Re: For 1.5.9 - fixed smime-encrypt-self patch
On Fri, Feb 18, 2005 at 06:06:33PM +0900, Tamotsu Takahashi wrote:
> On Fri, Feb 18, 2005 at 09:54:10AM +0100, Christoph Ludwig wrote:
> > On Fri, Feb 18, 2005 at 05:33:17PM +0900, Tamotsu Takahashi wrote:
> > > On Fri, Feb 18, 2005 at 09:15:43AM +0100, Christoph Ludwig wrote:
> > > > b) How do you think gpgme supports encrypt-self?
> > >
> > > FYI: https://intevation.de/roundup/aegypten/issue246
> > > (Aegypten issue tracker: Issue 246: mutt does not do additional
> > > encrypt-to)
> >
> > So it seems I didn't miss a gpgme feature.
>
> Well, I meant that gpgsm DOES have an option now.
> The problem was fixed last year.
> You can add "encrypt-to YOURFINGERPRINT" to your ~/.gnupg/gpgsm.conf.
Oh, sorry, I misunderstood you.
But when I try to add "encrypt-to FINGERPRINT" then mutt's gpgme backend fails
silently: If I choose "sign as" and enter "cludwig" then I don't get a list of
my certificates anymore but I am prompted for a selection criterion
again. Looking at the GnuPG logs in kwatchgnupg I see that gpgsm successfully
validates the certificate I specified in the "encrypt-to" directive, but it
does not do anything else. Here is the log with "encrypt-to" (with abbreviated
signature values and hash values):
[client at fd 6 connected]
6 - 2005-02-18 10:51:21 gpgsm[4926]: no key usage specified - assuming all
usages
6 - 2005-02-18 10:51:21 gpgsm[4926]: DBG: BEGIN Certificate `target':
6 - 2005-02-18 10:51:21 gpgsm[4926]: DBG: serial: 10B7
6 - 2005-02-18 10:51:21 gpgsm[4926]: DBG: notBefore: 2005-02-14 11:32:28
6 - 2005-02-18 10:51:21 gpgsm[4926]: DBG: notAfter: 2006-02-13 23:00:00
6 - 2005-02-18 10:51:21 gpgsm[4926]: DBG: issuer: CN=RBG CA,OU=FB
Informatik,O=TU Darmstadt,C=DE
6 - 2005-02-18 10:51:21 gpgsm[4926]: DBG: subject: CN=Christoph
Ludwig,OU=CDC,OU=FB Informatik,O=TU Darmstadt,C=DE
6 - 2005-02-18 10:51:21 gpgsm[4926]: DBG: hash algo: 1.3.14.3.2.29
6 - 2005-02-18 10:51:21 gpgsm[4926]: DBG: SHA1 Fingerprint:
3B:78:D1:1A:A4:11:BC:9C:83:4F:D5:51:A8:BC:F9:B3:7B:D9:BC:97
6 - 2005-02-18 10:51:21 gpgsm[4926]: DBG: END Certificate
6 - 2005-02-18 10:51:21 gpgsm[4926]: failed to open
`/home/cludwig/.gnupg/policies.txt': No such file or directory
6 - 2005-02-18 10:51:21 gpgsm[4926]: note: non-critical certificate policy
not allowed
6 - 2005-02-18 10:51:21 gpgsm[4926]: DBG: got issuer's certificate:
6 - 2005-02-18 10:51:21 gpgsm[4926]: DBG: BEGIN Certificate `issuer':
6 - 2005-02-18 10:51:21 gpgsm[4926]: DBG: serial: 01
6 - 2005-02-18 10:51:21 gpgsm[4926]: DBG: notBefore: 2002-12-01 08:59:59
6 - 2005-02-18 10:51:21 gpgsm[4926]: DBG: notAfter: 2007-12-01 08:59:59
6 - 2005-02-18 10:51:21 gpgsm[4926]: DBG: issuer: CN=RBG CA,OU=FB
Informatik,O=TU Darmstadt,C=DE
6 - 2005-02-18 10:51:21 gpgsm[4926]: DBG: subject: CN=RBG CA,OU=FB
Informatik,O=TU Darmstadt,C=DE
6 - 2005-02-18 10:51:21 gpgsm[4926]: DBG: hash algo: 1.3.14.3.2.29
6 - 2005-02-18 10:51:21 gpgsm[4926]: DBG: SHA1 Fingerprint:
F9:19:22:8E:ED:8C:77:69:4E:29:62:47:48:C5:5D:6F:C6:E1:5F:A1
6 - 2005-02-18 10:51:21 gpgsm[4926]: DBG: END Certificate
6 - 2005-02-18 10:51:21 gpgsm[4926]: DBG: signature value: 28 37 3A [...]
6 - 2005-02-18 10:51:21 gpgsm[4926]: DBG: encoded hash: 00 01 FF [...]
6 - 2005-02-18 10:51:21 gpgsm[4926]: DBG: gcry_pk_verify: Success
6 - 2005-02-18 10:51:21 gpgsm[4926]: certificate is good
6 - 2005-02-18 10:51:21 gpgsm[4926]: DBG: signature value: 28 37 3A [...]
[client at fd 6 disconnected]
And here is the log I get as soon as I comment out "encrypt-to"
in ~/.gnupg.gpgsm.conf (here I abbreviated the line where the
found certs are transmitted):
[client at fd 6 connected]
6 - 2005-02-18 10:51:41 gpgsm[4928.0x807b450] DBG: -> Home: ~/.gnupg
6 - 2005-02-18 10:51:41 gpgsm[4928.0x807b450] DBG: -> Config:
/home/cludwig/.gnupg/gpgsm.conf
6 - 2005-02-18 10:51:41 gpgsm[4928.0x807b450] DBG: -> AgentInfo:
/tmp/gpg-UOWdjz/S.gpg-agent:2610:1
6 - 2005-02-18 10:51:41 gpgsm[4928.0x807b450] DBG: -> DirmngrInfo: [not set]
6 - 2005-02-18 10:51:41 gpgsm[4928.0x807b450] DBG: -> GNU Privacy Guard's S/M
server 1.9.15 ready
6 - 2005-02-18 10:51:41 gpgsm[4928.0x807b450] DBG: <- OPTION display=:0
6 - 2005-02-18 10:51:41 gpgsm[4928.0x807b450] DBG: -> OK
6 - 2005-02-18 10:51:41 gpgsm[4928.0x807b450] DBG: <- OPTION
ttyname=/dev/pts/3
6 - 2005-02-18 10:51:41 gpgsm[4928.0x807b450] DBG: -> OK
6 - 2005-02-18 10:51:41 gpgsm[4928.0x807b450] DBG: <- OPTION ttytype=xterm
6 - 2005-02-18 10:51:41 gpgsm[4928.0x807b450] DBG: -> OK
6 - 2005-02-18 10:51:41 gpgsm[4928.0x807b450] DBG: <- OPTION list-mode=1
6 - 2005-02-18 10:51:41 gpgsm[4928.0x807b450] DBG: -> OK
6 - 2005-02-18 10:51:41 gpgsm[4928.0x807b450] DBG: <- OPTION with-validation=0
6 - 2005-02-18 10:51:41 gpgsm[4928.0x807b450] DBG: -> OK
6 - 2005-02-18 10:51:41 gpgsm[4928.0x807b450] DBG: <- LISTKEYS cludwig
6 - 2005-02-18 10:51:41 gpgsm[4928]: DBG: get_keygrip for public key
6 - 2005-02-18 10:51:41 gpgsm[4928]: DBG: keygrip= 1D CE AD 4A 3D A0 25 B0 6B
FE 0B DC 07 6E B2 86 CB 74 4E F2
6 - 2005-02-18 10:51:41 gpgsm[4928]: DBG: connection to agent established
6 - 2005-02-18 10:51:41 gpgsm[4928]: DBG: get_keygrip for public key
6 - 2005-02-18 10:51:41 gpgsm[4928]: DBG: keygrip= 88 B4 D4 2E 0F B9 1A 15 DF
ED 69 B1 F9 99 4A 13 1C 6F 9F 37
6 - 2005-02-18 10:51:41 gpgsm[4928]: DBG: get_keygrip for public key
6 - 2005-02-18 10:51:41 gpgsm[4928]: DBG: keygrip= 26 83 60 B1 FE A1 DA 5A C1
0C 87 D8 C6 3D 5E 84 EC F2 EB A3
6 - 2005-02-18 10:51:41 gpgsm[4928.0x807b450] DBG: -> D
crs::1023:1:87985D9D19442EB3: [...]
6 - 2005-02-18 10:51:41 gpgsm[4928.0x807b450] DBG: -> D
DE::%0Auid:::::::::::%0A
6 - 2005-02-18 10:51:41 gpgsm[4928.0x807b450] DBG: -> OK
6 - 2005-02-18 10:51:41 gpgsm[4928.0x807b450] DBG: <- [EOF]
[client at fd 6 disconnected]
Apparently "encrypt-to" conflicts with gpgme's signer selection code. (Note
that calling `gpgsm --list-keys cludwig' on the command line works just fine,
even if "encrypt-to" is in gpgsm.conf.)
But I cannot find "encrypt-to" in gpgsm's info manual so I don't know where
to look for the problem's cause.
Regards
--
http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/cludwig.html
LiDIA: http://www.informatik.tu-darmstadt.de/TI/LiDIA/Welcome.html