From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: notmuch <notmuch@notmuchmail.org>
Subject: PGP/MIME signature verification
Date: Sat, 27 Nov 2010 14:35:03 -0500 [thread overview]
Message-ID: <4CF15D67.1070904@fifthhorseman.net> (raw)
[-- Attachment #1: Type: text/plain, Size: 2073 bytes --]
hey folks--
the signature-verification branch on my git repo [0] contains functional
PGP/MIME signature verification if you supply the --verify argument to
notmuch show --format=json
It relies on gpg being in the path, and on the user having the signer's
key in their gnupg keyring.
The patchset depends on the MIME reorganization produced initially by
dme (and rebased against 0.5 in my mp3-on-0.5 branch).
the emacs frontend doesn't yet know how to deal with the resultant data,
so the signature verification doesn't reach the user yet.
The JSON this change produces is similar (but not identical) to my
earlier proposal on this list.
In particular, the parent MIME part (content-type: multipart/signed) is
what gets the sigstatus object, which is itself a list of signature
objects, like this:
"sigstatus": [
{
"created": 1290557507,
"fingerprint": "0EE5BE979282D80B9F7540F1CCD2ED94D21739E9",
"status": "good"
},
{
"keyid": "DEADBEEFDECAFBAD",
"status": "bad"
}
]
(this example shows a mime part signed by two keys, the signature from
one checking out properly, and the signature from the other failing --
most multipart/signed MIME parts will only be signed by one party)
I'd appreciate any feedback people have on the change, and any
suggestions on how to integrate its results into the emacs interface.
Also, i'm curious what i can do to make these changes more acceptable
for the mainline. should i rebase them against mainline master? or
demonstrate a functional merge? i'm new to how this community likes to
use git, so pointers to suggested approaches would be welcome.
I should also note that in the course of pursuing this, i found that
GMime's upstream author is very receptive to suggestions and feedback
about crypto. If anyone else in the notmuch community wants to make
suggestions about what we might need for future extensions in this
direction, he's probably a good resource to help us get there.
Regards,
--dkg
[0] git://lair.fifthhorseman.net/~dkg/notmuch
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 900 bytes --]
next reply other threads:[~2010-11-27 19:35 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-11-27 19:35 Daniel Kahn Gillmor [this message]
2010-11-27 21:24 ` PGP/MIME signature verification Jameson Rollins
2010-12-13 22:02 ` David Bremner
2010-12-13 22:11 ` Daniel Kahn Gillmor
2010-12-13 22:10 ` David Bremner
2010-12-13 22:14 ` Daniel Kahn Gillmor
2010-12-20 18:22 ` Jameson Rollins
2010-12-21 9:51 ` Sebastian Spaeth
2010-12-21 15:36 ` Daniel Kahn Gillmor
2010-12-22 14:38 ` Sebastian Spaeth
2010-12-22 19:11 ` Daniel Kahn Gillmor
2011-01-27 1:13 ` Jameson Rollins
2011-02-03 1:18 ` new "crypto" branch providing full PGP/MIME support Jameson Rollins
2011-02-03 16:25 ` micah anderson
2011-02-03 19:52 ` Daniel Kahn Gillmor
2011-02-03 20:34 ` Jameson Rollins
2011-02-03 21:03 ` always encrypting messages to self [was: Re: new "crypto" branch providing full PGP/MIME support] Daniel Kahn Gillmor
2011-02-04 13:04 ` Sebastian Spaeth
2011-02-04 17:30 ` Jameson Rollins
2011-02-04 16:59 ` new "crypto" branch providing full PGP/MIME support micah anderson
2011-02-04 17:30 ` Daniel Kahn Gillmor
2011-02-03 17:48 ` Daniel Kahn Gillmor
2011-02-03 20:42 ` Darren McGuicken
2011-02-03 21:02 ` Jameson Rollins
2011-02-04 12:09 ` Darren McGuicken
2011-02-04 17:32 ` Jameson Rollins
2011-02-05 14:50 ` Darren McGuicken
2011-02-04 21:07 ` Jameson Rollins
2011-04-25 22:35 ` Jameson Graef Rollins
2011-02-04 12:24 ` David Bremner
2011-02-04 17:24 ` Jameson Rollins
2011-02-04 17:12 ` David Bremner
2011-02-04 18:10 ` Jameson Rollins
2011-02-27 0:45 ` [Review] " David Bremner
2011-02-27 10:41 ` Darren McGuicken
2011-02-28 13:24 ` Sebastian Spaeth
2011-02-28 13:52 ` Ross Glover
2011-02-28 18:25 ` Jameson Rollins
2011-02-28 18:59 ` Daniel Kahn Gillmor
2011-02-28 19:56 ` Jameson Rollins
2011-02-28 20:08 ` Daniel Kahn Gillmor
2011-03-01 2:49 ` Jameson Rollins
2011-03-01 3:16 ` Rob Browning
2011-03-01 3:31 ` Jameson Rollins
2011-03-05 8:26 ` signed/encrypted tagging in crypto branch [was: Re: [Review] Re: new "crypto" branch providing full PGP/MIME support] Jameson Rollins
2011-03-06 19:15 ` signed/encrypted tagging in crypto branch Jameson Rollins
2011-04-14 7:48 ` Florian Friesdorf
2011-04-16 15:27 ` Pieter Praet
2011-03-01 19:32 ` [Review] Re: new "crypto" branch providing full PGP/MIME support Simon Fondrie-Teitler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://notmuchmail.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4CF15D67.1070904@fifthhorseman.net \
--to=dkg@fifthhorseman.net \
--cc=notmuch@notmuchmail.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://yhetil.org/notmuch.git/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).