrypt does not verify signed content in
 smime
Date: Fri, 03 Apr 2020 08:47:33 +0200

[Message part 1 (text/plain, inline)]

Hey there,

I just thought this may be hard to test as one has to have a smime
certificate to properly receive an encrypted mail.

If someone can point me to the right approach how to fix this I may be
able to dive a bit deeper into the gnus code and submit a bug report.

This is what I have tried now just to get something:

If I alter mm-view-pkcs7-decrypt after the insert epg-decrypt-string to
call something like this:

[Message part 2 (application/emacs-lisp, inline)]

[Message part 3 (text/plain, inline)]

and adjust mm-view-pkcs7-get-type to handle a third case

[Message part 4 (application/emacs-lisp, inline)]

[Message part 5 (text/plain, inline)]

and also mm-copy-to-buffer to check for carriage returns like this:

[Message part 6 (application/emacs-lisp, inline)]

[Message part 7 (text/plain, inline)]

(can't send the carriage return properly so \r it is here instead of ^M)

I am able to get an article buffer that still has the base64 encoded
signed blob in it but after it the verified content.

I have no idea where gnus normalizes the line endings to just newlines
and why the mm-view-pkcs7-get-type adjustment is needed. But calling
gnus-ime-display-part is of course not the right approach here. First
there should be some check if the decrypted content needs to be parsed
and handled again but I have no idea which function to write or feed the
decrypted content to.

I hope this may be helpful

Best regards
Sebastian

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.