From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Illia Ostapyshyn Newsgroups: gmane.emacs.bugs Subject: bug#67931: [PATCH] Use S/MIME key from content for mail signing via OpenSSL Date: Wed, 08 May 2024 14:28:37 +0200 Message-ID: References: <8734vx6mk7.fsf@yshyn.com> <86y18lajgd.fsf@gnu.org> <87wmo5rq93.fsf@ericabrahamsen.net> Mime-Version: 1.0 Content-Type: text/plain Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="34425"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: Gnus/5.13 (Gnus v5.13) Cc: Eli Zaretskii , 67931@debbugs.gnu.org, Illia Ostapyshyn , larsi@gnus.org, stefankangas@gmail.com To: Eric Abrahamsen Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Wed May 08 14:29:51 2024 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1s4gQh-0008tg-KV for geb-bug-gnu-emacs@m.gmane-mx.org; Wed, 08 May 2024 14:29:51 +0200 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1s4gQU-0005Dl-FP; Wed, 08 May 2024 08:29:38 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1s4gQT-0005DD-9a for bug-gnu-emacs@gnu.org; Wed, 08 May 2024 08:29:37 -0400 Original-Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1s4gQS-0002zX-WD for bug-gnu-emacs@gnu.org; Wed, 08 May 2024 08:29:37 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1s4gQs-0002xG-2e for bug-gnu-emacs@gnu.org; Wed, 08 May 2024 08:30:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Illia Ostapyshyn Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Wed, 08 May 2024 12:30:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 67931 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: patch Original-Received: via spool by 67931-submit@debbugs.gnu.org id=B67931.171517138911330 (code B ref 67931); Wed, 08 May 2024 12:30:01 +0000 Original-Received: (at 67931) by debbugs.gnu.org; 8 May 2024 12:29:49 +0000 Original-Received: from localhost ([127.0.0.1]:48639 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1s4gQf-0002wg-GN for submit@debbugs.gnu.org; Wed, 08 May 2024 08:29:49 -0400 Original-Received: from phoenix.uberspace.de ([95.143.172.135]:52734) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1s4gQa-0002wa-W2 for 67931@debbugs.gnu.org; Wed, 08 May 2024 08:29:48 -0400 Original-Received: (qmail 10272 invoked by uid 988); 8 May 2024 12:29:18 -0000 Authentication-Results: phoenix.uberspace.de; auth=pass (plain) Original-Received: from unknown (HELO unkown) (::1) by phoenix.uberspace.de (Haraka/3.0.1) with ESMTPSA; Wed, 08 May 2024 14:29:17 +0200 In-Reply-To: <87wmo5rq93.fsf@ericabrahamsen.net> (Eric Abrahamsen's message of "Tue, 07 May 2024 19:28:40 -0700") X-Rspamd-Bar: / X-Rspamd-Report: BAYES_HAM(-0.462601) MIME_GOOD(-0.1) X-Rspamd-Score: -0.562601 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=yshyn.com; s=uberspace; h=from:to:cc:subject:date; bh=wuJD4h+ZO4R39/MhzfeMqMnUhjBDZa+FMVxgfgvgTv4=; b=W9brB6C87g9iLZTdolzf83fofXAm/eW+cKvqts/sV4OM5fc3A3TeY/u1VTyZcCQ752NaHw1KYr yeuoU10+KUsJT3GW+zubyg0Tll4Po6si5hHlecA07+GcQ9MmE6DwAVOLT6lzRtg7cBrKTOrVTNK2 XtwnQehsHWSAaFLqcqpTAMMNMPXbU/kUqiCvkCpdqsNJN8vgH0TJb9bew9xE2KTrLIIONG7dg1Nd lRI9/2VMY254ecgk6hrf0JGrZK7NHQibQUTwCmvswISjf4sobZmdzzWXRottrrI/g6sy/OzMRP4t t+WqDekHhuiVwrDTg+DydtRQS5X1hCkMGEtTrWcA== X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.bugs:284672 Archived-At: Eric Abrahamsen writes: > The patch seems to work as intended -- I won't claim to know enough > about SMIME to know if it does the right thing or not. Can you briefly > explain what the additional certificates actually do, and why they're > useful in signing but not in encryption? End-user SMIME certificates are signed by the (intermediate) CAs that issued them. The issuer's certificate can be in turn signed by another CA up the hierarchy, resulting in a chain that ends with the implicitly trusted root authority. When signing a message, you can include the intermediate CA certificates, allowing the recipient to verify the whole chain. With openssl, this is done via the -certfile argument [1]: -certfile file Allows additional certificates to be specified. When signing these will be included with the message. When verifying these will be searched for the signers certificates. ... Encryption is orthogonal to this: it only uses the public keys of your recipients from their certificates, the chain is irrelevant. The MML tag parameter names are a bit unfortunate here: the new `chainfile' parameter translates to "-cerfile" arguments and the existing `certfile' parameters translate to positional "recipcert" arguments of openssl [1]. [1] https://www.openssl.org/docs/manmaster/man1/openssl-smime.html