Re: [PATCH/2.1] gpgme fixes & entensions

From: Albrecht Dreß <albrecht dress arcor de>
To: Jeffrey Stedfast <fejj stampede org>
Cc: Albrecht Dreß <albrecht dress arcor de>, Balsa-Liste <balsa-list gnome org>, B-maintainer <balsa-maintainer theochem kth se>
Subject: Re: [PATCH/2.1] gpgme fixes & entensions
Date: Thu, 27 May 2004 19:42:28 +0200

Am 26.05.04 22:08 schrieb(en) Jeffrey Stedfast:

I've actually been meaning to ask if you have any comments on the new
cipher context interfaces. My goal was to improve them as much as I
could without breaking binary/source compat.

Well, to be honest, I just don't use them as more information about the signature status is needed *and* provided by gpgme... ;-) For that, I implemented the gpgme signature status (which is not OpenPGP specific, btw.) as a GObject. See libbalsa/gmime-gpgme-signature.[hc], if you're interested.

I have indeed a few remarks, though. IMHO the by far most important problem is fixing the bug which doesn't feed the headers verbatim into the crypto engine, frequently (but not always) breaking signatures if the signed stuff is itself multipart. This one is simply a show stopper, as it makes signature checking completely unreliable. BTW the reason that I develop on balsa 2.1, but still use 2.0... I think fixing it should have absolutely top priority.

It would also be interesting to support single-part protocols like RFC2440 parts or RFC 2633 application/pkcs7-mime with the crypto context. I did that for RFC 2440 in balsa using a simple hack: added a field in the gpgme context (derived from the crypto context) which indicates if we are in single or multipart mode. Now the verify method works as usual in multipart mode, but in single part mode the RFC 2440 part is fed into istream, and the "decrypted" (i.e. RFC 2440 armor removed) output is written to sigstream. Implementing a RFC2440 part class is then trivial; see libbalsa/gmime-part-rfc2440.[hc].

With the single-/multipart hack, it will also be easy to implement rfc 2633 support (well, at least with the gpgme backend - gpgsm has it's own problems!). I already have a small patch for gmime-multipart-signed.c to get multipart/signed with application/pkcs7-signature protocol working - it's just changing ~15 lines and you're done. I also have a working implementation for application-pkcs7-mime (the single-part singed and/or encrypteed protocol), but both are not yet verified with gmime 2.1.5 (delayed by other work and a gpgme bug; maybe next weekend's task? ;-)). If you are interested, I could send you both.

Just my ¤ 0.01...

Cheers,

Albrecht.


--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Albrecht Dreß  -  Johanna-Kirchner-Straße 13  -  D-53123 Bonn (Germany)
      Phone (+49) 228 6199571  -  mailto:albrecht dress arcor de
_________________________________________________________________________

Attachment: pgp00032.pgp
Description: PGP signature

References:
- [PATCH/2.1] gpgme fixes & entensions
  - From: Albrecht Dreß
- Re: [PATCH/2.1] gpgme fixes & entensions
  - From: Jeffrey Stedfast

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]