1 ;;; mml2015.el --- MIME Security with Pretty Good Privacy (PGP)
3 ;; Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
4 ;; 2008, 2009, 2010 Free Software Foundation, Inc.
6 ;; Author: Shenghuo Zhu <zsh@cs.rochester.edu>
7 ;; Keywords: PGP MIME MML
9 ;; This file is part of GNU Emacs.
11 ;; GNU Emacs is free software: you can redistribute it and/or modify
12 ;; it under the terms of the GNU General Public License as published by
13 ;; the Free Software Foundation, either version 3 of the License, or
14 ;; (at your option) any later version.
16 ;; GNU Emacs is distributed in the hope that it will be useful,
17 ;; but WITHOUT ANY WARRANTY; without even the implied warranty of
18 ;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 ;; GNU General Public License for more details.
21 ;; You should have received a copy of the GNU General Public License
22 ;; along with GNU Emacs. If not, see <http://www.gnu.org/licenses/>.
26 ;; RFC 2015 is updated by RFC 3156, this file should be compatible
33 (unless (fboundp 'declare-function) (defmacro declare-function (&rest r)))
35 (if (locate-library "password-cache")
36 (require 'password-cache)
39 (eval-when-compile (require 'cl))
45 (defvar mc-pgp-always-sign)
47 (declare-function epg-check-configuration "ext:epg-config"
48 (config &optional minimum-version))
49 (declare-function epg-configuration "ext:epg-config" ())
51 (defvar mml2015-use (or
55 (epg-check-configuration (epg-configuration))
60 ;; Avoid the "Recursive load suspected" error
62 (let ((recursive-load-depth-limit 100))
64 (and (fboundp 'pgg-sign-region)
68 (and (fboundp 'mc-encrypt-generic)
69 (fboundp 'mc-sign-generic)
70 (fboundp 'mc-cleanup-recipient-headers)
72 "The package used for PGP/MIME.
73 Valid packages include `epg', `pgg' and `mailcrypt'.")
75 ;; Something is not RFC2015.
76 (defvar mml2015-function-alist
77 '((mailcrypt mml2015-mailcrypt-sign
78 mml2015-mailcrypt-encrypt
79 mml2015-mailcrypt-verify
80 mml2015-mailcrypt-decrypt
81 mml2015-mailcrypt-clear-verify
82 mml2015-mailcrypt-clear-decrypt)
87 mml2015-pgg-clear-verify
88 mml2015-pgg-clear-decrypt)
93 mml2015-epg-clear-verify
94 mml2015-epg-clear-decrypt))
95 "Alist of PGP/MIME functions.")
97 (defvar mml2015-result-buffer nil)
99 (defcustom mml2015-unabbrev-trust-alist
100 '(("TRUST_UNDEFINED" . nil)
101 ("TRUST_NEVER" . nil)
102 ("TRUST_MARGINAL" . t)
104 ("TRUST_ULTIMATE" . t))
105 "Map GnuPG trust output values to a boolean saying if you trust the key."
107 :group 'mime-security
108 :type '(repeat (cons (regexp :tag "GnuPG output regexp")
109 (boolean :tag "Trust key"))))
111 (defcustom mml2015-cache-passphrase mml-secure-cache-passphrase
112 "If t, cache passphrase."
113 :group 'mime-security
116 (defcustom mml2015-passphrase-cache-expiry mml-secure-passphrase-cache-expiry
117 "How many seconds the passphrase is cached.
118 Whether the passphrase is cached at all is controlled by
119 `mml2015-cache-passphrase'."
120 :group 'mime-security
123 (defcustom mml2015-signers nil
124 "A list of your own key ID which will be used to sign a message."
125 :group 'mime-security
126 :type '(repeat (string :tag "Key ID")))
128 (defcustom mml2015-encrypt-to-self nil
129 "If t, add your own key ID to recipient list when encryption."
130 :group 'mime-security
133 (defcustom mml2015-always-trust t
134 "If t, GnuPG skip key validation on encryption."
135 :group 'mime-security
138 ;; Extract plaintext from cleartext signature. IMO, this kind of task
139 ;; should be done by GnuPG rather than Elisp, but older PGP backends
140 ;; (such as Mailcrypt, and PGG) discard the output from GnuPG.
141 (defun mml2015-extract-cleartext-signature ()
143 ;; <54a15d860801080142l70b95d7dkac4bf51a86196011@mail.gmail.com>: ``I still
144 ;; believe that the right way is to use the plaintext output from GnuPG as
145 ;; it is, and mml2015-extract-cleartext-signature is just a kludge for
146 ;; misdesigned libraries like PGG, which have no ability to do that. So, I
147 ;; think it should not have descriptive documentation.''
149 ;; This function doesn't handle NotDashEscaped correctly. EasyPG handles it
151 ;; http://thread.gmane.org/gmane.emacs.gnus.general/66062/focus=66082
152 ;; http://thread.gmane.org/gmane.emacs.gnus.general/65087/focus=65109
153 (goto-char (point-min))
155 ;; We need to be careful not to strip beyond the armor headers.
156 ;; Previously, an attacker could replace the text inside our
157 ;; markup with trailing garbage by injecting whitespace into the
159 (while (looking-at "Hash:") ; The only header allowed in cleartext
160 (forward-line)) ; signatures according to RFC2440.
161 (when (looking-at "[\t ]*$")
163 (delete-region (point-min) (point))
164 (if (re-search-forward "^-----BEGIN PGP SIGNATURE-----" nil t)
165 (delete-region (match-beginning 0) (point-max)))
166 (goto-char (point-min))
167 (while (re-search-forward "^- " nil t)
168 (replace-match "" t t)
171 ;;; mailcrypt wrapper
173 (autoload 'mailcrypt-decrypt "mailcrypt")
174 (autoload 'mailcrypt-verify "mailcrypt")
175 (autoload 'mc-pgp-always-sign "mailcrypt")
176 (autoload 'mc-encrypt-generic "mc-toplev")
177 (autoload 'mc-cleanup-recipient-headers "mc-toplev")
178 (autoload 'mc-sign-generic "mc-toplev")
180 (defvar mml2015-decrypt-function 'mailcrypt-decrypt)
181 (defvar mml2015-verify-function 'mailcrypt-verify)
183 (defun mml2015-format-error (err)
184 (if (stringp (cadr err))
186 (format "%S" (cdr err))))
188 (defun mml2015-mailcrypt-decrypt (handle ctl)
190 (let (child handles result)
191 (unless (setq child (mm-find-part-by-type
193 "application/octet-stream" nil t))
194 (mm-set-handle-multipart-parameter
195 mm-security-handle 'gnus-info "Corrupted")
196 (throw 'error handle))
198 (mm-insert-part child)
201 (funcall mml2015-decrypt-function)
203 (mm-set-handle-multipart-parameter
204 mm-security-handle 'gnus-details (mml2015-format-error err))
207 (mm-set-handle-multipart-parameter
208 mm-security-handle 'gnus-details "Quit.")
211 (mm-set-handle-multipart-parameter
212 mm-security-handle 'gnus-info "Failed")
213 (throw 'error handle))
214 (setq handles (mm-dissect-buffer t)))
215 (mm-destroy-parts handle)
216 (mm-set-handle-multipart-parameter
217 mm-security-handle 'gnus-info
219 (let ((sig (with-current-buffer mml2015-result-buffer
220 (mml2015-gpg-extract-signature-details))))
221 (concat ", Signer: " sig))))
222 (if (listp (car handles))
226 (defun mml2015-gpg-extract-signature-details ()
227 (goto-char (point-min))
228 (let* ((expired (re-search-forward
229 "^\\[GNUPG:\\] SIGEXPIRED$"
231 (signer (and (re-search-forward
232 "^\\[GNUPG:\\] GOODSIG \\([0-9A-Za-z]*\\) \\(.*\\)$"
234 (cons (match-string 1) (match-string 2))))
235 (fprint (and (re-search-forward
236 "^\\[GNUPG:\\] VALIDSIG \\([0-9a-zA-Z]*\\) "
239 (trust (and (re-search-forward
240 "^\\[GNUPG:\\] \\(TRUST_.*\\)$"
244 (cdr (assoc trust mml2015-unabbrev-trust-alist))))
245 (cond ((and signer fprint)
247 (unless trust-good-enough-p
248 (concat "\nUntrusted, Fingerprint: "
249 (mml2015-gpg-pretty-print-fpr fprint)))
251 (format "\nWARNING: Signature from expired key (%s)"
254 "^\\(gpg: \\)?Good signature from \"\\(.*\\)\"$" nil t)
257 "From unknown user"))))
259 (defun mml2015-mailcrypt-clear-decrypt ()
263 (funcall mml2015-decrypt-function)
265 (mm-set-handle-multipart-parameter
266 mm-security-handle 'gnus-details (mml2015-format-error err))
269 (mm-set-handle-multipart-parameter
270 mm-security-handle 'gnus-details "Quit.")
273 (mm-set-handle-multipart-parameter
274 mm-security-handle 'gnus-info "OK")
275 (mm-set-handle-multipart-parameter
276 mm-security-handle 'gnus-info "Failed"))))
278 (defun mml2015-fix-micalg (alg)
280 ;; Mutt/1.2.5i has seen sending micalg=php-sha1
281 (upcase (if (string-match "^p[gh]p-" alg)
282 (substring alg (match-end 0))
285 (defun mml2015-mailcrypt-verify (handle ctl)
288 (unless (setq part (mm-find-raw-part-by-type
289 ctl (or (mm-handle-multipart-ctl-parameter
291 "application/pgp-signature")
293 (mm-set-handle-multipart-parameter
294 mm-security-handle 'gnus-info "Corrupted")
295 (throw 'error handle))
297 (insert "-----BEGIN PGP SIGNED MESSAGE-----\n")
298 (insert (format "Hash: %s\n\n"
299 (or (mml2015-fix-micalg
300 (mm-handle-multipart-ctl-parameter
304 (narrow-to-region (point) (point))
306 (goto-char (point-min))
308 (if (looking-at "^-")
311 (unless (setq part (mm-find-part-by-type
312 (cdr handle) "application/pgp-signature" nil t))
313 (mm-set-handle-multipart-parameter
314 mm-security-handle 'gnus-info "Corrupted")
315 (throw 'error handle))
317 (narrow-to-region (point) (point))
318 (mm-insert-part part)
319 (goto-char (point-min))
320 (if (re-search-forward "^-----BEGIN PGP [^-]+-----\r?$" nil t)
321 (replace-match "-----BEGIN PGP SIGNATURE-----" t t))
322 (if (re-search-forward "^-----END PGP [^-]+-----\r?$" nil t)
323 (replace-match "-----END PGP SIGNATURE-----" t t)))
324 (let ((mc-gpg-debug-buffer (get-buffer-create " *gnus gpg debug*")))
325 (unless (condition-case err
327 (funcall mml2015-verify-function)
328 (if (get-buffer " *mailcrypt stderr temp")
329 (mm-set-handle-multipart-parameter
330 mm-security-handle 'gnus-details
331 (with-current-buffer " *mailcrypt stderr temp"
333 (if (get-buffer " *mailcrypt stdout temp")
334 (kill-buffer " *mailcrypt stdout temp"))
335 (if (get-buffer " *mailcrypt stderr temp")
336 (kill-buffer " *mailcrypt stderr temp"))
337 (if (get-buffer " *mailcrypt status temp")
338 (kill-buffer " *mailcrypt status temp"))
339 (if (get-buffer mc-gpg-debug-buffer)
340 (kill-buffer mc-gpg-debug-buffer)))
342 (mm-set-handle-multipart-parameter
343 mm-security-handle 'gnus-details (mml2015-format-error err))
346 (mm-set-handle-multipart-parameter
347 mm-security-handle 'gnus-details "Quit.")
349 (mm-set-handle-multipart-parameter
350 mm-security-handle 'gnus-info "Failed")
351 (throw 'error handle))))
352 (mm-set-handle-multipart-parameter
353 mm-security-handle 'gnus-info "OK")
356 (defun mml2015-mailcrypt-clear-verify ()
357 (let ((mc-gpg-debug-buffer (get-buffer-create " *gnus gpg debug*")))
358 (if (condition-case err
360 (funcall mml2015-verify-function)
361 (if (get-buffer " *mailcrypt stderr temp")
362 (mm-set-handle-multipart-parameter
363 mm-security-handle 'gnus-details
364 (with-current-buffer " *mailcrypt stderr temp"
366 (if (get-buffer " *mailcrypt stdout temp")
367 (kill-buffer " *mailcrypt stdout temp"))
368 (if (get-buffer " *mailcrypt stderr temp")
369 (kill-buffer " *mailcrypt stderr temp"))
370 (if (get-buffer " *mailcrypt status temp")
371 (kill-buffer " *mailcrypt status temp"))
372 (if (get-buffer mc-gpg-debug-buffer)
373 (kill-buffer mc-gpg-debug-buffer)))
375 (mm-set-handle-multipart-parameter
376 mm-security-handle 'gnus-details (mml2015-format-error err))
379 (mm-set-handle-multipart-parameter
380 mm-security-handle 'gnus-details "Quit.")
382 (mm-set-handle-multipart-parameter
383 mm-security-handle 'gnus-info "OK")
384 (mm-set-handle-multipart-parameter
385 mm-security-handle 'gnus-info "Failed")))
386 (mml2015-extract-cleartext-signature))
388 (defun mml2015-mailcrypt-sign (cont)
389 (mc-sign-generic (message-options-get 'message-sender)
391 (let ((boundary (mml-compute-boundary cont))
393 (goto-char (point-min))
394 (unless (re-search-forward "^-----BEGIN PGP SIGNED MESSAGE-----\r?$" nil t)
395 (error "Cannot find signed begin line"))
396 (goto-char (match-beginning 0))
398 (unless (looking-at "Hash:[ \t]*\\([a-zA-Z0-9]+\\)")
399 (error "Cannot not find PGP hash"))
400 (setq hash (match-string 1))
401 (unless (re-search-forward "^$" nil t)
402 (error "Cannot not find PGP message"))
404 (delete-region (point-min) (point))
405 (insert (format "Content-Type: multipart/signed; boundary=\"%s\";\n"
407 (insert (format "\tmicalg=pgp-%s; protocol=\"application/pgp-signature\"\n"
409 (insert (format "\n--%s\n" boundary))
411 (goto-char (point-max))
412 (unless (re-search-backward "^-----END PGP SIGNATURE-----\r?$" nil t)
413 (error "Cannot find signature part"))
414 (replace-match "-----END PGP MESSAGE-----" t t)
415 (goto-char (match-beginning 0))
416 (unless (re-search-backward "^-----BEGIN PGP SIGNATURE-----\r?$"
418 (error "Cannot find signature part"))
419 (replace-match "-----BEGIN PGP MESSAGE-----" t t)
420 (goto-char (match-beginning 0))
422 (narrow-to-region point (point))
424 (while (re-search-forward "^- -" nil t)
425 (replace-match "-" t t))
426 (goto-char (point-max)))
427 (insert (format "--%s\n" boundary))
428 (insert "Content-Type: application/pgp-signature\n\n")
429 (goto-char (point-max))
430 (insert (format "--%s--\n" boundary))
431 (goto-char (point-max))))
433 ;; We require mm-decode, which requires mm-bodies, which autoloads
434 ;; message-options-get (!).
435 (declare-function message-options-set "message" (symbol value))
437 (defun mml2015-mailcrypt-encrypt (cont &optional sign)
438 (let ((mc-pgp-always-sign
439 (or mc-pgp-always-sign
441 (eq t (or (message-options-get 'message-sign-encrypt)
443 'message-sign-encrypt
444 (or (y-or-n-p "Sign the message? ")
447 (mm-with-unibyte-current-buffer
449 (or (message-options-get 'message-recipients)
450 (message-options-set 'message-recipients
451 (mc-cleanup-recipient-headers
452 (read-string "Recipients: "))))
454 (message-options-get 'message-sender))))
455 (goto-char (point-min))
456 (unless (looking-at "-----BEGIN PGP MESSAGE-----")
457 (error "Fail to encrypt the message"))
458 (let ((boundary (mml-compute-boundary cont)))
459 (insert (format "Content-Type: multipart/encrypted; boundary=\"%s\";\n"
461 (insert "\tprotocol=\"application/pgp-encrypted\"\n\n")
462 (insert (format "--%s\n" boundary))
463 (insert "Content-Type: application/pgp-encrypted\n\n")
464 (insert "Version: 1\n\n")
465 (insert (format "--%s\n" boundary))
466 (insert "Content-Type: application/octet-stream\n\n")
467 (goto-char (point-max))
468 (insert (format "--%s--\n" boundary))
469 (goto-char (point-max))))
473 (defvar pgg-default-user-id)
474 (defvar pgg-errors-buffer)
475 (defvar pgg-output-buffer)
477 (autoload 'pgg-decrypt-region "pgg")
478 (autoload 'pgg-verify-region "pgg")
479 (autoload 'pgg-sign-region "pgg")
480 (autoload 'pgg-encrypt-region "pgg")
481 (autoload 'pgg-parse-armor "pgg-parse")
483 (defun mml2015-pgg-decrypt (handle ctl)
485 (let ((pgg-errors-buffer mml2015-result-buffer)
486 child handles result decrypt-status)
487 (unless (setq child (mm-find-part-by-type
489 "application/octet-stream" nil t))
490 (mm-set-handle-multipart-parameter
491 mm-security-handle 'gnus-info "Corrupted")
492 (throw 'error handle))
494 (mm-insert-part child)
495 (if (condition-case err
497 (pgg-decrypt-region (point-min) (point-max))
499 (with-current-buffer mml2015-result-buffer
501 (mm-set-handle-multipart-parameter
502 mm-security-handle 'gnus-details
505 (mm-set-handle-multipart-parameter
506 mm-security-handle 'gnus-details (mml2015-format-error err))
509 (mm-set-handle-multipart-parameter
510 mm-security-handle 'gnus-details "Quit.")
512 (with-current-buffer pgg-output-buffer
513 (goto-char (point-min))
514 (while (search-forward "\r\n" nil t)
515 (replace-match "\n" t t))
516 (setq handles (mm-dissect-buffer t))
517 (mm-destroy-parts handle)
518 (mm-set-handle-multipart-parameter
519 mm-security-handle 'gnus-info "OK")
520 (mm-set-handle-multipart-parameter
521 mm-security-handle 'gnus-details
522 (concat decrypt-status
523 (when (stringp (car handles))
524 "\n" (mm-handle-multipart-ctl-parameter
525 handles 'gnus-details))))
526 (if (listp (car handles))
529 (mm-set-handle-multipart-parameter
530 mm-security-handle 'gnus-info "Failed")
531 (throw 'error handle))))))
533 (defun mml2015-pgg-clear-decrypt ()
534 (let ((pgg-errors-buffer mml2015-result-buffer))
536 (pgg-decrypt-region (point-min) (point-max))
537 (mm-set-handle-multipart-parameter
538 mm-security-handle 'gnus-details
539 (with-current-buffer mml2015-result-buffer
543 ;; Treat data which pgg returns as a unibyte string.
544 (mm-disable-multibyte)
545 (insert-buffer-substring pgg-output-buffer)
546 (goto-char (point-min))
547 (while (search-forward "\r\n" nil t)
548 (replace-match "\n" t t))
549 (mm-set-handle-multipart-parameter
550 mm-security-handle 'gnus-info "OK"))
551 (mm-set-handle-multipart-parameter
552 mm-security-handle 'gnus-info "Failed"))))
554 (defun mml2015-pgg-verify (handle ctl)
555 (let ((pgg-errors-buffer mml2015-result-buffer)
556 signature-file part signature)
557 (if (or (null (setq part (mm-find-raw-part-by-type
558 ctl (or (mm-handle-multipart-ctl-parameter
560 "application/pgp-signature")
562 (null (setq signature (mm-find-part-by-type
563 (cdr handle) "application/pgp-signature" nil t))))
565 (mm-set-handle-multipart-parameter
566 mm-security-handle 'gnus-info "Corrupted")
570 ;; Convert <LF> to <CR><LF> in signed text. If --textmode is
571 ;; specified when signing, the conversion is not necessary.
572 (goto-char (point-min))
575 (unless (eq (char-before) ?\r)
579 (with-temp-file (setq signature-file (mm-make-temp-file "pgg"))
580 (mm-insert-part signature))
581 (if (condition-case err
583 (pgg-verify-region (point-min) (point-max)
585 (goto-char (point-min))
586 (while (search-forward "\r\n" nil t)
587 (replace-match "\n" t t))
588 (mm-set-handle-multipart-parameter
589 mm-security-handle 'gnus-details
590 (concat (with-current-buffer pgg-output-buffer
592 (with-current-buffer pgg-errors-buffer
595 (mm-set-handle-multipart-parameter
596 mm-security-handle 'gnus-details (mml2015-format-error err))
599 (mm-set-handle-multipart-parameter
600 mm-security-handle 'gnus-details "Quit.")
603 (delete-file signature-file)
604 (mm-set-handle-multipart-parameter
605 mm-security-handle 'gnus-info
606 (with-current-buffer pgg-errors-buffer
607 (mml2015-gpg-extract-signature-details))))
608 (delete-file signature-file)
609 (mm-set-handle-multipart-parameter
610 mm-security-handle 'gnus-info "Failed")))))
613 (defun mml2015-pgg-clear-verify ()
614 (let ((pgg-errors-buffer mml2015-result-buffer)
615 (text (buffer-string))
616 (coding-system buffer-file-coding-system))
617 (if (condition-case err
619 (mm-with-unibyte-buffer
620 (insert (mm-encode-coding-string text coding-system))
621 (pgg-verify-region (point-min) (point-max) nil t))
622 (goto-char (point-min))
623 (while (search-forward "\r\n" nil t)
624 (replace-match "\n" t t))
625 (mm-set-handle-multipart-parameter
626 mm-security-handle 'gnus-details
627 (concat (with-current-buffer pgg-output-buffer
629 (with-current-buffer pgg-errors-buffer
632 (mm-set-handle-multipart-parameter
633 mm-security-handle 'gnus-details (mml2015-format-error err))
636 (mm-set-handle-multipart-parameter
637 mm-security-handle 'gnus-details "Quit.")
639 (mm-set-handle-multipart-parameter
640 mm-security-handle 'gnus-info
641 (with-current-buffer pgg-errors-buffer
642 (mml2015-gpg-extract-signature-details)))
643 (mm-set-handle-multipart-parameter
644 mm-security-handle 'gnus-info "Failed")))
645 (mml2015-extract-cleartext-signature))
647 (defun mml2015-pgg-sign (cont)
648 (let ((pgg-errors-buffer mml2015-result-buffer)
649 (boundary (mml-compute-boundary cont))
650 (pgg-default-user-id (or (message-options-get 'mml-sender)
651 pgg-default-user-id))
654 (unless (pgg-sign-region (point-min) (point-max))
655 (pop-to-buffer mml2015-result-buffer)
656 (error "Sign error"))
657 (goto-char (point-min))
658 (insert (format "Content-Type: multipart/signed; boundary=\"%s\";\n"
660 (if (setq entry (assq 2 (pgg-parse-armor
661 (with-current-buffer pgg-output-buffer
663 (setq entry (assq 'hash-algorithm (cdr entry))))
664 (insert (format "\tmicalg=%s; "
666 (downcase (format "pgp-%s" (cdr entry)))
668 (insert "protocol=\"application/pgp-signature\"\n")
669 (insert (format "\n--%s\n" boundary))
670 (goto-char (point-max))
671 (insert (format "\n--%s\n" boundary))
672 (insert "Content-Type: application/pgp-signature\n\n")
673 (insert-buffer-substring pgg-output-buffer)
674 (goto-char (point-max))
675 (insert (format "--%s--\n" boundary))
676 (goto-char (point-max))))
678 (defun mml2015-pgg-encrypt (cont &optional sign)
679 (let ((pgg-errors-buffer mml2015-result-buffer)
681 (boundary (mml-compute-boundary cont)))
682 (unless (pgg-encrypt-region (point-min) (point-max)
685 (message-options-get 'message-recipients)
686 (message-options-set 'message-recipients
687 (read-string "Recipients: ")))
690 (pop-to-buffer mml2015-result-buffer)
691 (error "Encrypt error"))
692 (delete-region (point-min) (point-max))
693 (goto-char (point-min))
694 (insert (format "Content-Type: multipart/encrypted; boundary=\"%s\";\n"
696 (insert "\tprotocol=\"application/pgp-encrypted\"\n\n")
697 (insert (format "--%s\n" boundary))
698 (insert "Content-Type: application/pgp-encrypted\n\n")
699 (insert "Version: 1\n\n")
700 (insert (format "--%s\n" boundary))
701 (insert "Content-Type: application/octet-stream\n\n")
702 (insert-buffer-substring pgg-output-buffer)
703 (goto-char (point-max))
704 (insert (format "--%s--\n" boundary))
705 (goto-char (point-max))))
709 (defvar epg-user-id-alist)
710 (defvar epg-digest-algorithm-alist)
711 (defvar inhibit-redisplay)
713 (autoload 'epg-make-context "epg")
714 (autoload 'epg-context-set-armor "epg")
715 (autoload 'epg-context-set-textmode "epg")
716 (autoload 'epg-context-set-signers "epg")
717 (autoload 'epg-context-result-for "epg")
718 (autoload 'epg-new-signature-digest-algorithm "epg")
719 (autoload 'epg-verify-result-to-string "epg")
720 (autoload 'epg-list-keys "epg")
721 (autoload 'epg-decrypt-string "epg")
722 (autoload 'epg-verify-string "epg")
723 (autoload 'epg-sign-string "epg")
724 (autoload 'epg-encrypt-string "epg")
725 (autoload 'epg-passphrase-callback-function "epg")
726 (autoload 'epg-context-set-passphrase-callback "epg")
727 (autoload 'epg-key-sub-key-list "epg")
728 (autoload 'epg-sub-key-capability "epg")
729 (autoload 'epg-sub-key-validity "epg")
730 (autoload 'epg-configuration "epg-config")
731 (autoload 'epg-expand-group "epg-config")
732 (autoload 'epa-select-keys "epa")
734 (defvar mml2015-epg-secret-key-id-list nil)
736 (defun mml2015-epg-passphrase-callback (context key-id ignore)
738 (epg-passphrase-callback-function context key-id nil)
739 (let* ((password-cache-key-id
747 "Passphrase for PIN: "
748 (if (setq entry (assoc key-id epg-user-id-alist))
749 (format "Passphrase for %s %s: " key-id (cdr entry))
750 (format "Passphrase for %s: " key-id)))
751 password-cache-key-id)))
753 (let ((password-cache-expiry mml2015-passphrase-cache-expiry))
754 (password-cache-add password-cache-key-id passphrase))
755 (setq mml2015-epg-secret-key-id-list
756 (cons password-cache-key-id mml2015-epg-secret-key-id-list))
757 (copy-sequence passphrase)))))
759 (defun mml2015-epg-find-usable-key (keys usage)
762 (let ((pointer (epg-key-sub-key-list (car keys))))
764 (if (and (memq usage (epg-sub-key-capability (car pointer)))
765 (not (memq 'disabled (epg-sub-key-capability (car pointer))))
766 (not (memq (epg-sub-key-validity (car pointer))
767 '(revoked expired))))
768 (throw 'found (car keys)))
769 (setq pointer (cdr pointer))))
770 (setq keys (cdr keys)))))
772 (defun mml2015-epg-decrypt (handle ctl)
774 (let ((inhibit-redisplay t)
775 context plain child handles result decrypt-status)
776 (unless (setq child (mm-find-part-by-type
778 "application/octet-stream" nil t))
779 (mm-set-handle-multipart-parameter
780 mm-security-handle 'gnus-info "Corrupted")
781 (throw 'error handle))
782 (setq context (epg-make-context))
783 (if mml2015-cache-passphrase
784 (epg-context-set-passphrase-callback
786 #'mml2015-epg-passphrase-callback))
787 (condition-case error
788 (setq plain (epg-decrypt-string context (mm-get-part child))
789 mml2015-epg-secret-key-id-list nil)
791 (while mml2015-epg-secret-key-id-list
792 (password-cache-remove (car mml2015-epg-secret-key-id-list))
793 (setq mml2015-epg-secret-key-id-list
794 (cdr mml2015-epg-secret-key-id-list)))
795 (mm-set-handle-multipart-parameter
796 mm-security-handle 'gnus-info "Failed")
797 (if (eq (car error) 'quit)
798 (mm-set-handle-multipart-parameter
799 mm-security-handle 'gnus-details "Quit.")
800 (mm-set-handle-multipart-parameter
801 mm-security-handle 'gnus-details (mml2015-format-error error)))
802 (throw 'error handle)))
805 (goto-char (point-min))
806 (while (search-forward "\r\n" nil t)
807 (replace-match "\n" t t))
808 (setq handles (mm-dissect-buffer t))
809 (mm-destroy-parts handle)
810 (if (epg-context-result-for context 'verify)
811 (mm-set-handle-multipart-parameter
812 mm-security-handle 'gnus-info
814 (epg-verify-result-to-string
815 (epg-context-result-for context 'verify))))
816 (mm-set-handle-multipart-parameter
817 mm-security-handle 'gnus-info "OK"))
818 (if (stringp (car handles))
819 (mm-set-handle-multipart-parameter
820 mm-security-handle 'gnus-details
821 (mm-handle-multipart-ctl-parameter handles 'gnus-details))))
822 (if (listp (car handles))
826 (defun mml2015-epg-clear-decrypt ()
827 (let ((inhibit-redisplay t)
828 (context (epg-make-context))
830 (if mml2015-cache-passphrase
831 (epg-context-set-passphrase-callback
833 #'mml2015-epg-passphrase-callback))
834 (condition-case error
835 (setq plain (epg-decrypt-string context (buffer-string))
836 mml2015-epg-secret-key-id-list nil)
838 (while mml2015-epg-secret-key-id-list
839 (password-cache-remove (car mml2015-epg-secret-key-id-list))
840 (setq mml2015-epg-secret-key-id-list
841 (cdr mml2015-epg-secret-key-id-list)))
842 (mm-set-handle-multipart-parameter
843 mm-security-handle 'gnus-info "Failed")
844 (if (eq (car error) 'quit)
845 (mm-set-handle-multipart-parameter
846 mm-security-handle 'gnus-details "Quit.")
847 (mm-set-handle-multipart-parameter
848 mm-security-handle 'gnus-details (mml2015-format-error error)))))
851 ;; Treat data which epg returns as a unibyte string.
852 (mm-disable-multibyte)
854 (goto-char (point-min))
855 (while (search-forward "\r\n" nil t)
856 (replace-match "\n" t t))
857 (mm-set-handle-multipart-parameter
858 mm-security-handle 'gnus-info "OK")
859 (if (epg-context-result-for context 'verify)
860 (mm-set-handle-multipart-parameter
861 mm-security-handle 'gnus-details
862 (epg-verify-result-to-string
863 (epg-context-result-for context 'verify)))))))
865 (defun mml2015-epg-verify (handle ctl)
867 (let ((inhibit-redisplay t)
868 context plain signature-file part signature)
869 (when (or (null (setq part (mm-find-raw-part-by-type
870 ctl (or (mm-handle-multipart-ctl-parameter
872 "application/pgp-signature")
874 (null (setq signature (mm-find-part-by-type
875 (cdr handle) "application/pgp-signature"
877 (mm-set-handle-multipart-parameter
878 mm-security-handle 'gnus-info "Corrupted")
879 (throw 'error handle))
880 (setq part (mm-replace-in-string part "\n" "\r\n" t)
881 signature (mm-get-part signature)
882 context (epg-make-context))
883 (condition-case error
884 (setq plain (epg-verify-string context signature part))
886 (mm-set-handle-multipart-parameter
887 mm-security-handle 'gnus-info "Failed")
888 (if (eq (car error) 'quit)
889 (mm-set-handle-multipart-parameter
890 mm-security-handle 'gnus-details "Quit.")
891 (mm-set-handle-multipart-parameter
892 mm-security-handle 'gnus-details (mml2015-format-error error)))
893 (throw 'error handle)))
894 (mm-set-handle-multipart-parameter
895 mm-security-handle 'gnus-info
896 (epg-verify-result-to-string (epg-context-result-for context 'verify)))
899 (defun mml2015-epg-clear-verify ()
900 (let ((inhibit-redisplay t)
901 (context (epg-make-context))
902 (signature (mm-encode-coding-string (buffer-string)
903 coding-system-for-write))
905 (condition-case error
906 (setq plain (epg-verify-string context signature))
908 (mm-set-handle-multipart-parameter
909 mm-security-handle 'gnus-info "Failed")
910 (if (eq (car error) 'quit)
911 (mm-set-handle-multipart-parameter
912 mm-security-handle 'gnus-details "Quit.")
913 (mm-set-handle-multipart-parameter
914 mm-security-handle 'gnus-details (mml2015-format-error error)))))
917 (mm-set-handle-multipart-parameter
918 mm-security-handle 'gnus-info
919 (epg-verify-result-to-string
920 (epg-context-result-for context 'verify)))
921 (delete-region (point-min) (point-max))
922 (insert (mm-decode-coding-string plain coding-system-for-read)))
923 (mml2015-extract-cleartext-signature))))
925 (defun mml2015-epg-sign (cont)
926 (let* ((inhibit-redisplay t)
927 (context (epg-make-context))
928 (boundary (mml-compute-boundary cont))
931 (or (message-options-get 'mml2015-epg-signers)
934 (if (eq mm-sign-option 'guided)
935 (epa-select-keys context "\
936 Select keys for signing.
937 If no one is selected, default secret key is used. "
943 (setq signer-key (mml2015-epg-find-usable-key
944 (epg-list-keys context signer t)
946 (unless (or signer-key
949 "No secret key for %s; skip it? "
951 (error "No secret key for %s" signer))
953 mml2015-signers)))))))
955 (epg-context-set-armor context t)
956 (epg-context-set-textmode context t)
957 (epg-context-set-signers context signers)
958 (if mml2015-cache-passphrase
959 (epg-context-set-passphrase-callback
961 #'mml2015-epg-passphrase-callback))
962 (condition-case error
963 (setq signature (epg-sign-string context (buffer-string) t)
964 mml2015-epg-secret-key-id-list nil)
966 (while mml2015-epg-secret-key-id-list
967 (password-cache-remove (car mml2015-epg-secret-key-id-list))
968 (setq mml2015-epg-secret-key-id-list
969 (cdr mml2015-epg-secret-key-id-list)))
970 (signal (car error) (cdr error))))
971 (if (epg-context-result-for context 'sign)
972 (setq micalg (epg-new-signature-digest-algorithm
973 (car (epg-context-result-for context 'sign)))))
974 (goto-char (point-min))
975 (insert (format "Content-Type: multipart/signed; boundary=\"%s\";\n"
978 (insert (format "\tmicalg=pgp-%s; "
981 epg-digest-algorithm-alist))))))
982 (insert "protocol=\"application/pgp-signature\"\n")
983 (insert (format "\n--%s\n" boundary))
984 (goto-char (point-max))
985 (insert (format "\n--%s\n" boundary))
986 (insert "Content-Type: application/pgp-signature\n\n")
988 (goto-char (point-max))
989 (insert (format "--%s--\n" boundary))
990 (goto-char (point-max))))
992 (defun mml2015-epg-encrypt (cont &optional sign)
993 (let ((inhibit-redisplay t)
994 (context (epg-make-context))
995 (config (epg-configuration))
996 (recipients (message-options-get 'mml2015-epg-recipients))
998 (boundary (mml-compute-boundary cont))
999 recipient-key signer-key)
1005 (or (epg-expand-group config recipient)
1006 (list (concat "<" recipient ">"))))
1008 (or (message-options-get 'message-recipients)
1009 (message-options-set 'message-recipients
1010 (read-string "Recipients: ")))
1011 "[ \f\t\n\r\v,]+"))))
1012 (when mml2015-encrypt-to-self
1013 (unless mml2015-signers
1014 (error "mml2015-signers not set"))
1015 (setq recipients (nconc recipients mml2015-signers)))
1016 (if (eq mm-encrypt-option 'guided)
1018 (epa-select-keys context "\
1019 Select recipients for encryption.
1020 If no one is selected, symmetric encryption will be performed. "
1026 (setq recipient-key (mml2015-epg-find-usable-key
1027 (epg-list-keys context recipient)
1029 (unless (or recipient-key
1031 (format "No public key for %s; skip it? "
1033 (error "No public key for %s" recipient))
1037 (error "No recipient specified")))
1038 (message-options-set 'mml2015-epg-recipients recipients))
1041 (or (message-options-get 'mml2015-epg-signers)
1042 (message-options-set
1043 'mml2015-epg-signers
1044 (if (eq mm-sign-option 'guided)
1045 (epa-select-keys context "\
1046 Select keys for signing.
1047 If no one is selected, default secret key is used. "
1053 (setq signer-key (mml2015-epg-find-usable-key
1054 (epg-list-keys context signer t)
1056 (unless (or signer-key
1059 "No secret key for %s; skip it? "
1061 (error "No secret key for %s" signer))
1063 mml2015-signers)))))))
1064 (epg-context-set-signers context signers))
1065 (epg-context-set-armor context t)
1066 (epg-context-set-textmode context t)
1067 (if mml2015-cache-passphrase
1068 (epg-context-set-passphrase-callback
1070 #'mml2015-epg-passphrase-callback))
1071 (condition-case error
1073 (epg-encrypt-string context (buffer-string) recipients sign
1074 mml2015-always-trust)
1075 mml2015-epg-secret-key-id-list nil)
1077 (while mml2015-epg-secret-key-id-list
1078 (password-cache-remove (car mml2015-epg-secret-key-id-list))
1079 (setq mml2015-epg-secret-key-id-list
1080 (cdr mml2015-epg-secret-key-id-list)))
1081 (signal (car error) (cdr error))))
1082 (delete-region (point-min) (point-max))
1083 (goto-char (point-min))
1084 (insert (format "Content-Type: multipart/encrypted; boundary=\"%s\";\n"
1086 (insert "\tprotocol=\"application/pgp-encrypted\"\n\n")
1087 (insert (format "--%s\n" boundary))
1088 (insert "Content-Type: application/pgp-encrypted\n\n")
1089 (insert "Version: 1\n\n")
1090 (insert (format "--%s\n" boundary))
1091 (insert "Content-Type: application/octet-stream\n\n")
1093 (goto-char (point-max))
1094 (insert (format "--%s--\n" boundary))
1095 (goto-char (point-max))))
1099 (autoload 'gnus-buffer-live-p "gnus-util")
1100 (autoload 'gnus-get-buffer-create "gnus")
1102 (defun mml2015-clean-buffer ()
1103 (if (gnus-buffer-live-p mml2015-result-buffer)
1104 (with-current-buffer mml2015-result-buffer
1107 (setq mml2015-result-buffer
1108 (gnus-get-buffer-create " *MML2015 Result*"))
1111 (defsubst mml2015-clear-decrypt-function ()
1112 (nth 6 (assq mml2015-use mml2015-function-alist)))
1114 (defsubst mml2015-clear-verify-function ()
1115 (nth 5 (assq mml2015-use mml2015-function-alist)))
1118 (defun mml2015-decrypt (handle ctl)
1119 (mml2015-clean-buffer)
1120 (let ((func (nth 4 (assq mml2015-use mml2015-function-alist))))
1122 (funcall func handle ctl)
1126 (defun mml2015-decrypt-test (handle ctl)
1130 (defun mml2015-verify (handle ctl)
1131 (mml2015-clean-buffer)
1132 (let ((func (nth 3 (assq mml2015-use mml2015-function-alist))))
1134 (funcall func handle ctl)
1138 (defun mml2015-verify-test (handle ctl)
1142 (defun mml2015-encrypt (cont &optional sign)
1143 (mml2015-clean-buffer)
1144 (let ((func (nth 2 (assq mml2015-use mml2015-function-alist))))
1146 (funcall func cont sign)
1147 (error "Cannot find encrypt function"))))
1150 (defun mml2015-sign (cont)
1151 (mml2015-clean-buffer)
1152 (let ((func (nth 1 (assq mml2015-use mml2015-function-alist))))
1155 (error "Cannot find sign function"))))
1158 (defun mml2015-self-encrypt ()
1159 (mml2015-encrypt nil))
1163 ;;; mml2015.el ends here