From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail
From: Lars Ingebrigtsen <larsi@gnus.org>
Newsgroups: gmane.emacs.bugs
Subject: bug#42637: [EXT] Re: bug#42637: 27.0.91;
 mm-view-pkcs7 doesn't handle S/MIME signed andd encrypted messages
Date: Mon, 07 Sep 2020 15:32:11 +0200
Message-ID: <87ft7t90h0.fsf@gnus.org>
References: <m2lfiz2283.fsf@mitre.org>
 <10756_1596344892_5F264A38_10756_6707_1_87y2mxy6s0.fsf@gnus.org>
 <m27duf6ezu.fsf@mitre.org> <87o8nqsslm.fsf@gnus.org>
 <31F5C86A-4316-454A-AAA7-3202C120A997@MITRE.ORG>
 <873652mna4.fsf@gnus.org>
 <3649B346-6778-4B76-8940-B066BF24230A@MITRE.ORG>
 <87y2mul7cb.fsf@gnus.org>
 <6C99315C-D2C2-4F7E-839E-56FF8F3A21CD@MITRE.ORG>
 <87zh79eash.fsf@gnus.org> <m2bljpz3cg.fsf@mitre.org>
 <87d043dihk.fsf@gnus.org>
 <73F9A1AE-5A62-402B-A28D-FFCC2488B89E@MITRE.ORG>
 <87o8nnc1fz.fsf@gnus.org> <87k0ybc0a2.fsf@gnus.org>
Mime-Version: 1.0
Content-Type: text/plain
Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214";
	logging-data="7710"; mail-complaints-to="usenet@ciao.gmane.io"
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.0.50 (gnu/linux)
Cc: "42637@debbugs.gnu.org" <42637@debbugs.gnu.org>
To: Timothy J Miller <tmiller@mitre.org>
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Mon Sep 07 15:33:10 2020
Return-path: <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>
Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>)
	id 1kFHGg-0001vG-4G
	for geb-bug-gnu-emacs@m.gmane-mx.org; Mon, 07 Sep 2020 15:33:10 +0200
Original-Received: from localhost ([::1]:56944 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>)
	id 1kFHGf-0000MW-6m
	for geb-bug-gnu-emacs@m.gmane-mx.org; Mon, 07 Sep 2020 09:33:09 -0400
Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:35968)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1kFHGY-0000LK-7f
 for bug-gnu-emacs@gnu.org; Mon, 07 Sep 2020 09:33:02 -0400
Original-Received: from debbugs.gnu.org ([209.51.188.43]:36872)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1kFHGX-0000cG-Tq
 for bug-gnu-emacs@gnu.org; Mon, 07 Sep 2020 09:33:01 -0400
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1kFHGX-0008SZ-Qp
 for bug-gnu-emacs@gnu.org; Mon, 07 Sep 2020 09:33:01 -0400
X-Loop: help-debbugs@gnu.org
Resent-From: Lars Ingebrigtsen <larsi@gnus.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@gnu.org
Resent-Date: Mon, 07 Sep 2020 13:33:01 +0000
Resent-Message-ID: <handler.42637.B42637.159948554432473@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 42637
X-GNU-PR-Package: emacs
Original-Received: via spool by 42637-submit@debbugs.gnu.org id=B42637.159948554432473
 (code B ref 42637); Mon, 07 Sep 2020 13:33:01 +0000
Original-Received: (at 42637) by debbugs.gnu.org; 7 Sep 2020 13:32:24 +0000
Original-Received: from localhost ([127.0.0.1]:48418 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1kFHFv-0008Rg-Jy
 for submit@debbugs.gnu.org; Mon, 07 Sep 2020 09:32:24 -0400
Original-Received: from quimby.gnus.org ([95.216.78.240]:56808)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <larsi@gnus.org>) id 1kFHFu-0008RT-6X
 for 42637@debbugs.gnu.org; Mon, 07 Sep 2020 09:32:22 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnus.org;
 s=20200322; h=Content-Type:MIME-Version:Message-ID:In-Reply-To:Date:
 References:Subject:Cc:To:From:Sender:Reply-To:Content-Transfer-Encoding:
 Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
 Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:
 List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=4IRySINU7f8BJie/9SIi7sO2s7Sd1Shgxj1jHkD877E=; b=bS7PZ+GWnRK/RTPZFI0rgnuG3D
 ba4TnUA+khxPvF3LJ2pYVKRFOVH/2LUkoZu8WYQBr3wcv2oyxV0k20I0i1JyhnlYc2A+Y+Pxpeu/A
 KKtJ5eVNA2J1v4+SJKes2EiPFHBEOVVppPFXZ970K/RVj2iyae60JMSVCTnoS3FkEx+4=;
Original-Received: from cm-84.212.202.86.getinternet.no ([84.212.202.86] helo=xo)
 by quimby with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.92) (envelope-from <larsi@gnus.org>)
 id 1kFHFk-0007zV-IT; Mon, 07 Sep 2020 15:32:15 +0200
X-Now-Playing: The Soft Machine's _The Soft Machine_: "Hope For Happiness"
In-Reply-To: <87k0ybc0a2.fsf@gnus.org> (Lars Ingebrigtsen's message of "Thu,
 06 Aug 2020 16:32:53 +0200")
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: bug-gnu-emacs@gnu.org
List-Id: "Bug reports for GNU Emacs,
 the Swiss army knife of text editors" <bug-gnu-emacs.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnu-emacs>,
 <mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/bug-gnu-emacs>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
 <mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org
Original-Sender: "bug-gnu-emacs"
 <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>
Xref: news.gmane.io gmane.emacs.bugs:187431
Archived-At: <http://permalink.gmane.org/gmane.emacs.bugs/187431>

OK, I've finally started poking around in this stuff again.

To recap: If you have a signed + encrypted message, you won't get the
buttons where you can click to ensure a signature.

The "outer" message (i.e., the email itself) is on this form:

Content-Type: application/pkcs7-mime; smime-type=enveloped-data;
	name="smime.p7m"
Content-Disposition: attachment; filename="smime.p7m"
Content-Transfer-Encoding: base64

This data is encrypted, and Gnus will ask you "Decrypt (S/MIME) part? "?

If "yes", you'll end up with a new, complete MIME message of this type:

Content-Type: application/pkcs7-mime;
	smime-type=signed-data;
	name=smime.p7m
Content-disposition: attachment;
	filename="smime.p7m"
Content-transfer-encoding: base64

The data here is not encrypted, but it is a binary blob containing the
mail text itself, and also the signature.  (Gnus will then ask you, again
"Decrypt (S/MIME) part? ", which is a bug, and which I've now fixed.)

To get the mail text itself, mm-view-pkcs7-verify is then called -- it
will do more than verify; it also extracts the mail from the binary
blob.

So at this point, Gnus has the mail text, and can display it.

However, there's no buttons, because to get the buttons, the mail has to
be a */signed part (which is a multipart kinda thing), and the mail has
already been verified.

So...  Hm...  I guess we could create some structure that would allow
re-checking the non-detached signature...

Well, that's as far as I've gotten.

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no