Re: emacs: error decrypting s/mime

unofficial mirror of notmuch@notmuchmail.org
 help / color / mirror / code / Atom feed

From: Alexander Adolf <alexander.adolf@condition-alpha.com>
To: David Bremner <david@tethera.net>, notmuch@notmuchmail.org
Cc: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Subject: Re: emacs: error decrypting s/mime
Date: Wed, 18 Nov 2020 00:25:34 +0100	[thread overview]
Message-ID: <788a8c0090f2cb866b357bedc87d3b41@condition-alpha.com> (raw)
In-Reply-To: <878sb55vcp.fsf@tethera.net>

Hello David,

first of all, many thanks for not giving up on this one!

David Bremner <david@tethera.net> writes:

> [...]
> I think this might be a deeper issue. Looking at the structure of
>
>   test/corpora/protected-headers/smime-sign+enc.eml
>
> it looks like there is an application/pkcs-7 part for the outer
> container with an encstatus, and one inside that (with the same mime
> type) with a sigstatus. So maybe the right thing is to just ignore
> missing encstatus?
> [...]

Conceptually, a typical s/mime message looks like this:
----------------------------------------------------------------------
Received:
From:
To:
Subject:
Date:
MIME-Version: 1.0
Content-Disposition: attachment; filename="smime.p7m"
Content-Type: application/x-pkcs7-mime; smime-type=enveloped-data;
name="smime.p7m"
[more headers (opt.)]
                              <empty line>
gibberish (the CMS)
----------------------------------------------------------------------

After decrypting the gibberish (CMS), you get a new mime tree structure,
in which the top-level entity can be a multipart/signed (most often), or
a message/rfc822 (sometimes), or something else (rarely seen) [1].

[1] https://tools.ietf.org/html/rfc8551

I.e. you decrypt, and further mime parts appear. No assumptions should
be made about the tree's structure. Quoting from [1]:

---------------------------- Begin Quote -----------------------------
3.1.  Preparing the MIME Entity for Signing, Enveloping, or Compressing

   S/MIME is used to secure MIME entities.  A MIME message is composed
   of a MIME header and a MIME body.  A body can consist of a single
   MIME entity or a tree of MIME entities (rooted with a multipart).
   S/MIME can be used to secure either a single MIME entity or a tree of
   MIME entities.  These entities can be in locations other than the
   root.  S/MIME can be applied multiple times to different entities in
   a single message. [...]
----------------------------- End Quote ------------------------------

After decrypting your "outer" container (the CMS), the result is a mime
tree, i.e. should start with "Content-Type:". Standard mime tree
processing should be applied (recursively).

The bodypart handler error message shows this "embedded (inner) mime
tree", and in my case the top-level entity is a multipart/signed. You
wrote "the outer container with an encstatus, and one inside that (with
the same mime type) with a sigstatus". So it seems that at that point
you have access to the root of the "inner tree" (multipart/signed, you
can access the sigstatus), but the content-type information is from the
"outer" container (the CMS) still. Perhaps the recursive mime re-parsing
after the decryption is not happening?

More new questions than answers...

  --alexander

next prev parent reply	other threads:[~2020-11-18 10:44 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-09-09 23:51 emacs: error decrypting s/mime Alexander Adolf
2020-09-11 21:32 ` Alexander Adolf
2020-09-12 10:17 ` David Bremner
2020-11-12 14:26 ` David Bremner
2020-11-13  0:13   ` David Bremner
2020-11-13 11:50     ` David Bremner
2020-11-17 23:25       ` Alexander Adolf [this message]
2020-12-14 22:20       ` Alexander Adolf
2020-12-14 22:42         ` Alexander Adolf
2020-12-22 20:19       ` Alexander Adolf

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://notmuchmail.org/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=788a8c0090f2cb866b357bedc87d3b41@condition-alpha.com \
    --to=alexander.adolf@condition-alpha.com \
    --cc=david@tethera.net \
    --cc=dkg@fifthhorseman.net \
    --cc=notmuch@notmuchmail.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this public inbox

	https://yhetil.org/notmuch.git/

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).