GNU bug report logs - #42637
27.0.91; mm-view-pkcs7 doesn't handle S/MIME signed andd encrypted messages

Previous Next

Package: emacs;

Reported by: "Timothy J. Miller" <tmiller <at> mitre.org>

Date: Fri, 31 Jul 2020 16:20:02 UTC

Severity: normal

Tags: fixed

Found in version 27.0.91

Fixed in version 28.1

Done: Lars Ingebrigtsen <larsi <at> gnus.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Lars Ingebrigtsen <larsi <at> gnus.org>
To: Timothy J Miller <tmiller <at> mitre.org>
Cc: "42637 <at> debbugs.gnu.org" <42637 <at> debbugs.gnu.org>
Subject: bug#42637: [EXT] Re: bug#42637: 27.0.91; mm-view-pkcs7 doesn't handle S/MIME signed andd encrypted messages
Date: Mon, 07 Sep 2020 15:32:11 +0200

OK, I've finally started poking around in this stuff again.

To recap: If you have a signed + encrypted message, you won't get the
buttons where you can click to ensure a signature.

The "outer" message (i.e., the email itself) is on this form:

Content-Type: application/pkcs7-mime; smime-type=enveloped-data;
	name="smime.p7m"
Content-Disposition: attachment; filename="smime.p7m"
Content-Transfer-Encoding: base64

This data is encrypted, and Gnus will ask you "Decrypt (S/MIME) part? "?

If "yes", you'll end up with a new, complete MIME message of this type:

Content-Type: application/pkcs7-mime;
	smime-type=signed-data;
	name=smime.p7m
Content-disposition: attachment;
	filename="smime.p7m"
Content-transfer-encoding: base64

The data here is not encrypted, but it is a binary blob containing the
mail text itself, and also the signature.  (Gnus will then ask you, again
"Decrypt (S/MIME) part? ", which is a bug, and which I've now fixed.)

To get the mail text itself, mm-view-pkcs7-verify is then called -- it
will do more than verify; it also extracts the mail from the binary
blob.

So at this point, Gnus has the mail text, and can display it.

However, there's no buttons, because to get the buttons, the mail has to
be a */signed part (which is a multipart kinda thing), and the mail has
already been verified.

So...  Hm...  I guess we could create some structure that would allow
re-checking the non-detached signature...

Well, that's as far as I've gotten.

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no
This bug report was last modified 4 years and 316 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.