From 4949d2926c37c778e3207a90240960d661711b82 Mon Sep 17 00:00:00 2001
From: Josh Huber <huber@alum.wpi.edu>
Date: Wed, 1 May 2002 22:17:09 +0000
Subject: [PATCH] lisp/ChangeLog addition:

2002-05-01  Josh Huber  <huber@alum.wpi.edu>

	* gnus-msg.el (gnus-message-replysignencrypted): enabled by
	default.
	* mml-sec.el:
	* mml-sec.el (mml-signencrypt-style): New.
	* mml-sec.el (mml-pgpmime-encrypt-buffer): Accept optional
	argument `sign'.
	* mml-sec.el (mml-secure-message-encrypt-pgp): Changed default to
	signencrypt.
	* mml-sec.el (mml-secure-message-encrypt-pgpmime): Ditto.
	* mml.el (mml-generate-mime-1): Changed logic so a part which is
	both signed & encryped is processed in one operation. (rather than
	two separate ops: sign, then encrypt)
	* mml2015.el (mml2015-gpg-extract-signature-details): Give some
	indication if a message is signed by an expired key.
	* mml2015.el (mml2015-gpg-encrypt): Accept optional argument which
	enables combined sign & encrypt operation. (this was always on
	before).
	* mml2015.el (mml2015-encrypt): Accept optional argument `sign'.

texi/ChangeLog addition:

2002-05-01  Josh Huber  <huber@alum.wpi.edu>

	* gnus.texi (Signing and encrypting): Fix doc.  Also, add a
	paragraph about replysign/replyencrypt/replysignencryped use.
---
 lisp/ChangeLog   | 21 ++++++++++++++
 lisp/gnus-msg.el |  2 +-
 lisp/mml-sec.el  | 19 +++++++------
 lisp/mml.el      | 30 ++++++++++++--------
 lisp/mml2015.el  | 72 ++++++++++++++++++++++++++++++------------------
 texi/ChangeLog   |  5 ++++
 texi/gnus.texi   | 32 +++++++++++++--------
 7 files changed, 122 insertions(+), 59 deletions(-)

diff --git a/lisp/ChangeLog b/lisp/ChangeLog
index 505914d94..78b89355e 100644
--- a/lisp/ChangeLog
+++ b/lisp/ChangeLog
@@ -1,3 +1,24 @@
+2002-05-01  Josh Huber  <huber@alum.wpi.edu>
+
+	* gnus-msg.el (gnus-message-replysignencrypted): enabled by
+	default.
+	* mml-sec.el:
+	* mml-sec.el (mml-signencrypt-style): New.
+	* mml-sec.el (mml-pgpmime-encrypt-buffer): Accept optional
+	argument `sign'.
+	* mml-sec.el (mml-secure-message-encrypt-pgp): Changed default to
+	signencrypt.
+	* mml-sec.el (mml-secure-message-encrypt-pgpmime): Ditto.
+	* mml.el (mml-generate-mime-1): Changed logic so a part which is
+	both signed & encryped is processed in one operation. (rather than
+	two separate ops: sign, then encrypt)
+	* mml2015.el (mml2015-gpg-extract-signature-details): Give some
+	indication if a message is signed by an expired key.
+	* mml2015.el (mml2015-gpg-encrypt): Accept optional argument which
+	enables combined sign & encrypt operation. (this was always on
+	before).
+	* mml2015.el (mml2015-encrypt): Accept optional argument `sign'.
+
 2002-05-01  Simon Josefsson  <jas@extundo.com>
 
 	* nnimap.el (nnimap-retrieve-groups): Use separate data for each
diff --git a/lisp/gnus-msg.el b/lisp/gnus-msg.el
index 7b4543cc5..562fa2b96 100644
--- a/lisp/gnus-msg.el
+++ b/lisp/gnus-msg.el
@@ -234,7 +234,7 @@ See also the `mml-default-encrypt-method' variable."
   :type 'boolean)
 
 (defcustom gnus-message-replysignencrypted
-  nil
+  t
   "Setting this causes automatically encryped messages to also be signed."
   :group 'gnus-message
   :type 'boolean)
diff --git a/lisp/mml-sec.el b/lisp/mml-sec.el
index 09fec43aa..bc2051124 100644
--- a/lisp/mml-sec.el
+++ b/lisp/mml-sec.el
@@ -46,6 +46,13 @@
 (defvar mml-default-encrypt-method (caar mml-encrypt-alist)
   "Default encryption method.")
 
+(defvar mml-signencrypt-style
+  '(("smime"   separate)
+    ("pgp"     separate)
+    ("pgpmime" combined))
+  "Alist specifying whether or not a single sign & encrypt
+operation should be perfomed when requesting signencrypt.")
+
 ;;; Security functions
 
 (defun mml-smime-sign-buffer (cont)
@@ -68,8 +75,8 @@
   (or (mml2015-sign cont)
       (error "Signing failed... inspect message logs for errors")))
 
-(defun mml-pgpmime-encrypt-buffer (cont)
-  (or (mml2015-encrypt cont)
+(defun mml-pgpmime-encrypt-buffer (cont &optional sign)
+  (or (mml2015-encrypt cont sign)
       (error "Encryption failed... inspect message logs for errors")))
 
 (defun mml-secure-part (method &optional sign)
@@ -174,21 +181,17 @@ If called with a prefix argument, only encrypt (do NOT sign)."
   (interactive "P")
   (mml-secure-message "smime" (if dontsign 'encrypt 'signencrypt)))
 
-;;; NOTE: this should be switched to use signencrypt
-;;; once it does something sensible
 (defun mml-secure-message-encrypt-pgp (&optional dontsign)
   "Add MML tag to encrypt and sign the entire message.
 If called with a prefix argument, only encrypt (do NOT sign)."
   (interactive "P")
-  (mml-secure-message "pgp" (if dontsign 'encrypt 'encrypt)))
+  (mml-secure-message "pgp" (if dontsign 'encrypt 'signencrypt)))
 
-;;; NOTE: this should be switched to use signencrypt
-;;; once it does something sensible
 (defun mml-secure-message-encrypt-pgpmime (&optional dontsign)
   "Add MML tag to encrypt and sign the entire message.
 If called with a prefix argument, only encrypt (do NOT sign)."
   (interactive "P")
-  (mml-secure-message "pgpmime" (if dontsign 'encrypt 'encrypt)))
+  (mml-secure-message "pgpmime" (if dontsign 'encrypt 'signencrypt)))
 
 (provide 'mml-sec)
 
diff --git a/lisp/mml.el b/lisp/mml.el
index 155451302..d339ba516 100644
--- a/lisp/mml.el
+++ b/lisp/mml.el
@@ -530,22 +530,30 @@ If MML is non-nil, return the buffer up till the correspondent mml tag."
 	      (insert "\n--" mml-boundary "--\n")))))
        (t
 	(error "Invalid element: %S" cont)))
-      (let ((item (assoc (cdr (assq 'sign cont)) mml-sign-alist))
+      ;; handle sign & encrypt tags in a semi-smart way.
+      (let ((sign-item (assoc (cdr (assq 'sign cont)) mml-sign-alist))
+	    (encrypt-item (assoc (cdr (assq 'encrypt cont))
+				 mml-encrypt-alist))
 	    sender recipients)
-	(when item
+	(when (or sign-item encrypt-item)
 	  (if (setq sender (cdr (assq 'sender cont)))
 	      (message-options-set 'message-sender sender))
 	  (if (setq recipients (cdr (assq 'recipients cont)))
 	      (message-options-set 'message-recipients recipients))
-	  (funcall (nth 1 item) cont)))
-      (let ((item (assoc (cdr (assq 'encrypt cont)) mml-encrypt-alist))
-	    sender recipients)
-	(when item
-	  (if (setq sender (cdr (assq 'sender cont)))
-	      (message-options-set 'message-sender sender))
-	  (if (setq recipients (cdr (assq 'recipients cont)))
-	      (message-options-set 'message-recipients recipients))
-	  (funcall (nth 1 item) cont))))))
+	  (let ((style (second (assoc (first sign-item)
+				      mml-signencrypt-style))))
+	    ;; check if: we're both signing & encrypting, both methods
+	    ;; are the same (why would they be different?!), and that
+	    ;; the signencrypt style allows for combined operation.
+	    (if (and sign-item encrypt-item (equal (first sign-item)
+						   (first encrypt-item))
+		     (equal style 'combined))
+		(funcall (nth 1 encrypt-item) cont t)
+	      ;; otherwise, revert to the old behavior.
+	      (when sign-item
+		(funcall (nth 1 sign-item) cont))
+	      (when encrypt-item
+		(funcall (nth 1 encrypt-item) cont)))))))))
 
 (defun mml-compute-boundary (cont)
   "Return a unique boundary that does not exist in CONT."
diff --git a/lisp/mml2015.el b/lisp/mml2015.el
index 5e3fa2d05..712e03b09 100644
--- a/lisp/mml2015.el
+++ b/lisp/mml2015.el
@@ -414,10 +414,13 @@ by you.")
 (defun mml2015-gpg-extract-signature-details ()
   (goto-char (point-min))
   (if (boundp 'gpg-unabbrev-trust-alist)
-      (let* ((signer (and (re-search-forward
-			   "^\\[GNUPG:\\] GOODSIG [0-9A-Za-z]* \\(.*\\)$"
+      (let* ((expired (re-search-forward
+		       "^\\[GNUPG:\\] SIGEXPIRED$"
+		       nil t))
+	     (signer (and (re-search-forward
+			   "^\\[GNUPG:\\] GOODSIG \\([0-9A-Za-z]*\\) \\(.*\\)$"
 			   nil t)
-			  (match-string 1)))
+			  (cons (match-string 1) (match-string 2))))
 	     (fprint (and (re-search-forward
 			   "^\\[GNUPG:\\] VALIDSIG \\([0-9a-zA-Z]*\\) "
 			   nil t)
@@ -429,12 +432,16 @@ by you.")
 	     (trust-good-enough-p
 	      (cdr (assoc (cdr (assoc trust gpg-unabbrev-trust-alist))
 			  mml2015-trust-boundaries-alist))))
-	(if (and signer trust fprint)
-	    (concat signer
-		    (unless trust-good-enough-p
-		      (concat "\nUntrusted, Fingerprint: "
-			      (mml2015-gpg-pretty-print-fpr fprint))))
-	  "From unknown user"))
+	(cond ((and signer fprint)
+	       (concat (cdr signer)
+		       (unless trust-good-enough-p
+			 (concat "\nUntrusted, Fingerprint: "
+				 (mml2015-gpg-pretty-print-fpr fprint)))
+		       (when expired
+			 (format "\nWARNING: Signature from expired key (%s)"
+			  (car signer)))))
+	      (t
+	       "From unknown user")))
     (if (re-search-forward "^gpg: Good signature from \"\\(.*\\)\"$" nil t)
 	(match-string 1)
       "From unknown user")))
@@ -559,28 +566,39 @@ by you.")
       (insert (format "--%s--\n" boundary))
       (goto-char (point-max)))))
 
-(defun mml2015-gpg-encrypt (cont)
+(defun mml2015-gpg-encrypt (cont &optional sign-also)
   (let ((boundary
 	 (funcall mml-boundary-function (incf mml-multipart-number)))
 	(text (current-buffer))
 	cipher)
     (mm-with-unibyte-current-buffer-mule4
       (with-temp-buffer
-	(unless (gpg-sign-encrypt
-		 text (setq cipher (current-buffer))
-		 mml2015-result-buffer
-		 (split-string
-		  (or
-		   (message-options-get 'message-recipients)
-		   (message-options-set 'message-recipients
-					(read-string "Recipients: ")))
-		  "[ \f\t\n\r\v,]+")
-		 nil
-		 (message-options-get 'message-sender)
-		 t t) ; armor & textmode
-	  (unless (> (point-max) (point-min))
-	    (pop-to-buffer mml2015-result-buffer)
-	    (error "Encrypt error")))
+	(flet ((gpg-encrypt-func 
+		 (sign plaintext ciphertext result recipients &optional
+		       passphrase sign-with-key armor textmode)
+		 (if sign-also
+		     (gpg-sign-encrypt
+		      plaintext ciphertext result recipients passphrase
+		      sign-with-key armor textmode)
+		   (gpg-encrypt
+		    plaintext ciphertext result recipients passphrase
+		    armor textmode))))
+	  (unless (gpg-encrypt-func
+		    sign-also ; passed in when using signencrypt
+		    text (setq cipher (current-buffer))
+		    mml2015-result-buffer
+		    (split-string
+		     (or
+		      (message-options-get 'message-recipients)
+		      (message-options-set 'message-recipients
+					   (read-string "Recipients: ")))
+		     "[ \f\t\n\r\v,]+")
+		    nil
+		    (message-options-get 'message-sender)
+		    t t) ; armor & textmode
+	    (unless (> (point-max) (point-min))
+	      (pop-to-buffer mml2015-result-buffer)
+	      (error "Encrypt error"))))
 	(goto-char (point-min))
 	(while (re-search-forward "\r+$" nil t)
 	  (replace-match "" t t))
@@ -641,11 +659,11 @@ by you.")
   mml2015-use)
 
 ;;;###autoload
-(defun mml2015-encrypt (cont)
+(defun mml2015-encrypt (cont &optional sign)
   (mml2015-clean-buffer)
   (let ((func (nth 2 (assq mml2015-use mml2015-function-alist))))
     (if func
-	(funcall func cont)
+	(funcall func cont sign)
       (error "Cannot find encrypt function"))))
 
 ;;;###autoload
diff --git a/texi/ChangeLog b/texi/ChangeLog
index b30398cbf..e274d7f34 100644
--- a/texi/ChangeLog
+++ b/texi/ChangeLog
@@ -1,3 +1,8 @@
+2002-05-01  Josh Huber  <huber@alum.wpi.edu>
+
+	* gnus.texi (Signing and encrypting): Fix doc.  Also, add a
+	paragraph about replysign/replyencrypt/replysignencryped use.
+
 2002-05-01  Lars Magne Ingebrigtsen  <larsi@quimbies.gnus.org>
 
 	* message.texi (Message Headers): Remove colon from index
diff --git a/texi/gnus.texi b/texi/gnus.texi
index faa1ceb90..f7d4843d4 100644
--- a/texi/gnus.texi
+++ b/texi/gnus.texi
@@ -11226,6 +11226,14 @@ For PGP, Gnus supports two external libraries, @sc{gpg.el} and
 @sc{Mailcrypt}, you need to install at least one of them.  The
 @sc{s/mime} support in Gnus requires the external program OpenSSL.
 
+Often, you would like to sign replies to people who send you signed
+messages.  Even more often, you might want to encrypt messages which
+are in reply to encrypted messages.  Gnus offers
+@code{gnus-message-replysign} to enable the former, and
+@code{gnus-message-replyencrypt} for the latter.  In addition, setting
+@code{gnus-message-replysignencrypted} (on by default) will sign
+automatically encrypted messages.
+
 Instructing MML to perform security operations on a @sc{mime} part is
 done using the @kbd{C-c C-m s} key map for signing and the @kbd{C-c
 C-m c} key map for encryption, as follows.
@@ -11234,39 +11242,39 @@ C-m c} key map for encryption, as follows.
 
 @item C-c C-m s s
 @kindex C-c C-m s s
-@findex mml-secure-sign-smime
+@findex mml-secure-message-sign-smime
 
-Digitally sign current @sc{mime} part using @sc{s/mime}.
+Digitally sign current message using @sc{s/mime}.
 
 @item C-c C-m s o
 @kindex C-c C-m s o
-@findex mml-secure-sign-pgp
+@findex mml-secure-message-sign-pgp
 
-Digitally sign current @sc{mime} part using PGP.
+Digitally sign current message using PGP.
 
 @item C-c C-m s p
 @kindex C-c C-m s p
-@findex mml-secure-sign-pgp
+@findex mml-secure-message-sign-pgp
 
-Digitally sign current @sc{mime} part using @sc{pgp/mime}.
+Digitally sign current message using @sc{pgp/mime}.
 
 @item C-c C-m c s
 @kindex C-c C-m c s
-@findex mml-secure-encrypt-smime
+@findex mml-secure-message-encrypt-smime
 
-Digitally encrypt current @sc{mime} part using @sc{s/mime}.
+Digitally encrypt current message using @sc{s/mime}.
 
 @item C-c C-m c o
 @kindex C-c C-m c o
-@findex mml-secure-encrypt-pgp
+@findex mml-secure-message-encrypt-pgp
 
-Digitally encrypt current @sc{mime} part using PGP.
+Digitally encrypt current message using PGP.
 
 @item C-c C-m c p
 @kindex C-c C-m c p
-@findex mml-secure-encrypt-pgpmime
+@findex mml-secure-message-encrypt-pgpmime
 
-Digitally encrypt current @sc{mime} part using @sc{pgp/mime}.
+Digitally encrypt current message using @sc{pgp/mime}.
 
 @item C-c C-m C-n
 @kindex C-c C-m C-n
-- 
2.34.1