Re: [PATCH] Crypto-related (mostly) fixes and improvements
- From: Peter Bloomfield <PeterBloomfield bellsouth net>
- To: balsa-list gnome org
- Subject: Re: [PATCH] Crypto-related (mostly) fixes and improvements
- Date: Thu, 10 Aug 2017 21:53:45 -0400
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Albrecht,
On 08/10/2017 03:42:44 PM Thu, Albrecht Dreß wrote:
Hi all,
the attached patch fixes some issues with gpg/gpgsm encryption, and tries to improve encryption in general.
It also adds some other, small improvements. Note that this patch includes the one I submitted a week ago
(subject “[PATCH] plug mem leak, simplifications”).
(1) Bug Fixes
- Due to an (undocumented) change in gpgme, S/MIME signing fails with error “not implemented” if the context
is created with a passphrase callback, so never set one in this case.
- Fix several mem leaks in encryption.
- Do not use a forced GnuPG key ID for S/MIME (see improvements, below)
(2) Crypto-related Improvements
- The user identity has a field for forcing the key id used when signing GnuPG messages. Using it for S/MIME
is plain wrong, though (see Bugs above), so add an extra field for forcing a S/MIME certificate. As to
simplify life for the user, add buttons to display the usual key list dialogue from which the user can choose.
- Simplify the key list dialogue by showing the User ID only. When the user double-clicks an entry, open a
new dialogue with the full key details.
- Although exchanging GnuPG keys using a key server or (since the latest gpg versions) WKS is preferred,
there are situations where keys shall not be published (e.g. as to not disclose an employment of a person).
For this situation, add a send message option to attach the sender's public key.
- On the receiving side, import application/pgp-keys parts into a temporary gpg context, and display the keys
with buttons for importing them into the main key ring.
- Add subkey details (bits, type, ECC curve if applicable) to the key widget.
- Make sure S/MIME signed messages always include the signer's signature (note that it does not make sense to
include the whole certificate chain, as the root cert should /always/ be imported from a trustworthy source).
- RFC3156, sect. 3 requires a message to be 7-bit clean. Thus, QP-encoding pure 7-bit parts is superfluous.
(3) Misc Stuff
- Simplify deleting a folder recursively and creating a temp folder by exclusively using glib functions
(re-sent from last week's patch).
- Check BALSA_DIALOG_HEADERBAR for information dialogues.
As always, any feedback would be highly appreciated!
Cheers,
Albrecht.
Thanks as always for the patch, and for the work it represents! Thanks also for rolling in last weeks
patch--thanks to travel and an appalling connection, I hadn't even installed it :-(
The changes look good from a first look: Balsa builds and runs, but I've not tested all the code paths. I've
pushed the patch to master, to get some serious testing beyond what I can do.
Best,
Peter
-----BEGIN PGP SIGNATURE-----
iF0EARECAB0WIQS030wPRfNNA5alz3MfX9S1uSp09QUCWY0OKQAKCRAfX9S1uSp0
9RMRAJ49YvgYXf1PIuoK5CXENpqxlUyZZgCcD7a9deO4DzJq2Zh6smNS7CK8+FY=
=nzny
-----END PGP SIGNATURE-----
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]