Re: [gmime-devel] Using GMimeDecryptResult - certificate information?

From: Gaute Hope <eg gaute vetsj com>
To: Daniel Kahn Gillmor <dkg fifthhorseman net>, gmime development <gmime-devel-list gnome org>
Subject: Re: [gmime-devel] Using GMimeDecryptResult - certificate information?
Date: Wed, 13 Jul 2016 10:11:16 +0000

Daniel Kahn Gillmor writes on juli 13, 2016 11:48:

Hi Gaute--

On Wed 2016-07-13 09:26:18 +0200, Gaute Hope wrote:

Daniel Kahn Gillmor writes on juli 12, 2016 22:26:

On Tue 2016-07-12 18:11:55 +0200, Gaute Hope wrote:

I am trying to use GMime's GPG support. I can encrypt, decrypt and
verify fine - but when I try to use the GMimeDecryptResult certificates
to get a list of the recipients for the encrypted message, all fields
but the 'keyid' are 0x0. Are these here only for convenience or how do I
get them to load the rest of the key information?


That implies that GnuPG doesn't have a copy of the signer's
certificate.


Sorry, i believe i made a mistake here -- GMimeDecryptResult relates to
other keys that this message claims to be encrypted to (in OpenPGP
terms, there is a PKESK packet which contains the mentioned key ID).
Please be aware that this is trivially-spoofable if you don't have the
corresponding secret key, since the payload of the PKESK for a key you
don't have should be indistinguishable from random noise.


So a sender could forge the ENC_TO fields? And I would need the senders
(or receivers secret key) to detect that? Anyway, I would be sure it is
encrypted to me - since I have my own secret key, however GMime does not
link the public key information of the master key with that.

If this is the case, then it is a good argument for not automatically
associating the alleged subkey with the master pub key. Is this a
concious decision?

What version of GnuPG are you using with gmime?


```
 $ gpg --version
 gpg (GnuPG) 2.1.13
 libgcrypt 1.7.1
```


I believe gmime extracts this from gpg's status-fd, which prints
something like:

[GNUPG:] ENC_TO 10CD1274504738C1 1 0
[GNUPG:] ENC_TO A70A96E1439EA852 1 0

whether you have the corresponding secret keys or not.

  I do have the keys locally though (I have them lsigned as well since
I use them as recipients for encrypted messages), it does not work
when I encrypt for myself.


whether they're lsigned or not shouldn't be an issue.  are you sure
they're in the keyring available to the gmime process?


They should be - I only have one keyring.

On a side note, I get random hangups, presumably when gpg is asking
for interactive input.

-gaute

Attachment: pgpjuaUEnIFEe.pgp
Description: PGP signature

Follow-Ups:
- Re: [gmime-devel] Using GMimeDecryptResult - certificate information?
  - From: Daniel Kahn Gillmor

References:
- [gmime-devel] Using GMimeDecryptResult - certificate information?
  - From: Gaute Hope
- Re: [gmime-devel] Using GMimeDecryptResult - certificate information?
  - From: Daniel Kahn Gillmor
- Re: [gmime-devel] Using GMimeDecryptResult - certificate information?
  - From: Gaute Hope
- Re: [gmime-devel] Using GMimeDecryptResult - certificate information?
  - From: Daniel Kahn Gillmor

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]