SMIME signature verification patches, v4

Daniel Kahn Gillmor dkg at fifthhorseman.net
Wed Jan 27 22:56:05 PST 2016


On Sun 2016-01-24 11:21:14 -0500, David Bremner wrote:
> This is a simple rebase of
>
>      id:1450100337-31655-1-git-send-email-david at tethera.net
>
> The first 3 patches of that series are now in master.

FWIW, i'm now running with this patch series, and i can verify S/MIME
signatures with it.

When verifying a correct signature, though, the only thing i seem to get
in notmuch-emacs (or in the notmuch show --verify output) is the view of
some kind of fingerprint of the key, with no human-readable name or
e-mail address associated with it.

for example:

                  "sigstatus" : [
                     {
                        "created" : 1453962340,
                        "status" : "good",
                        "fingerprint" : "3E65C58C306C1C42CA5056903B4E6C3C7DF15AD8",
                        "expires" : 1485215999
                     }
                  ],

whereas the OpenPGP PGP/MIME cleartext signature show:

                 "sigstatus" : [
                     {
                        "status" : "good",
                        "userid" : " Daniel Kahn Gillmor <dkg at fifthhorseman.net>",
                        "fingerprint" : "EDB2E74F56FCF2B67297B73524ECFF5AFF68370A",
                        "created" : 1453925746
                     }

This lack of userid be a function of my own S/MIME setup (i'm not sure
whether i've got the keys and certs set up exactly right), or of a
failure in gmime's pkcs7 signature handling code.  But this is an
improvement over the unpatched notmuch anyway.

Note that none of this deals with S/MIME-enveloped (encrypted) e-mails
yet either.

My e-mail certificates and things are now set up within emacs (i'm using
EPG instead of openssl) -- i should be able to sign this mail,
and anyone else running this series should be able to verify it.

I've rebased my own crypto series (indexing cleartext) on top of this
series, and it also works fine (though there were a few commits that
were tricky to rebase).  I'd like it if this S/MIME patch series would
get upstreamed!

    --dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3244 bytes
Desc: not available
URL: <http://notmuchmail.org/pipermail/notmuch/attachments/20160128/205ca893/attachment.bin>


More information about the notmuch mailing list