From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Sebastian Fieber Newsgroups: gmane.emacs.bugs Subject: bug#40397: 28.0.50; epg decrypt does not verify signed content in smime encrypted and signed message Date: Thu, 23 Dec 2021 19:25:17 +0100 Message-ID: <87czln6uwi.fsf@web.de> References: <87imih5am2.fsf@web.de> <87r1x4dujl.fsf@web.de> <87lfna22eh.fsf@web.de> <874ktxtr6d.fsf@web.de> <87d08lh0qa.fsf@gmail.com> <87wo6tayhy.fsf@web.de> <85r1x0mv6q.fsf@gmail.com> <87h7xv9k3x.fsf@web.de> <873655oaa5.fsf@gnus.org> <87bljsajvb.fsf@web.de> <87sgd4e011.fsf@gnus.org> <87fsw7ptc1.fsf_-_@gnus.org> <87y29zo81c.fsf@web.de> <874kcnnx5a.fsf@gnus.org> <878rwd3fyf.fsf@web.de> <87lf0cerm5.fsf@gnus.org> <87o8576ved.fsf@web.de> <87h7az6v9j.fsf@web.de> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="39979"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.0.50 (gnu/linux) Cc: 40397@debbugs.gnu.org To: Lars Ingebrigtsen Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Thu Dec 23 19:26:16 2021 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1n0Sn9-000AF5-Nn for geb-bug-gnu-emacs@m.gmane-mx.org; Thu, 23 Dec 2021 19:26:15 +0100 Original-Received: from localhost ([::1]:47498 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1n0Sn8-0001Mz-8q for geb-bug-gnu-emacs@m.gmane-mx.org; Thu, 23 Dec 2021 13:26:14 -0500 Original-Received: from eggs.gnu.org ([209.51.188.92]:54828) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1n0Smx-0001Ig-3N for bug-gnu-emacs@gnu.org; Thu, 23 Dec 2021 13:26:03 -0500 Original-Received: from debbugs.gnu.org ([209.51.188.43]:51595) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1n0Smw-0004gE-PF for bug-gnu-emacs@gnu.org; Thu, 23 Dec 2021 13:26:02 -0500 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1n0Smw-0000bM-Be; Thu, 23 Dec 2021 13:26:02 -0500 X-Loop: help-debbugs@gnu.org Resent-From: Sebastian Fieber Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org, bugs@gnus.org Resent-Date: Thu, 23 Dec 2021 18:26:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 40397 X-GNU-PR-Package: emacs,gnus X-GNU-PR-Keywords: patch Original-Received: via spool by 40397-submit@debbugs.gnu.org id=B40397.16402839272271 (code B ref 40397); Thu, 23 Dec 2021 18:26:02 +0000 Original-Received: (at 40397) by debbugs.gnu.org; 23 Dec 2021 18:25:27 +0000 Original-Received: from localhost ([127.0.0.1]:34908 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1n0SmM-0000aZ-WF for submit@debbugs.gnu.org; Thu, 23 Dec 2021 13:25:27 -0500 Original-Received: from mout.web.de ([217.72.192.78]:36779) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1n0SmL-0000aL-1o for 40397@debbugs.gnu.org; Thu, 23 Dec 2021 13:25:26 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=web.de; s=dbaedf251592; t=1640283918; bh=ztJqHuBpoOgg+45emTs8aCB67M54z5Wl6T4q+8QyggA=; h=X-UI-Sender-Class:From:To:Cc:Subject:References:Date:In-Reply-To; b=Asn/8fikJrVa5ZeZWKBslKCmeL0F73vP0gdTZLqPyGmU0+TKAcbxuAJBnDK6j7rw3 r3lSfso/muXt0oC10blwCQlYN95X4hK2wBWhIsg/+R9/H9wzd4+W3++bgq5XQi6LSU WfCbeRFjPzbVN3TqeUIj4falaO8rdvTiRQaKZaCg= X-UI-Sender-Class: c548c8c5-30a9-4db5-a2e7-cb6cb037b8f9 Original-Received: from comedian ([94.31.101.135]) by smtp.web.de (mrweb105 [213.165.67.124]) with ESMTPSA (Nemesis) id 1MYcpt-1mwu2H1xhb-00VQ6t; Thu, 23 Dec 2021 19:25:18 +0100 In-Reply-To: <87h7az6v9j.fsf@web.de> (Sebastian Fieber's message of "Thu, 23 Dec 2021 19:17:28 +0100") X-Provags-ID: V03:K1:pLW4j8cRQmoDDIeOl4/TTQRATvPYhRWl1qPcczAoNjExJwk797S yAJwg4s5RPTjIPQyzBiyG+d7D2LVEsI6x+zwPCv+ovm8bZzcbbhrxgY0L3C6bcHdPeWDSzP GwKSulk4vbCGm2ASl758GfzfzlIx/nfcYIUyFTWhkTEJYqJ+OGLwUgs0F9ZqrUcatCHgdud avZUvxGmZHPCUYJnbJuOA== X-UI-Out-Filterresults: notjunk:1;V03:K0:6xDCjJnv12k=:I8sl3VWRA7eMVyDwoIuFRj E2xzOox75312YAknLGnYqAOY0uUF6KRzBJuaXnP734btbo4SDMlYF/3NoOB0qaW1ismnS1oR1 BH8q5hwpiocmRTa2Ukp7x7JK3Z23jxcf7mae0oGJhG2YQNEuDKu+g0lmbqYLxm3Byf6LuO4sq 5eJgj04OcT/DcT8t0tTsp7ksc5xdPUxI40JwY1fSKHQQthFraYyP5w8NlUXdfV0m4IW5cT0ls JmebUOOwX9Y7S1wjlc2/7zfxkiBB0xsRYsmgic8pBgCsBaoRIOfm8caoxk7KG2ZGLNCEwtMbk yeDH0v7tdngqEKCYUF1SAmNjzMRQ8KIN1tuyzNvgT+fGCa/C7o9/RSlVGZt5ITXp35G+V0K9n I0KDawlNgej5ypFgcZ4jSHSJzurq9wmpOT/PZnJT68cg2KiEjyFVT3yviWAB73gO217QBT54Y eCm1eDjWsl4vgpsDz+LZhjk/nncCm9Unz7eaegyX+PMEkWKL2MCeGn/1j0+Gw7dUcPLj90fIL fUuKLy9rNVkH+tvsNByFHlA5U59FS1WJ/U1kfIllwQ8bh/Go6Ke7UxLuTCNyqRDWQ26SpKmzq 2LwdyUXWwl2GSMwhCUlInqYZv4hivj/VzSheDBQQOfdlJSwDobta2PEDRc367pwniQk9Bwrns GN2UQ8nQlGIRYdOh9hm4j6sQL2KpXxlQj1qmlVYj1ALO0mDHnEArH7s0fxSgHjU/BU1ZdChY2 uT6MQ4WdxCAIugYHLQGCFzpfsAhfq4DkBW5Fypth+fKWm+2vytjqVPWkNHbvF8ONlfWjKYXG X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.io gmane.emacs.bugs:222997 Archived-At: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - --=-=-= Content-Type: text/plain On Do, Dez 23 2021, Sebastian Fieber wrote: > On Do, Dez 23 2021, Sebastian Fieber wrote: > >> This one should apply :) > > Wait, this was the wrong one. I'll send the right one during the day! And here is the right one. - --=-=-= Content-Type: text/x-patch Content-Disposition: attachment; filename=0001-PATCH-fix-bug-40397.patch Content-Transfer-Encoding: quoted-printable From=2084ebb0331a0e16b1b767483c9d0bd1c140d73f09 Mon Sep 17 00:00:00 2001 From: Sebastian Fieber Date: Thu, 23 Dec 2021 15:38:09 +0100 Subject: [PATCH] [PATCH] fix bug #40397 This fixes S/MIME encrypted AND signed mails where in the encrypted pkcs7 envelope is a signed pkcs7 structure. Also this patch enables proper security-buttons for pkcs7-mime encrypted and/or signed mails. Changes: =2D structure the result of mm-dissect-buffer of application/pkcs7-mime like a multipart mail so there is no loosing of information of verification and decryption results which can now be displayed by gnus-mime-display-security =2D adjust gnus-mime-display-part to handle application/pkcs7-mime like multipart/encrypted or multipart/signed =2D add dummy entries to mm-verify-function-alist and mm-decrypt-function-alist so gnus-mime-display-security correctly displays "S/MIME" and not "unknown protocol" =2D don't just check for multipart/signed in gnus-insert-mime-security-button but also for the pkcs7-mime mimetypes to print "Encrypted" or "Signed" accordingly in the security button =2D adjust mm-possibly-verify-or-decrypt to check for smime-type to ask wether to verify or decrypt the part and not to always ask to decrypt =2D adjust mm-view-pkcs7-decrypt and verify to call mm-sec-status so success information can be displayed by gnus-mime-display-security =2D adjust gnus-mime-security-verify-or-decrypt to handle pkcs7-mime right with the done changes =2D-- lisp/gnus/gnus-art.el | 78 ++++++++++++++++++++----- lisp/gnus/mm-decode.el | 128 +++++++++++++++++++++++++---------------- lisp/gnus/mm-view.el | 13 +++-- 3 files changed, 149 insertions(+), 70 deletions(-) diff --git a/lisp/gnus/gnus-art.el b/lisp/gnus/gnus-art.el index b7701f10a5..a83f4b7d59 100644 =2D-- a/lisp/gnus/gnus-art.el +++ b/lisp/gnus/gnus-art.el @@ -6084,6 +6084,34 @@ gnus-mime-display-part ((equal (car handle) "multipart/encrypted") (gnus-add-wash-type 'encrypted) (gnus-mime-display-security handle)) + ;; pkcs7-mime handling: + ;; + ;; although not really multipart these are structured internally by + ;; mm-dissect-buffer like multipart to not discard the decryption + ;; and verification results + ;; + ;; application/pkcs7-mime + ((and (equal (car handle) "application/pkcs7-mime") + (equal (mm-handle-multipart-ctl-parameter handle 'protocol) + "application/pkcs7-mime_signed-data")) + (gnus-add-wash-type 'signed) + (gnus-mime-display-security handle)) + ((and (equal (car handle) "application/pkcs7-mime") + (equal (mm-handle-multipart-ctl-parameter handle 'protocol) + "application/pkcs7-mime_enveloped-data")) + (gnus-add-wash-type 'encrypted) + (gnus-mime-display-security handle)) + ;; application/x-pkcs7-mime + ((and (equal (car handle) "application/x-pkcs7-mime") + (equal (mm-handle-multipart-ctl-parameter handle 'protocol) + "application/x-pkcs7-mime_signed-data")) + (gnus-add-wash-type 'signed) + (gnus-mime-display-security handle)) + ((and (equal (car handle) "application/x-pkcs7-mime") + (equal (mm-handle-multipart-ctl-parameter handle 'protocol) + "application/x-pkcs7-mime_enveloped-data")) + (gnus-add-wash-type 'encrypted) + (gnus-mime-display-security handle)) ;; Other multiparts are handled like multipart/mixed. (t (gnus-mime-display-mixed (cdr handle))))) @@ -8833,11 +8861,18 @@ gnus-mime-security-verify-or-decrypt (setq point (point)) (with-current-buffer (mm-handle-multipart-original-buffer handle) (let* ((mm-verify-option 'known) =2D (mm-decrypt-option 'known) =2D (nparts (mm-possibly-verify-or-decrypt (cdr handle) handle))) =2D (unless (eq nparts (cdr handle)) =2D (mm-destroy-parts (cdr handle)) =2D (setcdr handle nparts)))) + (mm-decrypt-option 'known) + (pkcs7-mime-p (or (equal (car handle) "application/pkcs7-mime= ") + (equal (car handle) "application/x-pkcs7-mi= me"))) + (nparts (if pkcs7-mime-p + (list (mm-possibly-verify-or-decrypt (cadr handle= ) (cadadr handle))) + (mm-possibly-verify-or-decrypt (cdr handle) handle)= ))) + (unless (eq nparts (cdr handle)) + ;; if pkcs7-mime don't destroy the parts as the buffer in + ;; the cdr still needs to be accessible + (when (not pkcs7-mime-p) + (mm-destroy-parts (cdr handle))) + (setcdr handle nparts)))) (gnus-mime-display-security handle) (when region (delete-region (point) (cdr region)) @@ -8891,14 +8926,31 @@ gnus-insert-mime-security-button (let* ((protocol (mm-handle-multipart-ctl-parameter handle 'protocol)) (gnus-tmp-type (concat =2D (or (nth 2 (assoc protocol mm-verify-function-alist)) =2D (nth 2 (assoc protocol mm-decrypt-function-alist)) =2D "Unknown") =2D (if (equal (car handle) "multipart/signed") =2D " Signed" " Encrypted") =2D " Part")) =2D (gnus-tmp-info =2D (or (mm-handle-multipart-ctl-parameter handle 'gnus-info) + (or (nth 2 (assoc protocol mm-verify-function-alist)) + (nth 2 (assoc protocol mm-decrypt-function-alist)) + "Unknown") + (cond ((equal (car handle) "multipart/signed") " Signed") + ((equal (car handle) "multipart/encrypted") " Encrypted") + ((and (equal (car handle) "application/pkcs7-mime") + (equal (mm-handle-multipart-ctl-parameter handle 'p= rotocol) + "application/pkcs7-mime_signed-data")) + " Signed") + ((and (equal (car handle) "application/pkcs7-mime") + (equal (mm-handle-multipart-ctl-parameter handle 'p= rotocol) + "application/pkcs7-mime_enveloped-data")) + " Encrypted") + ;; application/x-pkcs7-mime + ((and (equal (car handle) "application/x-pkcs7-mime") + (equal (mm-handle-multipart-ctl-parameter handle 'p= rotocol) + "application/x-pkcs7-mime_signed-data")) + " Signed") + ((and (equal (car handle) "application/x-pkcs7-mime") + (equal (mm-handle-multipart-ctl-parameter handle 'p= rotocol) + "application/x-pkcs7-mime_enveloped-data")) + " Encrypted")) + " Part")) + (gnus-tmp-info + (or (mm-handle-multipart-ctl-parameter handle 'gnus-info) "Undecided")) (gnus-tmp-details (mm-handle-multipart-ctl-parameter handle 'gnus-details)) diff --git a/lisp/gnus/mm-decode.el b/lisp/gnus/mm-decode.el index d781407cdc..8d63c8552f 100644 =2D-- a/lisp/gnus/mm-decode.el +++ b/lisp/gnus/mm-decode.el @@ -474,6 +474,7 @@ mm-dissect-default-type (autoload 'mml2015-verify-test "mml2015") (autoload 'mml-smime-verify "mml-smime") (autoload 'mml-smime-verify-test "mml-smime") +(autoload 'mm-view-pkcs7-verify "mm-view") =20 (defvar mm-verify-function-alist '(("application/pgp-signature" mml2015-verify "PGP" mml2015-verify-test) @@ -482,7 +483,15 @@ mm-verify-function-alist ("application/pkcs7-signature" mml-smime-verify "S/MIME" mml-smime-verify-test) ("application/x-pkcs7-signature" mml-smime-verify "S/MIME" =2D mml-smime-verify-test))) + mml-smime-verify-test) + ("application/x-pkcs7-signature" mml-smime-verify "S/MIME" + mml-smime-verify-test) + ;; these are only used for security-buttons and contain the + ;; smime-type after the underscore + ("application/pkcs7-mime_signed-data" mm-view-pkcs7-verify "S/MIME" + nil) + ("application/x-pkcs7-mime_signed-data" mml-view-pkcs7-verify "S/MIME" + nil))) =20 (defcustom mm-verify-option 'never "Option of verifying signed parts. @@ -501,11 +510,16 @@ mm-verify-option =20 (autoload 'mml2015-decrypt "mml2015") (autoload 'mml2015-decrypt-test "mml2015") +(autoload 'mm-view-pkcs7-decrypt "mm-view") =20 (defvar mm-decrypt-function-alist '(("application/pgp-encrypted" mml2015-decrypt "PGP" mml2015-decrypt-tes= t) ("application/x-gnus-pgp-encrypted" mm-uu-pgp-encrypted-extract-1 "PGP" =2D mm-uu-pgp-encrypted-test))) + mm-uu-pgp-encrypted-test) + ;; these are only used for security-buttons and contain the + ;; smime-type after the underscore + ("application/pkcs7-mime_enveloped-data" mm-view-pkcs7-decrypt "S/MIME= " nil) + ("application/x-pkcs7-mime_enveloped-data" mm-view-pkcs7-decrypt "S/MI= ME" nil))) =20 (defcustom mm-decrypt-option nil "Option of decrypting encrypted parts. @@ -682,18 +696,33 @@ mm-dissect-buffer 'start start) (car ctl)) (cons (car ctl) (mm-dissect-multipart ctl from)))) =2D (t =2D (mm-possibly-verify-or-decrypt =2D (mm-dissect-singlepart =2D ctl =2D (and cte (intern (downcase (mail-header-strip-cte cte)))) =2D no-strict-mime =2D (and cd (mail-header-parse-content-disposition cd)) =2D description id) =2D ctl from)))) =2D (when id =2D (when (string-match " *<\\(.*\\)> *" id) =2D (setq id (match-string 1 id))) + (t + (let* ((handle + (mm-dissect-singlepart + ctl + (and cte (intern (downcase (mail-header-strip-cte cte)= ))) + no-strict-mime + (and cd (mail-header-parse-content-disposition cd)) + description id)) + (intermediate-result (mm-possibly-verify-or-decrypt hand= le ctl from))) + (when (and (equal type "application") + (or (equal subtype "pkcs7-mime") + (equal subtype "x-pkcs7-mime"))) + (add-text-properties 0 + (length (car ctl)) + (list 'protocol + (concat (substring-no-properties= (car ctl)) + "_" + (cdr (assoc 'smime-type = ctl)))) + (car ctl)) + ;; if this is a pkcs7-mime lets treat this special and + ;; more like multipart so the pkcs7-mime part does not + ;; get ignored + (setq intermediate-result (cons (car ctl) (list intermediat= e-result)))) + intermediate-result)))) + (when id + (when (string-match " *<\\(.*\\)> *" id) + (setq id (match-string 1 id))) (push (cons id result) mm-content-id-alist)) result)))) =20 @@ -1677,43 +1706,40 @@ mm-possibly-verify-or-decrypt (cond ((or (equal type "application/x-pkcs7-mime") (equal type "application/pkcs7-mime")) =2D (with-temp-buffer =2D (when (and (cond =2D ((equal smime-type "signed-data") t) =2D ((eq mm-decrypt-option 'never) nil) =2D ((eq mm-decrypt-option 'always) t) =2D ((eq mm-decrypt-option 'known) t) =2D (t (y-or-n-p "Decrypt (S/MIME) part? "))) =2D (mm-view-pkcs7 parts from)) =2D (goto-char (point-min)) =2D ;; The encrypted document is a MIME part, and may use either =2D ;; CRLF (Outlook and the like) or newlines for end-of-line =2D ;; markers. Translate from CRLF. =2D (while (search-forward "\r\n" nil t) =2D (replace-match "\n")) =2D ;; Normally there will be a Content-type header here, but =2D ;; some mailers don't add that to the encrypted part, which =2D ;; makes the subsequent re-dissection fail here. =2D (save-restriction =2D (mail-narrow-to-head) =2D (unless (mail-fetch-field "content-type") =2D (goto-char (point-max)) =2D (insert "Content-type: text/plain\n\n"))) =2D (setq parts =2D (if (equal smime-type "signed-data") =2D (list (propertize =2D "multipart/signed" =2D 'protocol "application/pkcs7-signature" =2D 'gnus-info =2D (format =2D "%s:%s" =2D (get-text-property 0 'gnus-info =2D (car mm-security-handle)) =2D (get-text-property 0 'gnus-details =2D (car mm-security-handle)))) =2D (mm-dissect-buffer t) =2D parts) =2D (mm-dissect-buffer t)))))) + (add-text-properties 0 (length (car ctl)) + (list 'buffer (car parts)) + (car ctl)) + (let* ((envelope-p (string=3D smime-type "enveloped-data")) + (decrypt-or-verify-option (if envelope-p + mm-decrypt-option + mm-verify-option)) + (question (if envelope-p + "Decrypt (S/MIME) part? " + "Verify signed (S/MIME) part? "))) + (with-temp-buffer + (when (and (cond + ((equal smime-type "signed-data") t) + ((eq decrypt-or-verify-option 'never) nil) + ((eq decrypt-or-verify-option 'always) t) + ((eq decrypt-or-verify-option 'known) t) + (t (y-or-n-p (format question)))) + (mm-view-pkcs7 parts from)) + + (goto-char (point-min)) + ;; The encrypted document is a MIME part, and may use either + ;; CRLF (Outlook and the like) or newlines for end-of-line + ;; markers. Translate from CRLF. + (while (search-forward "\r\n" nil t) + (replace-match "\n")) + ;; Normally there will be a Content-type header here, but + ;; some mailers don't add that to the encrypted part, which + ;; makes the subsequent re-dissection fail here. + (save-restriction + (mail-narrow-to-head) + (unless (mail-fetch-field "content-type") + (goto-char (point-max)) + (insert "Content-type: text/plain\n\n"))) + (setq parts (mm-dissect-buffer t)))))) ((equal subtype "signed") (unless (and (setq protocol (mm-handle-multipart-ctl-parameter ctl 'protocol)) diff --git a/lisp/gnus/mm-view.el b/lisp/gnus/mm-view.el index d2a6d2cf5d..319bc745ff 100644 =2D-- a/lisp/gnus/mm-view.el +++ b/lisp/gnus/mm-view.el @@ -634,12 +634,9 @@ mm-view-pkcs7-verify (context (epg-make-context 'CMS))) (prog1 (epg-verify-string context part) =2D (let ((result (car (epg-context-result-for context 'verify)))) + (let ((result (epg-context-result-for context 'verify))) (mm-sec-status =2D 'gnus-info (epg-signature-status result) =2D 'gnus-details =2D (format "%s:%s" (epg-signature-validity result) =2D (epg-signature-key-id result)))))))) + 'gnus-info (epg-verify-result-to-string result))))))) (with-temp-buffer (insert "MIME-Version: 1.0\n") (mm-insert-headers "application/pkcs7-mime" "base64" "smime.p7m") @@ -659,7 +656,11 @@ mm-view-pkcs7-decrypt ;; Use EPG/gpgsm (let ((part (base64-decode-string (buffer-string)))) (erase-buffer) =2D (insert (epg-decrypt-string (epg-make-context 'CMS) part))) + (insert + (let ((context (epg-make-context 'CMS))) + (prog1 + (epg-decrypt-string context part) + (mm-sec-status 'gnus-info "OK"))))) ;; Use openssl (insert "MIME-Version: 1.0\n") (mm-insert-headers "application/pkcs7-mime" "base64" "smime.p7m") =2D-=20 2.20.1 - --=-=-=-- -----BEGIN PGP SIGNATURE----- iQFMBAEBCAA2FiEExRi5b+8xM5Vpvu7L3jJw+EOyhogFAmHEvw0YHHNlYmFzdGlh bi5maWViZXJAd2ViLmRlAAoJEN4ycPhDsoaI06wIAK8rjUKQBCWdwEdAlFzrIOym mwjjFmSlrKefWJskVdcAO/Ve5EL905kR58LrlIUnZL0jzdqmN6NbLuDWJysDKRua OX+oMIPEWzfH0NKiiefMHBPSnEJb75xhICZQcye4F7YsSN9gp0SzZqolCkG6RG2g y8N7AALsconk17JH+FpJyZ+J5lg3CQbz6kSAcnW1gKM79OkGkDXi5K1IusZ7b7MR fQfOD1EKGNiFo4mQsix6NLrdpvRM2MyO0J2YRaemyiEJOmaViP2JAIYOwdd6P9kA HdQ41YmGXqWTvvDv6l7AYIjIZftlXKOg1xoeJzb3ARRFChbok72SgEDu4ffD0C8= =q7aE -----END PGP SIGNATURE-----