S/MIME support in notmuch

S/MIME support in notmuch

[Dan Bryant]

I'd like to report some success on getting S/MIME signature verification
working using notmuch and the recently-released GMime 2.6. I specifically
tested with notmuch-0.10.2 and gmime-2.6.1.

The following changes were required:

1) notmuch: Apply patch from Redhat packaging to handle API changes from
    gmime-2.4 to gmime-2.6 (see "compile error of current git on F15"
    thread from 25 November on the list)

2) notmuch: Create a S/MIME context instead of the GPG context in 
    notmuch-show.c. g_mime_gpg_context_new() becomes
    g_mime_pkcs7_context_new(), and similarly for 
    g_mime_gpg_context_set_always_trust().

3) gmime:   The pkcs7 context only works with signatures of
    "application/pkcs7-signature". Per RFC2311 section C, both
    "application/pkcs7-signature" and "application/x-pkcs7-signature"
    should be treated identically. I temporarily disabled this check in
    gmime/gmime-multipart-signed.c and then gmime accepted the
    signatures. 

Next, I was always seeing signature verification errors with completely
unhelpful error messages. These turned out to be because the 'gpg-agent'
program was not running. Once I started the agent, I got prompts 
on trusting root certs and was then able to see known-valid certificates
verified in the emacs UI.

NB: I started gpg-agent with the --allow-mark-trusted option so that it
would graphically prompt me for which root certificates to trust. See
http://lists.gnupg.org/pipermail/gnupg-users/2004-September/023247.html
for more detail on some of the general setup choices for the GPG
S/MIME stack. The most useful command for debugging the underlying
S/MIME configuration was "gpgsm --list-chain --with-validation". 

I don't have submittable patches for #2/#3 yet, but I wanted to share
what I found about the scope of what actually needs to be done, which is
fairly small. (The biggest blocker is probably that Debian & other
distros haven't packaged gmime-2.6.)


Dan

Re: S/MIME support in notmuch

[Darren McGuicken]

[-- Attachment #1: Type: text/plain, Size: 768 bytes --]

On Wed, 07 Dec 2011 21:58:03 -0500, Dan Bryant <dan.bryant@jhuapl.edu> wrote:
> I'd like to report some success on getting S/MIME signature
> verification working using notmuch and the recently-released GMime
> 2.6. I specifically tested with notmuch-0.10.2 and gmime-2.6.1.

[...]

> I don't have submittable patches for #2/#3 yet, but I wanted to share
> what I found about the scope of what actually needs to be done, which
> is fairly small. (The biggest blocker is probably that Debian & other
> distros haven't packaged gmime-2.6.)

Hi Dan, nice find!  As another Fedora user I'd be happy to test out any
patches you come up with.

When you make those changes to the gpg_context are you breaking gpg
signature validation?  Or is the one a superset of the other?

[-- Attachment #2: Type: application/pgp-signature, Size: 197 bytes --]

Re: S/MIME support in notmuch

[Dan Bryant]

On Wed, 21 Dec 2011 06:51:01 -0500, Darren McGuicken <mailing-notmuch@fernseed.info> wrote:
> On Wed, 07 Dec 2011 21:58:03 -0500, Dan Bryant <dan.bryant@jhuapl.edu> wrote:
> > I'd like to report some success on getting S/MIME signature
> > verification working using notmuch and the recently-released GMime
> > 2.6. I specifically tested with notmuch-0.10.2 and gmime-2.6.1.
> 
> [...]
> 
> > I don't have submittable patches for #2/#3 yet, but I wanted to share
> > what I found about the scope of what actually needs to be done, which
> > is fairly small. (The biggest blocker is probably that Debian & other
> > distros haven't packaged gmime-2.6.)
> 
> Hi Dan, nice find!  As another Fedora user I'd be happy to test out any
> patches you come up with.
> 
> When you make those changes to the gpg_context are you breaking gpg
> signature validation?  Or is the one a superset of the other?

The current assumption in notmuch is that all encrypted/signed messages
in a mailbox will be using the same crypto algorithm. This is the first
thing I want to fix: which crypto algorithm (and therefore, context
object) to use should probably be detected by the MIME type of the
message part.


Dan

Re: S/MIME support in notmuch

[Daniel Kahn Gillmor]

[-- Attachment #1: Type: text/plain, Size: 844 bytes --]

On 12/23/2011 11:40 AM, Dan Bryant wrote:
> On Wed, 21 Dec 2011 06:51:01 -0500, Darren McGuicken <mailing-notmuch@fernseed.info> wrote:
>> When you make those changes to the gpg_context are you breaking gpg
>> signature validation?  Or is the one a superset of the other?
> 
> The current assumption in notmuch is that all encrypted/signed messages
> in a mailbox will be using the same crypto algorithm. This is the first
> thing I want to fix: which crypto algorithm (and therefore, context
> object) to use should probably be detected by the MIME type of the
> message part.

This was an issue i was hoping would get resolved in gmime 2.6, but
apparently it's still open:

  https://bugzilla.gnome.org/show_bug.cgi?id=641848

So it does look like we're going to need to do the detection and
selecion ourselves.

	--dkg


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 1030 bytes --]