bug#42637: [EXT] Re: bug#42637: 27.0.91; mm-view-pkcs7 doesn't handle S/MIME signed andd encrypted messages

[Lars Ingebrigtsen <larsi@gnus.org>]

OK, I've finally started poking around in this stuff again.

To recap: If you have a signed + encrypted message, you won't get the
buttons where you can click to ensure a signature.

The "outer" message (i.e., the email itself) is on this form:

Content-Type: application/pkcs7-mime; smime-type=enveloped-data;
	name="smime.p7m"
Content-Disposition: attachment; filename="smime.p7m"
Content-Transfer-Encoding: base64

This data is encrypted, and Gnus will ask you "Decrypt (S/MIME) part? "?

If "yes", you'll end up with a new, complete MIME message of this type:

Content-Type: application/pkcs7-mime;
	smime-type=signed-data;
	name=smime.p7m
Content-disposition: attachment;
	filename="smime.p7m"
Content-transfer-encoding: base64

The data here is not encrypted, but it is a binary blob containing the
mail text itself, and also the signature.  (Gnus will then ask you, again
"Decrypt (S/MIME) part? ", which is a bug, and which I've now fixed.)

To get the mail text itself, mm-view-pkcs7-verify is then called -- it
will do more than verify; it also extracts the mail from the binary
blob.

So at this point, Gnus has the mail text, and can display it.

However, there's no buttons, because to get the buttons, the mail has to
be a */signed part (which is a multipart kinda thing), and the mail has
already been verified.

So...  Hm...  I guess we could create some structure that would allow
re-checking the non-detached signature...

Well, that's as far as I've gotten.

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no