<<< Date Index >>>     <<< Thread Index >>>

Re: For 1.5.9 - fixed smime-encrypt-self patch



On Fri, Feb 18, 2005 at 06:06:33PM +0900, Tamotsu Takahashi wrote:
> On Fri, Feb 18, 2005 at 09:54:10AM +0100, Christoph Ludwig wrote:
> > On Fri, Feb 18, 2005 at 05:33:17PM +0900, Tamotsu Takahashi wrote:
> > > On Fri, Feb 18, 2005 at 09:15:43AM +0100, Christoph Ludwig wrote:
> > > > b) How do you think gpgme supports encrypt-self?
> > > 
> > > FYI: https://intevation.de/roundup/aegypten/issue246
> > > (Aegypten issue tracker:  Issue 246: mutt does not do additional 
> > > encrypt-to)
> > 
> > So it seems I didn't miss a gpgme feature.
> 
> Well, I meant that gpgsm DOES have an option now.
> The problem was fixed last year.
> You can add "encrypt-to YOURFINGERPRINT" to your ~/.gnupg/gpgsm.conf.

Oh, sorry, I misunderstood you. 

But when I try to add "encrypt-to FINGERPRINT" then mutt's gpgme backend fails
silently: If I choose "sign as" and enter "cludwig" then I don't get a list of
my certificates anymore but I am prompted for a selection criterion
again. Looking at the GnuPG logs in kwatchgnupg I see that gpgsm successfully
validates the certificate I specified in the "encrypt-to" directive, but it
does not do anything else. Here is the log with "encrypt-to" (with abbreviated
signature values and hash values):

[client at fd 6 connected]
  6 - 2005-02-18 10:51:21 gpgsm[4926]: no key usage specified - assuming all 
usages
  6 - 2005-02-18 10:51:21 gpgsm[4926]: DBG: BEGIN Certificate `target':
  6 - 2005-02-18 10:51:21 gpgsm[4926]: DBG:      serial: 10B7
  6 - 2005-02-18 10:51:21 gpgsm[4926]: DBG:   notBefore: 2005-02-14 11:32:28
  6 - 2005-02-18 10:51:21 gpgsm[4926]: DBG:    notAfter: 2006-02-13 23:00:00
  6 - 2005-02-18 10:51:21 gpgsm[4926]: DBG:      issuer: CN=RBG CA,OU=FB 
Informatik,O=TU Darmstadt,C=DE
  6 - 2005-02-18 10:51:21 gpgsm[4926]: DBG:     subject: CN=Christoph 
Ludwig,OU=CDC,OU=FB Informatik,O=TU Darmstadt,C=DE
  6 - 2005-02-18 10:51:21 gpgsm[4926]: DBG:   hash algo: 1.3.14.3.2.29
  6 - 2005-02-18 10:51:21 gpgsm[4926]: DBG:   SHA1 Fingerprint: 
3B:78:D1:1A:A4:11:BC:9C:83:4F:D5:51:A8:BC:F9:B3:7B:D9:BC:97
  6 - 2005-02-18 10:51:21 gpgsm[4926]: DBG: END Certificate
  6 - 2005-02-18 10:51:21 gpgsm[4926]: failed to open 
`/home/cludwig/.gnupg/policies.txt': No such file or directory
  6 - 2005-02-18 10:51:21 gpgsm[4926]: note: non-critical certificate policy 
not allowed
  6 - 2005-02-18 10:51:21 gpgsm[4926]: DBG: got issuer's certificate:
  6 - 2005-02-18 10:51:21 gpgsm[4926]: DBG: BEGIN Certificate `issuer':
  6 - 2005-02-18 10:51:21 gpgsm[4926]: DBG:      serial: 01
  6 - 2005-02-18 10:51:21 gpgsm[4926]: DBG:   notBefore: 2002-12-01 08:59:59
  6 - 2005-02-18 10:51:21 gpgsm[4926]: DBG:    notAfter: 2007-12-01 08:59:59
  6 - 2005-02-18 10:51:21 gpgsm[4926]: DBG:      issuer: CN=RBG CA,OU=FB 
Informatik,O=TU Darmstadt,C=DE
  6 - 2005-02-18 10:51:21 gpgsm[4926]: DBG:     subject: CN=RBG CA,OU=FB 
Informatik,O=TU Darmstadt,C=DE
  6 - 2005-02-18 10:51:21 gpgsm[4926]: DBG:   hash algo: 1.3.14.3.2.29
  6 - 2005-02-18 10:51:21 gpgsm[4926]: DBG:   SHA1 Fingerprint: 
F9:19:22:8E:ED:8C:77:69:4E:29:62:47:48:C5:5D:6F:C6:E1:5F:A1
  6 - 2005-02-18 10:51:21 gpgsm[4926]: DBG: END Certificate
  6 - 2005-02-18 10:51:21 gpgsm[4926]: DBG: signature value: 28 37 3A [...]
  6 - 2005-02-18 10:51:21 gpgsm[4926]: DBG: encoded hash: 00 01 FF [...]
  6 - 2005-02-18 10:51:21 gpgsm[4926]: DBG: gcry_pk_verify: Success
  6 - 2005-02-18 10:51:21 gpgsm[4926]: certificate is good
  6 - 2005-02-18 10:51:21 gpgsm[4926]: DBG: signature value: 28 37 3A [...]
[client at fd 6 disconnected]


And here is the log I get as soon as I comment out "encrypt-to" 
in ~/.gnupg.gpgsm.conf (here I abbreviated the line where the 
found certs are transmitted):

[client at fd 6 connected]
  6 - 2005-02-18 10:51:41 gpgsm[4928.0x807b450] DBG: -> Home: ~/.gnupg
  6 - 2005-02-18 10:51:41 gpgsm[4928.0x807b450] DBG: -> Config: 
/home/cludwig/.gnupg/gpgsm.conf
  6 - 2005-02-18 10:51:41 gpgsm[4928.0x807b450] DBG: -> AgentInfo: 
/tmp/gpg-UOWdjz/S.gpg-agent:2610:1
  6 - 2005-02-18 10:51:41 gpgsm[4928.0x807b450] DBG: -> DirmngrInfo: [not set]
  6 - 2005-02-18 10:51:41 gpgsm[4928.0x807b450] DBG: -> GNU Privacy Guard's S/M 
server 1.9.15 ready
  6 - 2005-02-18 10:51:41 gpgsm[4928.0x807b450] DBG: <- OPTION display=:0
  6 - 2005-02-18 10:51:41 gpgsm[4928.0x807b450] DBG: -> OK
  6 - 2005-02-18 10:51:41 gpgsm[4928.0x807b450] DBG: <- OPTION 
ttyname=/dev/pts/3
  6 - 2005-02-18 10:51:41 gpgsm[4928.0x807b450] DBG: -> OK
  6 - 2005-02-18 10:51:41 gpgsm[4928.0x807b450] DBG: <- OPTION ttytype=xterm
  6 - 2005-02-18 10:51:41 gpgsm[4928.0x807b450] DBG: -> OK
  6 - 2005-02-18 10:51:41 gpgsm[4928.0x807b450] DBG: <- OPTION list-mode=1
  6 - 2005-02-18 10:51:41 gpgsm[4928.0x807b450] DBG: -> OK
  6 - 2005-02-18 10:51:41 gpgsm[4928.0x807b450] DBG: <- OPTION with-validation=0
  6 - 2005-02-18 10:51:41 gpgsm[4928.0x807b450] DBG: -> OK
  6 - 2005-02-18 10:51:41 gpgsm[4928.0x807b450] DBG: <- LISTKEYS cludwig
  6 - 2005-02-18 10:51:41 gpgsm[4928]: DBG: get_keygrip for public key
  6 - 2005-02-18 10:51:41 gpgsm[4928]: DBG: keygrip= 1D CE AD 4A 3D A0 25 B0 6B 
FE 0B DC 07 6E B2 86 CB 74 4E F2
  6 - 2005-02-18 10:51:41 gpgsm[4928]: DBG: connection to agent established
  6 - 2005-02-18 10:51:41 gpgsm[4928]: DBG: get_keygrip for public key
  6 - 2005-02-18 10:51:41 gpgsm[4928]: DBG: keygrip= 88 B4 D4 2E 0F B9 1A 15 DF 
ED 69 B1 F9 99 4A 13 1C 6F 9F 37
  6 - 2005-02-18 10:51:41 gpgsm[4928]: DBG: get_keygrip for public key
  6 - 2005-02-18 10:51:41 gpgsm[4928]: DBG: keygrip= 26 83 60 B1 FE A1 DA 5A C1 
0C 87 D8 C6 3D 5E 84 EC F2 EB A3
  6 - 2005-02-18 10:51:41 gpgsm[4928.0x807b450] DBG: -> D 
crs::1023:1:87985D9D19442EB3: [...]
  6 - 2005-02-18 10:51:41 gpgsm[4928.0x807b450] DBG: -> D 
DE::%0Auid:::::::::::%0A
  6 - 2005-02-18 10:51:41 gpgsm[4928.0x807b450] DBG: -> OK
  6 - 2005-02-18 10:51:41 gpgsm[4928.0x807b450] DBG: <- [EOF]
[client at fd 6 disconnected]


Apparently "encrypt-to" conflicts with gpgme's signer selection code. (Note
that calling `gpgsm --list-keys cludwig' on the command line works just fine,
even if "encrypt-to" is in gpgsm.conf.)
But I cannot find "encrypt-to" in gpgsm's info manual so I don't know where 
to look for the problem's cause.

Regards




-- 
http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/cludwig.html
LiDIA: http://www.informatik.tu-darmstadt.de/TI/LiDIA/Welcome.html