+2002-05-01 Josh Huber <huber@alum.wpi.edu>
+
+ * gnus-msg.el (gnus-message-replysignencrypted): enabled by
+ default.
+ * mml-sec.el:
+ * mml-sec.el (mml-signencrypt-style): New.
+ * mml-sec.el (mml-pgpmime-encrypt-buffer): Accept optional
+ argument `sign'.
+ * mml-sec.el (mml-secure-message-encrypt-pgp): Changed default to
+ signencrypt.
+ * mml-sec.el (mml-secure-message-encrypt-pgpmime): Ditto.
+ * mml.el (mml-generate-mime-1): Changed logic so a part which is
+ both signed & encryped is processed in one operation. (rather than
+ two separate ops: sign, then encrypt)
+ * mml2015.el (mml2015-gpg-extract-signature-details): Give some
+ indication if a message is signed by an expired key.
+ * mml2015.el (mml2015-gpg-encrypt): Accept optional argument which
+ enables combined sign & encrypt operation. (this was always on
+ before).
+ * mml2015.el (mml2015-encrypt): Accept optional argument `sign'.
+
2002-05-01 Simon Josefsson <jas@extundo.com>
* nnimap.el (nnimap-retrieve-groups): Use separate data for each
:type 'boolean)
(defcustom gnus-message-replysignencrypted
- nil
+ t
"Setting this causes automatically encryped messages to also be signed."
:group 'gnus-message
:type 'boolean)
(defvar mml-default-encrypt-method (caar mml-encrypt-alist)
"Default encryption method.")
+(defvar mml-signencrypt-style
+ '(("smime" separate)
+ ("pgp" separate)
+ ("pgpmime" combined))
+ "Alist specifying whether or not a single sign & encrypt
+operation should be perfomed when requesting signencrypt.")
+
;;; Security functions
(defun mml-smime-sign-buffer (cont)
(or (mml2015-sign cont)
(error "Signing failed... inspect message logs for errors")))
-(defun mml-pgpmime-encrypt-buffer (cont)
- (or (mml2015-encrypt cont)
+(defun mml-pgpmime-encrypt-buffer (cont &optional sign)
+ (or (mml2015-encrypt cont sign)
(error "Encryption failed... inspect message logs for errors")))
(defun mml-secure-part (method &optional sign)
(interactive "P")
(mml-secure-message "smime" (if dontsign 'encrypt 'signencrypt)))
-;;; NOTE: this should be switched to use signencrypt
-;;; once it does something sensible
(defun mml-secure-message-encrypt-pgp (&optional dontsign)
"Add MML tag to encrypt and sign the entire message.
If called with a prefix argument, only encrypt (do NOT sign)."
(interactive "P")
- (mml-secure-message "pgp" (if dontsign 'encrypt 'encrypt)))
+ (mml-secure-message "pgp" (if dontsign 'encrypt 'signencrypt)))
-;;; NOTE: this should be switched to use signencrypt
-;;; once it does something sensible
(defun mml-secure-message-encrypt-pgpmime (&optional dontsign)
"Add MML tag to encrypt and sign the entire message.
If called with a prefix argument, only encrypt (do NOT sign)."
(interactive "P")
- (mml-secure-message "pgpmime" (if dontsign 'encrypt 'encrypt)))
+ (mml-secure-message "pgpmime" (if dontsign 'encrypt 'signencrypt)))
(provide 'mml-sec)
(insert "\n--" mml-boundary "--\n")))))
(t
(error "Invalid element: %S" cont)))
- (let ((item (assoc (cdr (assq 'sign cont)) mml-sign-alist))
+ ;; handle sign & encrypt tags in a semi-smart way.
+ (let ((sign-item (assoc (cdr (assq 'sign cont)) mml-sign-alist))
+ (encrypt-item (assoc (cdr (assq 'encrypt cont))
+ mml-encrypt-alist))
sender recipients)
- (when item
+ (when (or sign-item encrypt-item)
(if (setq sender (cdr (assq 'sender cont)))
(message-options-set 'message-sender sender))
(if (setq recipients (cdr (assq 'recipients cont)))
(message-options-set 'message-recipients recipients))
- (funcall (nth 1 item) cont)))
- (let ((item (assoc (cdr (assq 'encrypt cont)) mml-encrypt-alist))
- sender recipients)
- (when item
- (if (setq sender (cdr (assq 'sender cont)))
- (message-options-set 'message-sender sender))
- (if (setq recipients (cdr (assq 'recipients cont)))
- (message-options-set 'message-recipients recipients))
- (funcall (nth 1 item) cont))))))
+ (let ((style (second (assoc (first sign-item)
+ mml-signencrypt-style))))
+ ;; check if: we're both signing & encrypting, both methods
+ ;; are the same (why would they be different?!), and that
+ ;; the signencrypt style allows for combined operation.
+ (if (and sign-item encrypt-item (equal (first sign-item)
+ (first encrypt-item))
+ (equal style 'combined))
+ (funcall (nth 1 encrypt-item) cont t)
+ ;; otherwise, revert to the old behavior.
+ (when sign-item
+ (funcall (nth 1 sign-item) cont))
+ (when encrypt-item
+ (funcall (nth 1 encrypt-item) cont)))))))))
(defun mml-compute-boundary (cont)
"Return a unique boundary that does not exist in CONT."
(defun mml2015-gpg-extract-signature-details ()
(goto-char (point-min))
(if (boundp 'gpg-unabbrev-trust-alist)
- (let* ((signer (and (re-search-forward
- "^\\[GNUPG:\\] GOODSIG [0-9A-Za-z]* \\(.*\\)$"
+ (let* ((expired (re-search-forward
+ "^\\[GNUPG:\\] SIGEXPIRED$"
+ nil t))
+ (signer (and (re-search-forward
+ "^\\[GNUPG:\\] GOODSIG \\([0-9A-Za-z]*\\) \\(.*\\)$"
nil t)
- (match-string 1)))
+ (cons (match-string 1) (match-string 2))))
(fprint (and (re-search-forward
"^\\[GNUPG:\\] VALIDSIG \\([0-9a-zA-Z]*\\) "
nil t)
(trust-good-enough-p
(cdr (assoc (cdr (assoc trust gpg-unabbrev-trust-alist))
mml2015-trust-boundaries-alist))))
- (if (and signer trust fprint)
- (concat signer
- (unless trust-good-enough-p
- (concat "\nUntrusted, Fingerprint: "
- (mml2015-gpg-pretty-print-fpr fprint))))
- "From unknown user"))
+ (cond ((and signer fprint)
+ (concat (cdr signer)
+ (unless trust-good-enough-p
+ (concat "\nUntrusted, Fingerprint: "
+ (mml2015-gpg-pretty-print-fpr fprint)))
+ (when expired
+ (format "\nWARNING: Signature from expired key (%s)"
+ (car signer)))))
+ (t
+ "From unknown user")))
(if (re-search-forward "^gpg: Good signature from \"\\(.*\\)\"$" nil t)
(match-string 1)
"From unknown user")))
(insert (format "--%s--\n" boundary))
(goto-char (point-max)))))
-(defun mml2015-gpg-encrypt (cont)
+(defun mml2015-gpg-encrypt (cont &optional sign-also)
(let ((boundary
(funcall mml-boundary-function (incf mml-multipart-number)))
(text (current-buffer))
cipher)
(mm-with-unibyte-current-buffer-mule4
(with-temp-buffer
- (unless (gpg-sign-encrypt
- text (setq cipher (current-buffer))
- mml2015-result-buffer
- (split-string
- (or
- (message-options-get 'message-recipients)
- (message-options-set 'message-recipients
- (read-string "Recipients: ")))
- "[ \f\t\n\r\v,]+")
- nil
- (message-options-get 'message-sender)
- t t) ; armor & textmode
- (unless (> (point-max) (point-min))
- (pop-to-buffer mml2015-result-buffer)
- (error "Encrypt error")))
+ (flet ((gpg-encrypt-func
+ (sign plaintext ciphertext result recipients &optional
+ passphrase sign-with-key armor textmode)
+ (if sign-also
+ (gpg-sign-encrypt
+ plaintext ciphertext result recipients passphrase
+ sign-with-key armor textmode)
+ (gpg-encrypt
+ plaintext ciphertext result recipients passphrase
+ armor textmode))))
+ (unless (gpg-encrypt-func
+ sign-also ; passed in when using signencrypt
+ text (setq cipher (current-buffer))
+ mml2015-result-buffer
+ (split-string
+ (or
+ (message-options-get 'message-recipients)
+ (message-options-set 'message-recipients
+ (read-string "Recipients: ")))
+ "[ \f\t\n\r\v,]+")
+ nil
+ (message-options-get 'message-sender)
+ t t) ; armor & textmode
+ (unless (> (point-max) (point-min))
+ (pop-to-buffer mml2015-result-buffer)
+ (error "Encrypt error"))))
(goto-char (point-min))
(while (re-search-forward "\r+$" nil t)
(replace-match "" t t))
mml2015-use)
;;;###autoload
-(defun mml2015-encrypt (cont)
+(defun mml2015-encrypt (cont &optional sign)
(mml2015-clean-buffer)
(let ((func (nth 2 (assq mml2015-use mml2015-function-alist))))
(if func
- (funcall func cont)
+ (funcall func cont sign)
(error "Cannot find encrypt function"))))
;;;###autoload
+2002-05-01 Josh Huber <huber@alum.wpi.edu>
+
+ * gnus.texi (Signing and encrypting): Fix doc. Also, add a
+ paragraph about replysign/replyencrypt/replysignencryped use.
+
2002-05-01 Lars Magne Ingebrigtsen <larsi@quimbies.gnus.org>
* message.texi (Message Headers): Remove colon from index
@sc{Mailcrypt}, you need to install at least one of them. The
@sc{s/mime} support in Gnus requires the external program OpenSSL.
+Often, you would like to sign replies to people who send you signed
+messages. Even more often, you might want to encrypt messages which
+are in reply to encrypted messages. Gnus offers
+@code{gnus-message-replysign} to enable the former, and
+@code{gnus-message-replyencrypt} for the latter. In addition, setting
+@code{gnus-message-replysignencrypted} (on by default) will sign
+automatically encrypted messages.
+
Instructing MML to perform security operations on a @sc{mime} part is
done using the @kbd{C-c C-m s} key map for signing and the @kbd{C-c
C-m c} key map for encryption, as follows.
@item C-c C-m s s
@kindex C-c C-m s s
-@findex mml-secure-sign-smime
+@findex mml-secure-message-sign-smime
-Digitally sign current @sc{mime} part using @sc{s/mime}.
+Digitally sign current message using @sc{s/mime}.
@item C-c C-m s o
@kindex C-c C-m s o
-@findex mml-secure-sign-pgp
+@findex mml-secure-message-sign-pgp
-Digitally sign current @sc{mime} part using PGP.
+Digitally sign current message using PGP.
@item C-c C-m s p
@kindex C-c C-m s p
-@findex mml-secure-sign-pgp
+@findex mml-secure-message-sign-pgp
-Digitally sign current @sc{mime} part using @sc{pgp/mime}.
+Digitally sign current message using @sc{pgp/mime}.
@item C-c C-m c s
@kindex C-c C-m c s
-@findex mml-secure-encrypt-smime
+@findex mml-secure-message-encrypt-smime
-Digitally encrypt current @sc{mime} part using @sc{s/mime}.
+Digitally encrypt current message using @sc{s/mime}.
@item C-c C-m c o
@kindex C-c C-m c o
-@findex mml-secure-encrypt-pgp
+@findex mml-secure-message-encrypt-pgp
-Digitally encrypt current @sc{mime} part using PGP.
+Digitally encrypt current message using PGP.
@item C-c C-m c p
@kindex C-c C-m c p
-@findex mml-secure-encrypt-pgpmime
+@findex mml-secure-message-encrypt-pgpmime
-Digitally encrypt current @sc{mime} part using @sc{pgp/mime}.
+Digitally encrypt current message using @sc{pgp/mime}.
@item C-c C-m C-n
@kindex C-c C-m C-n