+2001-01-15 Simon Josefsson <simon@josefsson.org>
+
+ * smime.el (smime-CA-directory, smime-CA-file): Change default to
+ nil, improve documentation.
+ (smime-certificate-directory): Comment out false hints (until it
+ is implemented).
+
+ * mml-smime.el (mml-smime-sign): Place user in customize buffer if
+ there aren't any keys.
+ (mml-smime-verify): If smime-CA-{file,directory} set, also try to
+ verify certificate. Default is changed to only check integrity.
+ Improved security status texts. If a certificate doesn't contain
+ a email address, don't fail.
+
+ * smime.el (smime-noverify-region):
+ (smime-noverify-buffer): New functions. Verifies integrity only.
+
2001-01-12 22:00:00 ShengHuo ZHU <zsh@cs.rochester.edu>
* gnus-group.el (gnus-group-sort-by-score): Reverse order.
(require 'mm-decode)
(defun mml-smime-sign (cont)
+ (when (null smime-keys)
+ (customize-variable 'smime-keys)
+ (error "No S/MIME keys configured, use customize to add your key"))
(smime-sign-buffer (cdr (assq 'keyfile cont))))
(defun mml-smime-encrypt (cont)
(when (get-buffer smime-details-buffer)
(kill-buffer smime-details-buffer))
(let ((buf (current-buffer))
- (good-signature (smime-verify-buffer))
+ (good-signature (smime-noverify-buffer))
+ (good-certificate (and (or smime-CA-file smime-CA-directory)
+ (smime-verify-buffer)))
addresses openssl-output)
(setq openssl-output (with-current-buffer smime-details-buffer
(buffer-string)))
(insert-buffer-substring buf)
(goto-char (point-min))
(while (re-search-forward "-----END CERTIFICATE-----" nil t)
- (smime-pkcs7-email-region (point-min) (point))
- (setq addresses (append (smime-buffer-as-string-region
- (point-min) (point)) addresses))
- (delete-region (point-min) (point)))))
- (if (not (member mm-security-from addresses))
+ (when (smime-pkcs7-email-region (point-min) (point))
+ (setq addresses (append (smime-buffer-as-string-region
+ (point-min) (point)) addresses)))
+ (delete-region (point-min) (point)))
+ (setq addresses (mapcar 'downcase addresses))))
+ (if (not (member (downcase mm-security-from) addresses))
(mm-set-handle-multipart-parameter
- mm-security-handle 'gnus-info "Sender forged")
- (mm-set-handle-multipart-parameter
- mm-security-handle 'gnus-info "OK"))
+ mm-security-handle 'gnus-info "Sender address forged")
+ (if good-certificate
+ (mm-set-handle-multipart-parameter
+ mm-security-handle 'gnus-info "Ok (sender authenticated)")
+ (mm-set-handle-multipart-parameter
+ mm-security-handle 'gnus-info "Integrity OK (sender unknown)")))
(mm-set-handle-multipart-parameter
mm-security-handle 'gnus-details
(concat "Sender clamed to be: " mm-security-from "\n"
(if addresses
(concat "Addresses in certificate: "
(mapconcat 'identity addresses ", "))
- "No addresses found in certificate.")
+ "No addresses found in certificate. (Requires OpenSSL 0.9.6 or later.)")
"\n" "\n"
"OpenSSL output:\n"
"---------------\n" openssl-output "\n"
(file :tag "File name")))
:group 'smime)
-(defcustom smime-CA-directory ""
+(defcustom smime-CA-directory nil
"Directory containing certificates for CAs you trust.
Directory should contain files (in PEM format) named to the X.509
-hash of the certificate."
+hash of the certificate. This can be done using OpenSSL such as:
+
+$ ln -s ca.pem `openssl x509 -noout -hash -in ca.pem`
+
+where `ca.pem' is the file containing a PEM encoded X.509 CA
+certificate."
:type '(choice (const :tag "none" nil)
directory)
:group 'smime)
-(defcustom smime-CA-file ""
+(defcustom smime-CA-file nil
"Files containing certificates for CAs you trust.
-File should be in PEM format."
+File should contain certificates in PEM format."
:type '(choice (const :tag "none" nil)
file)
:group 'smime)
(defcustom smime-certificate-directory "~/Mail/certs/"
"Directory containing other people's certificates.
It should contain files named to the X.509 hash of the certificate,
-and the files themself should be in PEM format.
-The S/MIME library provide simple functionality for fetching
-certificates into this directory, so there is no need to populate it
-manually."
+and the files themself should be in PEM format."
+;The S/MIME library provide simple functionality for fetching
+;certificates into this directory, so there is no need to populate it
+;manually.
:type 'directory
:group 'smime)
(message "S/MIME message NOT verified successfully.")
nil)))
+(defun smime-noverify-region (b e)
+ (let ((buffer (get-buffer-create smime-details-buffer)))
+ (with-current-buffer buffer
+ (erase-buffer))
+ (if (apply 'smime-call-openssl-region b e buffer "smime" "-verify"
+ "-noverify" "-out" '("/dev/null"))
+ (message "S/MIME message verified succesfully.")
+ (message "S/MIME message NOT verified successfully.")
+ nil)))
+
(defun smime-decrypt-region (b e keyfile)
(let ((buffer (generate-new-buffer (generate-new-buffer-name "*smime*")))
CAs)
(with-current-buffer (or buffer (current-buffer))
(smime-verify-region (point-min) (point-max))))
+(defun smime-noverify-buffer (&optional buffer)
+ "Verify integrity of S/MIME message in BUFFER.
+Uses current buffer if BUFFER is nil.
+Does NOT verify validity of certificate."
+ (interactive)
+ (with-current-buffer (or buffer (current-buffer))
+ (smime-noverify-region (point-min) (point-max))))
+
(defun smime-decrypt-buffer (&optional buffer keyfile)
"Decrypt S/MIME message in BUFFER using KEYFILE.
Uses current buffer if BUFFER is nil, queries user of KEYFILE is nil."
+2001-01-15 16:00:00 ShengHuo ZHU <zsh@cs.rochester.edu>
+
+ * gnus.texi (Using GPG): Doc fix.
+
+2001-01-15 Simon Josefsson <simon@josefsson.org>
+
+ * message.texi (Security): Requires OpenSSL 0.9.6+.
+
2001-01-13 Kai Gro\e,A_\e(Bjohann <Kai.Grossjohann@CS.Uni-Dortmund.DE>
* gnus.texi (Mail): Move explanation of
@section Using GPG
@cindex using gpg
-Gnus has an ALPHA support to GPG that's provided by @file{gpg.el} and
-@file{mml2015.el}. When viewing signed or encrypted messages, Gnus automatically
-asks if you want to verify or decrypt them.
+Gnus has an ALPHA support to GPG that's provided by @file{gpg.el}. See
+@code{mm-verify-option} and @code{mm-decrypt-option} to enable Gnus to
+verify or decrypt messages accordingly.
To use this correctly with GPG, you'll need the following lisp code in your
@file{~/.emacs} or @file{~/.gnus}:
@lisp
+(require 'gpg)
(setq mml2015-use 'gpg)
-(setq gpg-temp-directory "~/.gnupg/tmp")
+(setq gpg-temp-directory (expand-file-name "~/.gnupg/tmp"))
@end lisp
The @code{gpg-temp-directory} need to point to a directory with permissions set
message using S/MIME. There's also @kbd{M-m c p} to encrypt your message with
PGP/MIME and @kbd{M-m c s} to encrypt using S/MIME.
-Gnus will ask for your passphrase three times and then it will send your
-message, if you've typed it correctly.
+Gnus will ask for your passphrase and then it will send your message, if
+you've typed it correctly.
@end ignore
@node Select Methods
@section Using GPG
@cindex using gpg
-Gnus has an ALPHA support to GPG that's provided by @file{gpg.el} and
-@file{mml2015.el}. When viewing signed or encrypted messages, Gnus automatically
-asks if you want to verify or decrypt them.
+Gnus has an ALPHA support to GPG that's provided by @file{gpg.el}. See
+@code{mm-verify-option} and @code{mm-decrypt-option} to enable Gnus to
+verify or decrypt messages accordingly.
To use this correctly with GPG, you'll need the following lisp code in your
@file{~/.emacs} or @file{~/.gnus}:
@lisp
+(require 'gpg)
(setq mml2015-use 'gpg)
-(setq gpg-temp-directory "~/.gnupg/tmp")
+(setq gpg-temp-directory (expand-file-name "~/.gnupg/tmp"))
@end lisp
The @code{gpg-temp-directory} need to point to a directory with permissions set
message using S/MIME. There's also @kbd{M-m c p} to encrypt your message with
PGP/MIME and @kbd{M-m c s} to encrypt using S/MIME.
-Gnus will ask for your passphrase three times and then it will send your
-message, if you've typed it correctly.
-
+Gnus will ask for your passphrase and then it will send your message, if
+you've typed it correctly.
@node Select Methods
@chapter Select Methods
@c The S/MIME support in Message (and MML) require OpenSSL. OpenSSL
@c perform the actual S/MIME sign/encrypt operations. OpenSSL can be found
-@c at @code{http://www.openssl.org/}. OpenSSL 0.9.5a and later should
-@c work. However, version 0.9.5a insert a spurious CR character into MIME
-@c separators so you may wish to avoid it if you would like to avoid being
-@c regarded as someone who send strange mail. (Although by sending S/MIME
-@c messages you've probably already lost that contest.)
+@c at @code{http://www.openssl.org/}. OpenSSL 0.9.6 and later should work.
+@c Version 0.9.5a cannot extract mail addresses from certificates, and it
+@c insert a spurious CR character into MIME separators so you may wish to
+@c avoid it if you would like to avoid being regarded as someone who send
+@c strange mail. (Although by sending S/MIME messages you've probably
+@c already lost that contest.)
@c To be able to send encrypted mail, a personal certificate is not
@c required. Message (MML) need a certificate for the person to whom you
The S/MIME support in Message (and MML) require OpenSSL. OpenSSL
perform the actual S/MIME sign/encrypt operations. OpenSSL can be found
-at @code{http://www.openssl.org/}. OpenSSL 0.9.5a and later should
-work. However, version 0.9.5a insert a spurious CR character into MIME
-separators so you may wish to avoid it if you would like to avoid being
-regarded as someone who send strange mail. (Although by sending S/MIME
-messages you've probably already lost that contest.)
+at @code{http://www.openssl.org/}. OpenSSL 0.9.6 and later should work.
+Version 0.9.5a cannot extract mail addresses from certificates, and it
+insert a spurious CR character into MIME separators so you may wish to
+avoid it if you would like to avoid being regarded as someone who send
+strange mail. (Although by sending S/MIME messages you've probably
+already lost that contest.)
To be able to send encrypted mail, a personal certificate is not
required. Message (MML) need a certificate for the person to whom you
projects / elisp / gnus.git- / commitdiff