summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Kahn Gillmor <dkg@fifthhorseman.net>2019-11-25 16:45:48 -0500
committerSean Whitton <spwhitton@spwhitton.name>2019-11-28 11:09:01 -0700
commit3c84e68d79ed84f916f1b983168d58e0f360686b (patch)
tree89b8a7cd3d883877108b1fc5a40764f75faa0cd2
parent5aebcfb2df96cc142f1787b18849cea06f898816 (diff)
downloadmailscripts-3c84e68d79ed84f916f1b983168d58e0f360686b.tar.gz
email-print-mime-structure: decrypt S/MIME parts using gpgsm
Decrypt ciphertext using gpgsm if the user has indicated that it's ok. This includes a new element in the test suite, which uses secret key material from https://www.ietf.org/id/draft-dkg-lamps-samples-01.html Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> Acked-by: Sean Whitton <spwhitton@spwhitton.name>
-rw-r--r--debian/control2
-rwxr-xr-xemail-print-mime-structure11
-rw-r--r--email-print-mime-structure.1.pod8
-rwxr-xr-xtests/email-print-mime-structure.sh9
-rw-r--r--tests/email-print-mime-structure/bob.p1275
-rw-r--r--tests/email-print-mime-structure/smime-encrypted.eml24
-rw-r--r--tests/email-print-mime-structure/smime-encrypted.out7
l---------tests/email-print-mime-structure/smime-encrypted.p121
8 files changed, 132 insertions, 5 deletions
diff --git a/debian/control b/debian/control
index 2e96d3e..f04ce79 100644
--- a/debian/control
+++ b/debian/control
@@ -10,6 +10,7 @@ Build-Depends:
diffutils <!nocheck>,
gpg <!nocheck>,
gpg-agent <!nocheck>,
+ gpgsm <!nocheck>,
mypy <!nocheck>,
perl,
python3 <!nocheck>,
@@ -52,6 +53,7 @@ Recommends:
Suggests:
gpg,
gpg-agent,
+ gpgsm,
Architecture: all
Description: collection of scripts for manipulating e-mail on Debian
This package provides a collection of scripts for manipulating e-mail
diff --git a/email-print-mime-structure b/email-print-mime-structure
index d152b34..e82d56e 100755
--- a/email-print-mime-structure
+++ b/email-print-mime-structure
@@ -83,6 +83,7 @@ class MimePrinter(object):
print(f'{prefix}{z.get_content_type()}{cset}{disposition}{fname} {nbytes:d} bytes')
cryptopayload:Optional[Message] = None
try_pgp_decrypt:bool = self.args.pgpkey or self.args.use_gpg_agent
+ try_cms_decrypt:bool = self.args.use_gpg_agent
if try_pgp_decrypt and \
(parent is not None) and \
@@ -91,6 +92,13 @@ class MimePrinter(object):
(num == 2):
cryptopayload = self.decrypt_part(z, EncType.PGPMIME)
+ if try_cms_decrypt and \
+ cryptopayload is None and \
+ z.get_content_type().lower() == 'application/pkcs7-mime' and \
+ str(z.get_param('smime-type')).lower() in ['authenveloped-data',
+ 'enveloped-data']:
+ cryptopayload = self.decrypt_part(z, EncType.SMIME)
+
if cryptopayload is not None:
newprefix = prefix[:-3] + ' '
print(f'{newprefix}↧ (decrypts to)')
@@ -107,6 +115,9 @@ class MimePrinter(object):
cryptopayload = self.pgpy_decrypt(self.args.pgpkey, ciphertext)
if cryptopayload is None and self.args.use_gpg_agent:
cryptopayload = self.pipe_decrypt(ciphertext, ['gpg', '--batch', '--decrypt'])
+ elif flavor == EncType.SMIME:
+ if self.args.use_gpg_agent:
+ cryptopayload = self.pipe_decrypt(ciphertext, ['gpgsm', '--batch', '--decrypt'])
if cryptopayload is None:
logging.warning(f'Unable to decrypt')
return cryptopayload
diff --git a/email-print-mime-structure.1.pod b/email-print-mime-structure.1.pod
index d8545ad..f109997 100644
--- a/email-print-mime-structure.1.pod
+++ b/email-print-mime-structure.1.pod
@@ -35,8 +35,8 @@ do not interact with any local GnuPG keyring.
=item B<--use-gpg-agent>
If this flag is present, and B<email-print-mime-structure> encounters
-a PGP/MIME-encrypted part, it will try to decrypt the part using the
-secret keys found in the local installation of GnuPG.
+a PGP/MIME- or S/MIME-encrypted part, it will try to decrypt the part
+using the secret keys found in the local installation of GnuPG.
If both B<--pgpkey=>I<KEYFILE> and B<--use-gpg-agent> are
supplied, I<KEYFILE> arguments will be tried before falling back to
@@ -49,8 +49,8 @@ stderr.
=item B<--no-use-gpg-agent>
-Don't try to decrypt PGP/MIME-encrypted parts using secret keys found
-in the local installation of GnuPG. This is the default.
+Don't try to decrypt PGP/MIME- or S/MIME-encrypted parts using secret
+keys found in the local installation of GnuPG. This is the default.
=item B<--help>, B<-h>
diff --git a/tests/email-print-mime-structure.sh b/tests/email-print-mime-structure.sh
index 0b70d73..6e510ca 100755
--- a/tests/email-print-mime-structure.sh
+++ b/tests/email-print-mime-structure.sh
@@ -11,15 +11,22 @@ test_eml() {
for eml in tests/email-print-mime-structure/*.eml; do
base="${eml%%.eml}"
pgpkey="$base.pgpkey"
+ p12key="$base.p12"
if [ -e "$pgpkey" ]; then
printf "Testing %s (PGPy)\n" "${eml##*/}"
test_eml "$base" --pgpkey "$pgpkey"
testgpghome=$(mktemp -d)
- printf "Testing %s (GnuPG)\n" "${eml##*/}"
+ printf "Testing %s (GnuPG PGP/MIME)\n" "${eml##*/}"
gpg --homedir="$testgpghome" --batch --quiet --import <"$pgpkey"
GNUPGHOME="$testgpghome" test_eml "$base" --use-gpg-agent
rm -rf "$testgpghome"
+ elif [ -e "$p12key" ]; then
+ testgpghome=$(mktemp -d)
+ printf "Testing %s (GnuPG S/MIME)\n" "${eml##*/}"
+ gpgsm --pinentry-mode=loopback --passphrase-fd 4 4<<<'' --homedir="$testgpghome" --batch --quiet --import <"$p12key"
+ GNUPGHOME="$testgpghome" test_eml "$base" --use-gpg-agent
+ rm -rf "$testgpghome"
else
printf "Testing %s\n" "${eml##*/}"
test_eml "$base"
diff --git a/tests/email-print-mime-structure/bob.p12 b/tests/email-print-mime-structure/bob.p12
new file mode 100644
index 0000000..9fab0f7
--- /dev/null
+++ b/tests/email-print-mime-structure/bob.p12
@@ -0,0 +1,75 @@
+-----BEGIN PKCS12-----
+MIINiQIBAzCCDVEGCSqGSIb3DQEHAaCCDUIEgg0+MIINOjCCBCcGCSqGSIb3DQEH
+BqCCBBgwggQUAgEAMIIEDQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQI/+8I
+czkNqNMCAhTDgIID4LqgVEoIBRg9DJ/0mTzz0KZzGhs5aH6jWrgvZNFEPL5pL7lc
+LidUXkQVKQC1h2DGh+LNG6BXdLwXXei0J7YscBSXiV9CzHxdBtpn2tNvYtwTFS8x
+myfZZaKTsJy9+NE11uJzGob9e9A8vtBTuwU41TIxLzP9KpAJe6ylMrnSDu3S+wJI
+ZhvcaigeEsAksqJFo9jBO+qa0EW3FLAvPfM6uTcLP6b/dBwXwtXCs46ePVNl/sVY
+GB2fqQfq/+tTAs044YtAG/BCcxZfuWcFnIB/5St5UXLcBQD9aCAKs0x336xsv4uN
+lQ+BR26yjekdKtltyw0r5IqRSGOw5FJTE6RuNMOCBNL+zgzcVsdrFE0vB7IHSjwB
+TuudcoVGuzyMLQCJxiq5ytnkG8A1LeO7Jsj/LScI7WxFAW1LXy5tTeQ6I2/rayRd
+aU3uKENcD76+rC0JVHW+gRO2pweE5yXzR3Lo5t3wGHruSggO8o0Egp8N167OJPJ3
+j0Eo7W4vodZBjcDx00Xa78mfgYBI0pTJMnFMFV0lL+aaFAJ81LvJM9P7A/oCKmoz
+PfjYcI19GNm/4Qu13eV3/QDAWFuXo8ThPiMf+i7AqR9BrH3L/wq6EimmldJ9cm1O
+D9bjYA4zUJou3i4ojn0IRxeSG2dDda1haufw42vT1OXbcDDKap+o/tbsJhvNfEnS
+E7/R4XwskyQSCeTH3U82Z7JcID44tPSTbElomu8zOviZYBvkKXMUetOS20Naa2XE
+nOxHXthZF/losvh33HxElPKoyq4JPf2S+9a+wpUD2ZmoBAtTvtXPQf+oJ5r3nUAJ
+pMB8ZIetKg/dgFPFIRDcxiVAOO8J/ozvDJ0y+dzjHmHq9KP7z5Hnm7YcMB0A5Eto
+ebhyTjV1hJ+rEvTnFQz11XTaLSWzBn3NJFZGd7pn4IFbSptFGStBD7UqvNpZlB5g
+pBxiTPI0gXW7QqljvrOplzS/BVJX+xd/++ERWOrpNQcdYLkwe9VyVYdIZbAS5Uo4
+wyo4ukf5ezs+75In6Bq/R+xbHOw26dg8Wd60FM00/wEQklm8DsTUX4T1YmAN0VCp
+/SMlRJehB98flezwe4CN9VNZoQtqbr5DCfoZTCZvLuVv0Nz6TrOpaKuZk6gQ1k48
+UFRVkoWTkHlgRhyr1LzPl9iBLNdOhvIAaeRpk1IMzHONOspe/kL1Rpa9VLfJDQsS
+nN3Y0WKLhXuMjJzVcqQlQCbhCWAhcunrZWu1goJI8slYPF+sIHR+kjFSO18tIZx5
+D0lvTwPOvdwEK52GvPWT+TyJHsG42qQx3bWLKsi0TsmdlVNCfr4RvZws/J4dMIID
+rwYJKoZIhvcNAQcGoIIDoDCCA5wCAQAwggOVBgkqhkiG9w0BBwEwHAYKKoZIhvcN
+AQwBAzAOBAhiY4Jp1m+iFwICFFmAggNo0j1zfN60d9k+/rfJnF27xH/4lShwF7O6
+u5WMz206kDo2iDB+RkdmcaY+DVqXgIg9eF4/DMsZRVK7LZ6t8F+DgOMVnBDT8JFh
+Kkl1Mh9X3nXHbLbJ2CKjMGt+9M9w6obZZnZdaopxA93+lFELC5YX2zW7bwNdrVQi
+/2ZeFp0UknUXx1WL/g/IWczYxhH4u9WQEdfnmcpXgHSzCCKUKrcHSi5qS6KevP53
+4UV9nfw1xjj3ovjLgUqXFscB8MiO4D4e/nSDsyqzJKjKEDM04Vokj7XB9kZ7Umog
+7Gh1lKu0s4e/McFz3wgBZyaWfAkwCbgBu4yIemLRdLuCAseg8W0kunlTDUpELLiV
+LNrKgJJlFqe1TsMeEs9j+5V2+6RfNijfU6O3csOqbWaQfZIF59/e+sfGH9NZLnqI
+S6eqlv03Axuepl9lZ1eDSIviPUaixJNiJQqXAhKwGZenNyylAmc5U/tkn1ru0JEc
+yQ2+oDgddLmKxGK2rmozjM9U+pvF9BtPfNEH1tMlbsi0aKQXGh2+CZh6dwdQig7C
+90iNCuD7etJDXXUn8g3rpAPfSEmw4UO7ASXtNIaPMve93i7B+C5EN7GtdFiU23CE
+rKsKB3YiMUFmy7AvHOa3a6QrvZJZy70Y0GQ46HQBAXWoLtWmHWDHwTGghv+StcyP
+UHGSvbN42nAMVL6egjgP6+5GBNcKS0GvXDvKchXwTDa1KpDRQ1GBHZCjdagZ78Wk
+/2GqASWj9vXsR3cJRPxzpPFgAcz7QMxpt+WBIczV1oAhJCSwWT5LumuIU8GqnkEY
+DtOhIM2PuRiFBpxRyt218yHgbaCUhwy9hR9CMpidG90JR2d/OrSn7+zip1LRZp4q
+71fW2HAM0L4z5L+YVjLjrg5mWXMZNXLs5zGPp3UawyALq97Cuvb6areS7eTQfXwC
+qnlIa/0Fmbnl0BpXVeVS1Wcw+z9+O62uujj3IW9ZD06FGHWIBrhu1rpZkdurnSHa
+Jg2GCdiFCPwiZQTCYaArcmko7vdmPYwf3kcvq23AM8q3y6QIB4zR13PYfEyPYS8+
+s37lmVYDRDShckmX1s7z5SbLOF9GaVf7nYrWqvHKjvaZZVhbYbB18kd+XD1hI9SA
+dgL2KCNQSTybehajcnAJFTj8z68FGw1Ap2T9lA0642cwggVYBgkqhkiG9w0BBwGg
+ggVJBIIFRTCCBUEwggU9BgsqhkiG9w0BDAoBAqCCBO4wggTqMBwGCiqGSIb3DQEM
+AQMwDgQISzl3tAkOl20CAhQXBIIEyG19jVMLbZ7/FlMtMWpwLC448V5BvdtC8V2v
+fDcAwVD0xA0xo9rK/lXrglOg1yjoGaQqG2nookNdngbomJzsbvPLHXDQwwmYlWhb
+KtX+hcKmBfjPsZj4QIhb56aG5UQIjI+os1R4VIfNDwP+J2K/34bhTS9DbFsGMo51
+8euxESBeJv4oYrPERI7opC5VYRGx4aFnbGsqp8ms1g13SGlVVw8b2puO/ZwLDsNK
+uEBstIFuDUinTSOoCgYELkrXt36sB2g9k4mbksjzb1UhpfQyNvxja+ZI+5av+URL
+Mun1gMWElvrrC44GNAGGqm7bV8JIvsb0AMw7iIQj9NL1q9ECuEde7vvyHnE0m4a8
+MtLqZkPQ6xMsrrcAf/n/h0hDdZooLkdMCQUWauNF1vjLe+3c3ZFdP6t+jHRggXk4
+lwVlu8Hwr2QTO//vuvXFlF+JBzMWfvgtUsnQrseja1e0Y6fl6LjjLfUfF5ZfSbAq
+6cbU7IkGoHdykIZvwG7ptyzV0GA7ohd957aT+81JYzQy9S9y8Es4UBOvY1QUFqY6
+POk5xXHhvsazlIwqriytsbQcO+Uvms/02s1ZKw4nTy7boWpx+nv3nRhgDmDAA2PR
+fYyxSMLxmSM+dlexewiqChvwiU6D5I1zaXAyWAxsMe8npfO+aknl9QHZwgtoRc2R
+ZMJoPQ2kmYc/1FwjZf9f+yQF2IIL5G2Igj6l/RcqWFv2xOqhvzlitPV+ukYvVGN6
+gTXUndNU5dwvzbUavh2HdP+/S8Q/+CZCWzBsLRAkm9TClDujOVDB0R3zOObDiTLE
+KDiEt6uP4u+Riu4NiaKIXjkT/OTR6OO2fkxeiQQwOJZvYBUE4uDDgeUH28mFlRJ/
+q1E2Se1c0OPgHMc6BSh0oRVJAtvAAQXW1Ndykdu7m0ueZpg89yGItdTNH1jG+Y2O
+D6+8x9G0IaOBgNS0Oy7Phf1rVGgeREfDZ5ddoJLDicw8kTn5ymCVmCqAwsiW8B17
+bWcdekb+pu2pJSldD9RkcvmwGRVRk82qq8Cu73zVRA993VVEE+1Mb4eILQVyV61F
+FMx+IU/6xMtzez2sKOI4HiMS25KzXRMMoJtLkr4r0SDjOlqPN+xTaPb9QXSVIyCH
+Ikls0vmZA19rVAYXZgzEyKCgtfJtSb794qZ/+5QP6P90R0NsKxbO2iq7WhKC3YMq
+JFZpCb+M28xwrGxEHSSINLHGLBrDNW00GSx9vnlIzqdc5LIVI3EPqyb/YYKWYxks
+LkSUhrhTAaL8vCkQk4jYgSmO0rsCUGRFkezJexURegc+r5ypC6Xjl6fEmntwDXoc
+Ua6FxnZ8V7JTe2zskj137y9DJqhQUQUNoLauiwQwLFQ1sohU7HEypEXWuq038e/7
+4fImxY8C4u40N87jbNkyCyhD8ofXWwi5/AlrB8kOV8ntS184OeJ5vaZtcWtiy2/x
+3BAnzTZ1MUX4XObVfBToYrMDgBLQFWpi+KVD81kGrAZAUhL20EW8nBlQXG+ga7+K
+mOw++G529hgtW3TCfnvhxIWjmcyaewMVIZMixWwUNhrmr8RnVkhW49FwmShNMrR6
+ntBT3ymAlQBrh6u3M8NE9P2qN7Nj/DpxRQ+jhlyucqJhWVa8GAUf74IS11yW2zE8
+MBUGCSqGSIb3DQEJFDEIHgYAYgBvAGIwIwYJKoZIhvcNAQkVMRYEFAGsApDoOPSQ
+3hnulfMydOFmACinMC8wHzAHBgUrDgMCGgQUW6hXMfww6qG3p3HT+Y1sZMaVGK8E
+CNOpwA/Myb75AgIoAA==
+-----END PKCS12-----
diff --git a/tests/email-print-mime-structure/smime-encrypted.eml b/tests/email-print-mime-structure/smime-encrypted.eml
new file mode 100644
index 0000000..d24bcb3
--- /dev/null
+++ b/tests/email-print-mime-structure/smime-encrypted.eml
@@ -0,0 +1,24 @@
+Date: Sun, 24 Nov 2019 21:13:45 -0500
+Subject: test message
+Message-ID: <smime-encrypted@mailscripts.example>
+From: Alice <alice@mailscripts.example>
+To: Bob <bob@mailscripts.example>
+Content-Type: application/pkcs7-mime; smime-type="enveloped-data"
+Content-Transfer-Encoding: base64
+
+MIAGCSqGSIb3DQEHA6CAMIACAQAxggFhMIIBXQIBADBFMC0xKzApBgNVBAMTIlNhbXBsZSBMQU1Q
+UyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkCFCJT7jBtAgsfAs31ycE+Ot95phvCMA0GCSqGSIb3DQEB
+AQUABIIBAHBxGgCzLx/IlX44zQ8YZuSrkGcZw/X3GKh6zVKAxMPG2O0t/5zLHIaO8sDdDi0L+wQI
+F5erkeWFXaicNIQ279xytVyavscLRMl594et15Z4zaRPCwtUOg3QmHrl1fnsgiEj/PHVAxTHBF+m
+FYCSIs5kwRylLZeDwJOkIcGPYiXiyBz65FwxcUVUMXeTnbQ6wJOvCAbXWZzkgceIa4j51kqDp4ed
+ab+cxohJnAR/E5tgVkYTKGEkkc9kQdKvuv3ZWOfbV7bkWuTy6tIu7XGrAhed7zWnIvwL0kkK2Jt+
+d288j+aXDAi/lh94OTc35FhqS3/SsnZ6b1RnIUxGHfjSXAwwgAYJKoZIhvcNAQcBMB0GCWCGSAFl
+AwQBAgQQjRLFAT2Ajt5aLQBK1SmPmKCABIIBoCOFGqO1Pda3XKu29ntdGH20bXN2FkWBBxjFBeT/
+t/1gU94GthUCJWeAlIrNRcl7F+Nx5NukmpfEx7Pu1fX057H0j/IVYHGcbjZPnHXdliXqt4Y8KiSw
+FTxc42+Ma5YmagOQ4iuxTWnL/sSIDnw4aM3dJLyz8CuzBNox1tNIjFmNs6Bv/dFU/zubik1wjnH3
+XYE7a1ZWVsChCdsEO7g0MG6gxaJ9aKSeG1SMtQ+navxhJg8U6D2fcU/xN0uOhF3eDEmDtnRiTi7h
+3yXeOnDR9EYYGKvYG3xqUJPnP9iD15hsThuCIStilqWWFlq4WPKMMNlz+EiCSko1Xy+9EIAEHNxe
+/YwtgP2AQlJcDbVKay3d47EPeI0PFS3CaHTbEkiHyvubXBQRefY38me/gl+v0+Znw2ZRJ3v8Cs3Q
+FkmUga9b2tL0VUUk9RUFCJbexitwFICgWdJRhWiJvT4yxruTbokG1zDEIyaz8IObfbEp84STmdOW
+myVKq0nzbreWsP72l7wgD/GsXQWRMhlj3T1LStSxustGE7Ps4RGgDbYZJvLtBBBECnF/0MBqRk20
+pt/FtWhgAAAAAAAAAAAAAA==
diff --git a/tests/email-print-mime-structure/smime-encrypted.out b/tests/email-print-mime-structure/smime-encrypted.out
new file mode 100644
index 0000000..071be70
--- /dev/null
+++ b/tests/email-print-mime-structure/smime-encrypted.out
@@ -0,0 +1,7 @@
+└─╴application/pkcs7-mime 1196 bytes
+ ↧ (decrypts to)
+ └┬╴multipart/mixed 415 bytes
+ ├┬╴multipart/alternative 234 bytes
+ │├─╴text/plain 26 bytes
+ │└─╴text/html 72 bytes
+ └─╴text/plain attachment [test.txt] 33 bytes
diff --git a/tests/email-print-mime-structure/smime-encrypted.p12 b/tests/email-print-mime-structure/smime-encrypted.p12
new file mode 120000
index 0000000..ecb0ede
--- /dev/null
+++ b/tests/email-print-mime-structure/smime-encrypted.p12
@@ -0,0 +1 @@
+bob.p12 \ No newline at end of file