Re: S/MIME Key Storage (and PKCS7-SIG vs. X-PKCS7-SIG)
hah! I didn't even realize I priv-reply'd rather than list-replied.
Oops. I'll CC: this to the list. Thanks, Christoph.
On Sun, 28 Dec 2003, Christoph Ludwig wrote:
> [Did you send your message to me privately on purpose? If not, feel
> free to bounce my reply to the mailing list.]
>
> On Wed, Dec 24, 2003 at 09:57:25AM -0600, Marius Strom wrote:
> > That works, didn't see that documented anywhere.
>
> Hint: Press '?' in the index menu... :-)
>
> > As far as auto-grab, I was referring to GPG's behavior of storing the
> > key from the key-server as it would verify OpenPGP signatures on the
> > fly. Guess it's not that important though; just leads to a cluttered
> > keyring.
>
> As mentioned, you could delegate the certificate extraction from all
> incoming mails to procmail. A second idea is to write a shell script
> that combines the commands from mutt's configuration variables
> smime_verify_command and smime_import_cert_command and call this shell
> script for signature verification.
>
> > So, on the the next problem.. When I receive an email from other mutt
> > users that mime the signature as x-pkcs7-signature, it works fine. When
> > I get emails from people that use Apple's Mail client, which encodes as
> > pkcs7-signature, Mutt throws the following error:
> >
> > We can't verify application/pkcs7-signature signatures.
> >
> > Now, I've googled, and someone pointed to a patch
> > (http://bugs.guug.de/db/16/1644-b.html), but when I apply this patch,
> > no S/Mime signatures work at all. Mutt tries to pass things to GPG
> > suddenly, even if I disable all my gpg stuff in .muttrc. So, I don't
> > believe that patch is a silver bullet to this problem.
> >
> > The apple mail client throws this line in signed messages:
> >
> > protocol="application/pkcs7-signature"
> >
> > I've tried modifying line 873 of crypto.c as well to take the
> > x-pkcs7-sig or pkcs7-sig, but to no avail.
> >
> > Anyone have any ideas?
>
> Try the latest CVS version. There was another patch (by Scott Koranda,
> http://marc.theaimsgroup.com/?l=mutt-dev&m=107167657509056&w=2) that
> deals with this particular error message. Thomas Roessler committed it
> to the CVS. (Note:I didn't try these patches myself.)
>
> Regards
>
> Christoph
>
>
> >
> > On Tue, 23 Dec 2003, Christoph Ludwig wrote:
> > > On Mon, Dec 22, 2003 at 04:40:23PM -0600, Marius Strom wrote:
> > > > Anyone come up with a clever way for mutt to auto-grab S/MIME public
> > > > keys out of signed messages and add them to your keyring?
> > >
> > > I am not sure what you mean exactly with "auto-grab": If you have a
> > > signed message, you can extract and store the sender's public key
> > > with ^K. If you want the public key to be added to your keystore
> > > without any user interaction then I guess a procmail based approach is
> > > appropriate.
> > >
> > > Regards
> > >
> > > Christoph
> >
>
> --
> http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/cludwig.html
> LiDIA: http://www.informatik.tu-darmstadt.de/TI/LiDIA/Welcome.html
>
--
/------------------------------------------------->
Marius Strom | Always carry a short length of fibre-optic cable.
Professional Geek | If you get lost, then you can drop it on the
System/Network Admin | ground, wait 10 minutes, and ask the backhoe
http://www.marius.org/ | operator how to get back to civilization.
\-------------| Alan Frame |---------------------->