From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from localhost (localhost [127.0.0.1]) by arlo.cworth.org (Postfix) with ESMTP id 8B16F6DE014A for ; Wed, 27 Jan 2016 22:56:34 -0800 (PST) X-Virus-Scanned: Debian amavisd-new at cworth.org X-Spam-Flag: NO X-Spam-Score: -0.053 X-Spam-Level: X-Spam-Status: No, score=-0.053 tagged_above=-999 required=5 tests=[AWL=-0.053] autolearn=disabled Received: from arlo.cworth.org ([127.0.0.1]) by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oamW-fIcmEpH for ; Wed, 27 Jan 2016 22:56:31 -0800 (PST) Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) by arlo.cworth.org (Postfix) with ESMTP id B68646DE0173 for ; Wed, 27 Jan 2016 22:56:31 -0800 (PST) Received: from fifthhorseman.net (ool-6c3a0662.static.optonline.net [108.58.6.98]) by che.mayfirst.org (Postfix) with ESMTPSA id 0191FF991; Thu, 28 Jan 2016 01:56:11 -0500 (EST) Received: by fifthhorseman.net (Postfix, from userid 1000) id CCDB71FF94; Thu, 28 Jan 2016 01:56:12 -0500 (EST) From: Daniel Kahn Gillmor To: David Bremner , notmuch@notmuchmail.org Subject: Re: SMIME signature verification patches, v4 In-Reply-To: <1453652479-15968-1-git-send-email-david@tethera.net> References: <1453652479-15968-1-git-send-email-david@tethera.net> User-Agent: Notmuch/0.21+72~gd8c4f1c (http://notmuchmail.org) Emacs/24.5.1 (x86_64-pc-linux-gnu) Date: Thu, 28 Jan 2016 01:56:05 -0500 Message-ID: <87lh7ab3ay.fsf@alice.fifthhorseman.net> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=sha256; protocol="application/pkcs7-signature" X-BeenThere: notmuch@notmuchmail.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Use and development of the notmuch mail system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Jan 2016 06:56:34 -0000 --=-=-= Content-Type: text/plain On Sun 2016-01-24 11:21:14 -0500, David Bremner wrote: > This is a simple rebase of > > id:1450100337-31655-1-git-send-email-david@tethera.net > > The first 3 patches of that series are now in master. FWIW, i'm now running with this patch series, and i can verify S/MIME signatures with it. When verifying a correct signature, though, the only thing i seem to get in notmuch-emacs (or in the notmuch show --verify output) is the view of some kind of fingerprint of the key, with no human-readable name or e-mail address associated with it. for example: "sigstatus" : [ { "created" : 1453962340, "status" : "good", "fingerprint" : "3E65C58C306C1C42CA5056903B4E6C3C7DF15AD8", "expires" : 1485215999 } ], whereas the OpenPGP PGP/MIME cleartext signature show: "sigstatus" : [ { "status" : "good", "userid" : " Daniel Kahn Gillmor ", "fingerprint" : "EDB2E74F56FCF2B67297B73524ECFF5AFF68370A", "created" : 1453925746 } This lack of userid be a function of my own S/MIME setup (i'm not sure whether i've got the keys and certs set up exactly right), or of a failure in gmime's pkcs7 signature handling code. But this is an improvement over the unpatched notmuch anyway. Note that none of this deals with S/MIME-enveloped (encrypted) e-mails yet either. My e-mail certificates and things are now set up within emacs (i'm using EPG instead of openssl) -- i should be able to sign this mail, and anyone else running this series should be able to verify it. I've rebased my own crypto series (indexing cleartext) on top of this series, and it also works fine (though there were a few commits that were tricky to rebase). I'd like it if this S/MIME patch series would get upstreamed! --dkg --=-=-= Content-Type: application/pkcs7-signature; name=smime.p7s Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=smime.p7s MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCCCfgw ggSvMIIDl6ADAgECAhEA4CPLFRKDU4mtYW56VGdrITANBgkqhkiG9w0BAQsFADBvMQswCQYDVQQG EwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFsIFRU UCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290MB4XDTE0MTIyMjAw MDAwMFoXDTIwMDUzMDEwNDgzOFowgZsxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1h bmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMUEw PwYDVQQDEzhDT01PRE8gU0hBLTI1NiBDbGllbnQgQXV0aGVudGljYXRpb24gYW5kIFNlY3VyZSBF bWFpbCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAImxDdp6UxlOcFIdvFamBia3 uEngludRq/HwWhNJFaO0jBtgvHpRQqd5jKQi3xdhTpHVdiMKFNNKAn+2HQmAbqUEPdm6uxb+oYep LkNSQxZ8rzJQyKZPWukI2M+TJZx7iOgwZOak+FaA/SokFDMXmaxE5WmLo0YGS8Iz1OlAnwawsayT QLm1CJM6nCpToxDbPSBhPFUDjtlOdiUCISn6o3xxdk/u4V+B6ftUgNvDezVSt4TeIj0sMC0xf1m9 UjewM2ktQ+v61qXxl3dnUYzZ7ifrvKUHOHaMpKk4/9+M9QOsSb7K93OZOg8yq5yVOhM9DkY6V3Rh UL7GQD/L5OKfoiECAwEAAaOCARcwggETMB8GA1UdIwQYMBaAFK29mHo0tCb3+sQmVO8DveAky1Qa MB0GA1UdDgQWBBSSYWuC4aKgqk/sZ/HCo/e0gADB7DAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/ BAgwBgEB/wIBADAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwEQYDVR0gBAowCDAGBgRV HSAAMEQGA1UdHwQ9MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9BZGRUcnVzdEV4 dGVybmFsQ0FSb290LmNybDA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3Nw LnVzZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQELBQADggEBABsqbqxVwTqriMXY7c1V86prYSvACRAj mQ/FZmpvsfW0tXdeDwJhAN99Bf4Ss6SAgAD8+x1banICCkG8BbrBWNUmwurVTYT7/oKYz1gb4yJj nFL4uwU2q31Ypd6rO2Pl2tVz7+zg+3vio//wQiOcyraNTT7kSxgDsqgt1Ni7QkuQaYUQ26Y3NOh7 4AEQpZzKOsefT4g0bopl0BqKu6ncyso20fT8wmQpNa/WsadxEdIDQ7GPPprsnjJT9HaSyoY0B7ks yuYcStiZDcGG4pCS+1pCaiMhEOllx/XVu37qjIUgAmLq0ToHLFnFmTPyOInltukWeh95FPZKEBom +nyK+5swggVBMIIEKaADAgECAhB9gwtCT/pRNF/1IXxNcw7PMA0GCSqGSIb3DQEBCwUAMIGbMQsw CQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3Jk MRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDFBMD8GA1UEAxM4Q09NT0RPIFNIQS0yNTYgQ2xp ZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1haWwgQ0EwHhcNMTYwMTI0MDAwMDAwWhcN MTcwMTIzMjM1OTU5WjAmMSQwIgYJKoZIhvcNAQkBFhVka2dAZmlmdGhob3JzZW1hbi5uZXQwggEi MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxPWBtSuDu5vFkO6vURZx+YIa5XUenadS58lOR 58M17BwpKYFzKDXrSAUt7Ynw04u09c5mbTSBS5NPMlNmOcEI5b2QbDJda7NaOkGaiwOFDgks7EAr v3ib/ZXLn+R/t7fImi/VStYTEGIYMcUqg4+ssSxh1/3/8n4uFj9LLIR1KwfDVwv0NiYAol6dZ2zt deFvICVB19VfthUsWlIWP7cxUwrfplsOCsJ8+bwAzZVgb+tBcvCvXVtNaU+11BEoK/fOIZoI3CDw PMOgKNf9suUx2U2k4+plIz0dBWNwAWWAH6pfilyXzlGRP6za4pGC0XWGGMltKIUkfGev7q+DfxGD AgMBAAGjggHzMIIB7zAfBgNVHSMEGDAWgBSSYWuC4aKgqk/sZ/HCo/e0gADB7DAdBgNVHQ4EFgQU D/GO20jlXABuew/mfu4UsxsFfkswDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwIAYDVR0l BBkwFwYIKwYBBQUHAwQGCysGAQQBsjEBAwUCMBEGCWCGSAGG+EIBAQQEAwIFIDBGBgNVHSAEPzA9 MDsGDCsGAQQBsjEBAgEBATArMCkGCCsGAQUFBwIBFh1odHRwczovL3NlY3VyZS5jb21vZG8ubmV0 L0NQUzBdBgNVHR8EVjBUMFKgUKBOhkxodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9DT01PRE9TSEEy NTZDbGllbnRBdXRoZW50aWNhdGlvbmFuZFNlY3VyZUVtYWlsQ0EuY3JsMIGQBggrBgEFBQcBAQSB gzCBgDBYBggrBgEFBQcwAoZMaHR0cDovL2NydC5jb21vZG9jYS5jb20vQ09NT0RPU0hBMjU2Q2xp ZW50QXV0aGVudGljYXRpb25hbmRTZWN1cmVFbWFpbENBLmNydDAkBggrBgEFBQcwAYYYaHR0cDov L29jc3AuY29tb2RvY2EuY29tMCAGA1UdEQQZMBeBFWRrZ0BmaWZ0aGhvcnNlbWFuLm5ldDANBgkq hkiG9w0BAQsFAAOCAQEAUQsoIz1JUYDR3CLTRWucX2+I8JwVkwGR4iwrpgiqi+HLcAinFaUPB3jH WJBU9761W1BZh+vZOHXHIKReADgplLylRx3wiDDyA2Uv+CREJyNZm3V0S5M5n4chQhcTjd127RHJ KusuSVMmCiV2w6K+JKanJRKOYw4LSB+45K+20exR9GnnrAbBYPqutiHmK5q60At+sXhTceLt3c9B ebFybFAU9vTTn4SvUu87TZ6gWyPJ2VSBQWDdsIV8h7PT+FdmYR16kIFI6eu4Z5FpoVbB9neNE9b8 ir4WbS+neCkaCRUTkhOHXwHnfAno+cEcNRRFeBc30Hl357HPh0dscGRQvTGCAnIwggJuAgEBMIGw MIGbMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdT YWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDFBMD8GA1UEAxM4Q09NT0RPIFNIQS0y NTYgQ2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1haWwgQ0ECEH2DC0JP+lE0X/Uh fE1zDs8wDQYJYIZIAWUDBAIBBQCggZMwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG 9w0BCQUxDxcNMTYwMTI4MDY1NjA2WjAoBgkqhkiG9w0BCQ8xGzAZMAsGCWCGSAFlAwQBAjAKBggq hkiG9w0DBzAvBgkqhkiG9w0BCQQxIgQg5B+hCFR0TPkdaOz8MuOFE5QtrAxin21sulqcc9b7/vYw DQYJKoZIhvcNAQEBBQAEggEAhLxXYrVVGfUtFRpiz5ht4Ln+b9ZKtvLXbTDsvNNHTk1thXEJiD61 ro71fjgy9pnVNfudKMY/JGvs4lHDOoo5KzCKHDOiF4mCuEfNe9RIN9qrXM4gMiWX9QneHaQXkyOC yYMo2Fuf48V0ciiR4WDnWJCK+Kx046KltML7c8nh9y3JRXoI4XSr12gfbCGFBw1qooQfxizQM6rL nHFntFKTgbW9gaVlpAkAeqvB+Qj6vMaWgBuZP/jE10BE8YOfTecmsMrOrLIDEiPJ3HbOqb7nBh8i a0JypUUFs9Md4eGfIVKW3lADk/I3h7z7ADQYbmGcnCw4+GTUdvUWcYZNB+hVmgAAAAAAAA== --=-=-=--