Re: [gmime-devel] g_mime_part_get_openpgp_data () and Content-Transfer-Encoding: base64

From: Jeffrey Stedfast <fejj gnome org>
To: Daniel Kahn Gillmor <dkg fifthhorseman net>, Gmime Development <gmime-devel-list gnome org>
Subject: Re: [gmime-devel] g_mime_part_get_openpgp_data () and Content-Transfer-Encoding: base64
Date: Tue, 12 Dec 2017 10:02:51 -0500

On 12/12/2017 3:48 AM, Daniel Kahn Gillmor wrote:

hey Jeff and other GMime folks--


Hey!


I've been working on adding support for decryption of PGP inline
messages over on notmuch [0], but i notice that at least for some
e-mails it seems that they are not detected.

In particular, some of my contacts are sending me inline PGP encrypted
messages through some chain of MUAs/webmail/MTAs that automagically
base64-encode any text the human supplies.


Ugh :(

[snup]

Consequently, i think g_mime_part_get_openpgp_data returns
GMIME_OPENPGP_DATA_NONE instead of GMIME_OPENPGP_DATA_ENCRYPTED, so my
work for notmuch doesn't actually recognize that these parts have inline
PGP encrypted data in them.


This makes sense... I'll explain why later.


I'm pretty well convinced that inline PGP is a bad idea generally, so i
don't want GMime to twist itself into knots about this.  but if there's
some obvious fix that you see that would also catch these particular
messages, i'd be happy to know about it.

Any ideas?  is my analysis wrong somehow?

The get_openpgp_data() function returns an enum value (or bitfield? Ican't remember atm) based on the OpenPGP markers that the GMimeParserfound while parsing the message (while scanning for MIME boundaries).Since the GMimeParser does not decode the content as it is parsing themessage, it can't peer under the obfuscation of the base64 encoded blob.

I thought this would be enough since in the subset of messages that I'vepersonally seen that use inline PGP, the text always comes through usingthe 7bit (either implicitly or explicitly), 8bit, or quoted-printable(which makes sense for signed messages) encodings which do not obfuscatethe OpenPGP markers. I hadn't considered the likelihood of (especially)encrypted messages being encoded using base64 since there's literally noreason to do that (armored PGP data is already 7bit clean).

There's no easy way to make this work by doing it in the parser, *but* Icould possibly write a GMimeFilter that would be able to detect OpenPGPmarkers.

Once I do that, I could have g_mime_part_get_openpgp_data() use saidfilter if the current GMimeOpenPGPData state is NONE.


How does that sound?

Jeff

Follow-Ups:
- Re: [gmime-devel] g_mime_part_get_openpgp_data () and Content-Transfer-Encoding: base64
  - From: Daniel Kahn Gillmor

References:
- [gmime-devel] g_mime_part_get_openpgp_data () and Content-Transfer-Encoding: base64
  - From: Daniel Kahn Gillmor

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]