[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
pkcs7-mime signed message verification
|
From: |
Peter Cooper Jr. |
|
Subject: |
pkcs7-mime signed message verification |
|
Date: |
Fri, 21 Nov 2008 05:55:31 -0800 (PST) |
|
User-agent: |
G2/1.0 |
I run Gnus v5.10.10 on Emacs 21.3.1 on Windows. I sometimes get signed
messages from coworkers using Outlook that are in a base64-encoded
application/x-pkcs7-mime format. Gnus asks if I want to decrypt it
(even though it's not encrypted), and if I say yes, I see the original
message, but also a message "Verify signed PKCS#7 message is
unimplemented." and so I don't know if the signature is valid or not.
Also of note is that the message I see has the user's bottom-of-text
signature cut off (that is, anything after a "--" is missing), which
I'm guessing is related to some poor MIME parsing somewhere.
I found a message in this group from 2005, available at
<http://groups.google.com/group/gnu.emacs.gnus/browse_thread/thread/
9dedf9f77031083>,
which seems to describe the issue I'm having perfectly. I've tried
applying the patch mentioned in there, and while it seems to then try
to decrypt it, it doesn't present the status in the nice buttonized
form that I get from a regular multipart/signed message. If the
signature validates, it just silently shows the message. If the
signature doesn't validate (such as if the root isn't a recognized CA
in my directory of them, or the signature is forged), then that patch
seems to try to just throw the openssl output into the buffer which
sometimes works, but instead I sometimes just get the message
"Malformed quoted-printable text". I can then look at the *OpenSSL
output* buffer to see the verification failure message, though. And,
it doesn't fix the problem where anything after a "--" is missing.
So while that patch is an improvement over not checking the signature
at all, it seems like room for more improvement. It seems to me that
it should work just like the multipart/signed messages, where there's
a button surrounding the signed text that I can click on to get the
details of the verification, and that clearly shows whether the
verification worked or not. Regardless, it seems odd that the text
after "--" gets cut off as well.
It looks to me like that patch got checked into CVS and that nobody
else has looked into this since. I'm handy with Lisp, although not
particularly experienced with Emacs-lisp, but I can probably muddle
through if somebody points me in the right direction. I'm just not
sure where to look from here.
I'd appeciate any help anyone can give me. Thank you.
--
Peter C
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- pkcs7-mime signed message verification,
Peter Cooper Jr. <=