;;; smime.el --- S/MIME support library
-;; Copyright (c) 2000, 2001 Free Software Foundation, Inc.
+;; Copyright (c) 2000, 2001, 2003 Free Software Foundation, Inc.
;; Author: Simon Josefsson <simon@josefsson.org>
;; Keywords: SMIME X.509 PEM OpenSSL
-;; This file is not a part of GNU Emacs, but the same permissions apply.
+;; This file is part of GNU Emacs.
;; GNU Emacs is free software; you can redistribute it and/or modify
;; it under the terms of the GNU General Public License as published
;;; Code:
(require 'dig)
-(require 'comint)
(eval-when-compile (require 'cl))
(defgroup smime nil
Directory should contain files (in PEM format) named to the X.509
hash of the certificate. This can be done using OpenSSL such as:
-$ ln -s ca.pem `openssl x509 -noout -hash -in ca.pem`
+$ ln -s ca.pem `openssl x509 -noout -hash -in ca.pem`.0
where `ca.pem' is the file containing a PEM encoded X.509 CA
certificate."
(defcustom smime-CA-file nil
"*Files containing certificates for CAs you trust.
File should contain certificates in PEM format."
+ :version "22.1"
:type '(choice (const :tag "none" nil)
file)
:group 'smime)
(defcustom smime-encrypt-cipher "-des3"
"*Cipher algorithm used for encryption."
+ :version "22.1"
:type '(choice (const :tag "Triple DES" "-des3")
(const :tag "DES" "-des")
(const :tag "RC2 40 bits" "-rc2-40")
(const :tag "RC2 128 bits" "-rc2-128"))
:group 'smime)
+(defcustom smime-crl-check nil
+ "*Check revocation status of signers certificate using CRLs.
+Enabling this will have OpenSSL check the signers certificate
+against a certificate revocation list (CRL).
+
+For this to work the CRL must be up-to-date and since they are
+normally updated quite often (ie. several times a day) you
+probably need some tool to keep them up-to-date. Unfortunately
+Gnus cannot do this for you.
+
+The CRL should either be appended (in PEM format) to your
+`smime-CA-file' or be located in a file (also in PEM format) in
+your `smime-certificate-directory' named to the X.509 hash of the
+certificate with .r0 as file name extension.
+
+At least OpenSSL version 0.9.7 is required for this to work."
+ :type '(choice (const :tag "No check" nil)
+ (const :tag "Check certificate" "-crl_check")
+ (const :tag "Check certificate chain" "-crl_check_all"))
+ :group 'smime)
+
(defcustom smime-dns-server nil
"*DNS server to query certificates from.
If nil, use system defaults."
+ :version "22.1"
:type '(choice (const :tag "System defaults")
string)
:group 'smime)
(defvar smime-details-buffer "*OpenSSL output*")
+;; Use mm-util?
(eval-and-compile
(defalias 'smime-make-temp-file
(if (fboundp 'make-temp-file)
(make-temp-name prefix)
(if (fboundp 'temp-directory)
(temp-directory)
- 'temporary-file-directory))))))
+ temporary-file-directory))))))
;; Password dialog function
(defun smime-ask-passphrase ()
"Asks the passphrase to unlock the secret key."
(let ((passphrase
- (comint-read-noecho
- "Passphrase for secret key (RET for no passphrase): " t)))
+ (read-passwd
+ "Passphrase for secret key (RET for no passphrase): ")))
(if (string= passphrase "")
nil
passphrase)))
(point-min) (point-max)
(if keyfile
keyfile
- (smime-get-key-by-email
+ (smime-get-key-with-certs-by-email
(completing-read
- (concat "Sign using which signature? "
+ (concat "Sign using which key? "
(if smime-keys (concat "(default " (caar smime-keys) ") ")
""))
- smime-keys nil nil nil nil (car-safe (car-safe smime-keys))))))))
+ smime-keys nil nil (car-safe (car-safe smime-keys))))))))
(defun smime-encrypt-buffer (&optional certfiles buffer)
"S/MIME encrypt BUFFER for recipients specified in CERTFILES.
(expand-file-name smime-CA-directory))))))
(unless CAs
(error "No CA configured"))
+ (if smime-crl-check
+ (add-to-list 'CAs smime-crl-check))
(if (apply 'smime-call-openssl-region b e (list smime-details-buffer t)
"smime" "-verify" "-out" "/dev/null" CAs)
t
(insert-buffer-substring smime-details-buffer)
nil))
+(eval-when-compile
+ (defvar from))
+
(defun smime-decrypt-region (b e keyfile)
"Decrypt S/MIME message in region between B and E with key in KEYFILE.
On success, replaces region with decrypted data and return non-nil.
(delete-file tmpfile)))
(progn
(delete-region b e)
+ (when (boundp 'from)
+ ;; `from' is dynamically bound in mm-dissect.
+ (insert "From: " from "\n"))
(insert-buffer-substring buffer)
(kill-buffer buffer)
t)
(concat "Decipher using which key? "
(if smime-keys (concat "(default " (caar smime-keys) ") ")
""))
- smime-keys nil nil nil nil (car-safe (car-safe smime-keys)))))))))
+ smime-keys nil nil (car-safe (car-safe smime-keys)))))))))
;; Various operations
(caddr curkey)
(smime-get-certfiles keyfile otherkeys)))))
-(eval-and-compile
- (defalias 'smime-point-at-eol
- (if (fboundp 'point-at-eol)
- 'point-at-eol
- 'line-end-position)))
-
(defun smime-buffer-as-string-region (b e)
"Return each line in region between B and E as a list of strings."
(save-excursion
(goto-char b)
(let (res)
(while (< (point) e)
- (let ((str (buffer-substring (point) (smime-point-at-eol))))
+ (let ((str (buffer-substring (point) (point-at-eol))))
(unless (string= "" str)
(push str res)))
(forward-line))
(defun smime-get-key-by-email (email)
(cadr (assoc email smime-keys)))
+(defun smime-get-key-with-certs-by-email (email)
+ (cdr (assoc email smime-keys)))
+
(provide 'smime)
+;;; arch-tag: e3f9b938-5085-4510-8a11-6625269c9a9e
;;; smime.el ends here
projects / gnus / blobdiff