[PATCH] Crypto-related (mostly) fixes and improvements

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[PATCH] Crypto-related (mostly) fixes and improvements

Albrecht Dreß
Hi all,

the attached patch fixes some issues with gpg/gpgsm encryption, and tries to improve encryption in general.  It also adds some other, small improvements.  Note that this patch includes the one I submitted a week ago (subject “[PATCH] plug mem leak, simplifications”).

(1) Bug Fixes
- Due to an (undocumented) change in gpgme, S/MIME signing fails with error “not implemented” if the context is created with a passphrase callback, so never set one in this case.
- Fix several mem leaks in encryption.
- Do not use a forced GnuPG key ID for S/MIME (see improvements, below)

(2) Crypto-related Improvements
- The user identity has a field for forcing the key id used when signing GnuPG messages.  Using it for S/MIME is plain wrong, though (see Bugs above), so add an extra field for forcing a S/MIME certificate.  As to simplify life for the user, add buttons to display the usual key list dialogue from which the user can choose.
- Simplify the key list dialogue by showing the User ID only.  When the user double-clicks an entry, open a new dialogue with the full key details.
- Although exchanging GnuPG keys using a key server or (since the latest gpg versions) WKS is preferred, there are situations where keys shall not be published (e.g. as to not disclose an employment of a person).  For this situation, add a send message option to attach the sender's public key.
- On the receiving side, import application/pgp-keys parts into a temporary gpg context, and display the keys with buttons for importing them into the main key ring.
- Add subkey details (bits, type, ECC curve if applicable) to the key widget.
- Make sure S/MIME signed messages always include the signer's signature (note that it does not make sense to include the whole certificate chain, as the root cert should /always/ be imported from a trustworthy source).
- RFC3156, sect. 3 requires a message to be 7-bit clean.  Thus, QP-encoding pure 7-bit parts is superfluous.

(3) Misc Stuff
- Simplify deleting a folder recursively and creating a temp folder by exclusively using glib functions (re-sent from last week's patch).
- Check BALSA_DIALOG_HEADERBAR for information dialogues.

As always, any feedback would be highly appreciated!

Cheers,
Albrecht.

---
File details:
- libbalsa/gmime-multipart-crypt.c: do not qp-encode 7-bit parts for encryption
- libbalsa/identity.[ch]: implement separate forced signing key id's for gpg and s/mime including selection from the key list; clarify option text
- libbalsa/libbalsa-gpgme-cb.c: simplify key list, show key details on double-click
- libbalsa/libbalsa-gpgme-keys.[ch]: add functions for exporting and importing ascii-armoured keys; re-factor import result evaluation
- libbalsa/libbalsa-gpgme-widgets.c: extend subkey details
- libbalsa/libbalsa-gpgme.[ch]: fix context creation for s/mime; add helpers for configuring the gpgme context's home folder, for exporting a key to ASCII and for identifying the proper key id of a secret key; fix confusing comment
- libbalsa/message.[ch]: use a reference to the sending identity instead of copying the key id
- libbalsa/misc.c: re-factor deleting a folder and creating a temp folder (re-sent from last week's patch)
- libbalsa/rfc3156.c: fix mem leak when encrypting a message (re-sent from last week's patch)
- libbalsa/send.c: add helper for creating a gpg public key attachment and attach the key on request; fix mem leak in encryption
- libbalsa/smtp-server.c: remove misleading/confusing comment (re-sent from last week's patch)
- src/balsa-mime-widget-crypto.[ch]: implement display of application/pgp-keys parts and the import of the keys within them
- src/balsa-mime-widget.c: call handler for application/pgp-keys parts
- src/information-dialog.c: add missing dialogue flags
- src/sendmsg-window.[ch], ui/sendmsg-window.ui: add user interface for attaching the GnuPG public key
_______________________________________________
balsa-list mailing list
[hidden email]
https://mail.gnome.org/mailman/listinfo/balsa-list

gpg-improvements.diff.bz2 (20K) Download Attachment
attachment1 (484 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [PATCH] Crypto-related (mostly) fixes and improvements

Peter Bloomfield
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Albrecht,

On 08/10/2017 03:42:44 PM Thu, Albrecht Dreß wrote:

> Hi all,
>
> the attached patch fixes some issues with gpg/gpgsm encryption, and tries to improve encryption in general.  It also adds some other, small improvements.  Note that this patch includes the one I submitted a week ago (subject “[PATCH] plug mem leak, simplifications”).
>
> (1) Bug Fixes
> - Due to an (undocumented) change in gpgme, S/MIME signing fails with error “not implemented” if the context is created with a passphrase callback, so never set one in this case.
> - Fix several mem leaks in encryption.
> - Do not use a forced GnuPG key ID for S/MIME (see improvements, below)
>
> (2) Crypto-related Improvements
> - The user identity has a field for forcing the key id used when signing GnuPG messages.  Using it for S/MIME is plain wrong, though (see Bugs above), so add an extra field for forcing a S/MIME certificate.  As to simplify life for the user, add buttons to display the usual key list dialogue from which the user can choose.
> - Simplify the key list dialogue by showing the User ID only.  When the user double-clicks an entry, open a new dialogue with the full key details.
> - Although exchanging GnuPG keys using a key server or (since the latest gpg versions) WKS is preferred, there are situations where keys shall not be published (e.g. as to not disclose an employment of a person).  For this situation, add a send message option to attach the sender's public key.
> - On the receiving side, import application/pgp-keys parts into a temporary gpg context, and display the keys with buttons for importing them into the main key ring.
> - Add subkey details (bits, type, ECC curve if applicable) to the key widget.
> - Make sure S/MIME signed messages always include the signer's signature (note that it does not make sense to include the whole certificate chain, as the root cert should /always/ be imported from a trustworthy source).
> - RFC3156, sect. 3 requires a message to be 7-bit clean.  Thus, QP-encoding pure 7-bit parts is superfluous.
>
> (3) Misc Stuff
> - Simplify deleting a folder recursively and creating a temp folder by exclusively using glib functions (re-sent from last week's patch).
> - Check BALSA_DIALOG_HEADERBAR for information dialogues.
>
> As always, any feedback would be highly appreciated!
>
> Cheers,
> Albrecht.

Thanks as always for the patch, and for the work it represents! Thanks also for rolling in last weeks patch--thanks to travel and an appalling connection, I hadn't even installed it :-(

The changes look good from a first look: Balsa builds and runs, but I've not tested all the code paths. I've pushed the patch to master, to get some serious testing beyond what I can do.

Best,

Peter
-----BEGIN PGP SIGNATURE-----

iF0EARECAB0WIQS030wPRfNNA5alz3MfX9S1uSp09QUCWY0OKQAKCRAfX9S1uSp0
9RMRAJ49YvgYXf1PIuoK5CXENpqxlUyZZgCcD7a9deO4DzJq2Zh6smNS7CK8+FY=
=nzny
-----END PGP SIGNATURE-----
_______________________________________________
balsa-list mailing list
[hidden email]
https://mail.gnome.org/mailman/listinfo/balsa-list
Loading...