From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: David Bremner <david@tethera.net>, notmuch@notmuchmail.org
Subject: Re: SMIME signature verification patches, v4
Date: Thu, 28 Jan 2016 01:56:05 -0500 [thread overview]
Message-ID: <87lh7ab3ay.fsf@alice.fifthhorseman.net> (raw)
In-Reply-To: <1453652479-15968-1-git-send-email-david@tethera.net>
[-- Attachment #1: Type: text/plain, Size: 2054 bytes --]
On Sun 2016-01-24 11:21:14 -0500, David Bremner wrote:
> This is a simple rebase of
>
> id:1450100337-31655-1-git-send-email-david@tethera.net
>
> The first 3 patches of that series are now in master.
FWIW, i'm now running with this patch series, and i can verify S/MIME
signatures with it.
When verifying a correct signature, though, the only thing i seem to get
in notmuch-emacs (or in the notmuch show --verify output) is the view of
some kind of fingerprint of the key, with no human-readable name or
e-mail address associated with it.
for example:
"sigstatus" : [
{
"created" : 1453962340,
"status" : "good",
"fingerprint" : "3E65C58C306C1C42CA5056903B4E6C3C7DF15AD8",
"expires" : 1485215999
}
],
whereas the OpenPGP PGP/MIME cleartext signature show:
"sigstatus" : [
{
"status" : "good",
"userid" : " Daniel Kahn Gillmor <dkg@fifthhorseman.net>",
"fingerprint" : "EDB2E74F56FCF2B67297B73524ECFF5AFF68370A",
"created" : 1453925746
}
This lack of userid be a function of my own S/MIME setup (i'm not sure
whether i've got the keys and certs set up exactly right), or of a
failure in gmime's pkcs7 signature handling code. But this is an
improvement over the unpatched notmuch anyway.
Note that none of this deals with S/MIME-enveloped (encrypted) e-mails
yet either.
My e-mail certificates and things are now set up within emacs (i'm using
EPG instead of openssl) -- i should be able to sign this mail,
and anyone else running this series should be able to verify it.
I've rebased my own crypto series (indexing cleartext) on top of this
series, and it also works fine (though there were a few commits that
were tricky to rebase). I'd like it if this S/MIME patch series would
get upstreamed!
--dkg
[-- Attachment #2: smime.p7s --]
[-- Type: application/pkcs7-signature, Size: 3244 bytes --]
next prev parent reply other threads:[~2016-01-28 6:56 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-01-24 16:21 SMIME signature verification patches, v4 David Bremner
2016-01-24 16:21 ` [Patch v4 1/5] test: initial tests for S/MIME and notmuch-emacs David Bremner
2016-01-24 16:21 ` [Patch v4 2/5] test: add broken S/MIME signature verification test for notmuch CLI David Bremner
2016-01-24 16:21 ` [Patch v4 3/5] cli: crypto: S/MIME verification support David Bremner
2016-01-24 16:21 ` [Patch v4 4/5] debian: Recommend gpgsm for S/MIME support David Bremner
2016-01-24 16:21 ` [Patch v4 5/5] debian: add gpgsm as build dependency David Bremner
2016-01-28 6:56 ` Daniel Kahn Gillmor [this message]
2016-01-30 0:29 ` SMIME signature verification patches, v4 David Bremner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://notmuchmail.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87lh7ab3ay.fsf@alice.fifthhorseman.net \
--to=dkg@fifthhorseman.net \
--cc=david@tethera.net \
--cc=notmuch@notmuchmail.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://yhetil.org/notmuch.git/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).