| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
| |
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
PKCS#7 offers a signed-only mode which is distinct from
multipart/signed. This mode is more robust to breakage by
transforming MTAs, but it is also unreadable *unless* the receiver
knows how to cope with S/MIME.
See https://tools.ietf.org/html/rfc8551#section-3.5 for more details
about the different formats.
email-print-mime-structure should now be able to handle these messages
and display the structure of their content as well.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Acked-by: Sean Whitton <spwhitton@spwhitton.name>
|
| |
|
|
|
|
|
|
|
|
|
| |
I plan to use the same harness to try to transform other leaf subparts
that might be extractable into a MIME subtree, not just decryption.
So give it a more generic name.
No functional change.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Acked-by: Sean Whitton <spwhitton@spwhitton.name>
|
| |
|
|
|
|
|
|
|
|
| |
If the user supplies a secret key like the ones found in
https://www.ietf.org/id/draft-dkg-lamps-samples-01.html, then
email-print-mime-structure will try to use that for decryption of
CMS-encrypted (S/MIME) message parts.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Acked-by: Sean Whitton <spwhitton@spwhitton.name>
|
| |
|
|
|
|
|
|
|
|
| |
Decrypt ciphertext using gpgsm if the user has indicated that it's ok.
This includes a new element in the test suite, which uses secret key
material from https://www.ietf.org/id/draft-dkg-lamps-samples-01.html
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Acked-by: Sean Whitton <spwhitton@spwhitton.name>
|
| |
|
|
|
|
|
| |
No functional change.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Acked-by: Sean Whitton <spwhitton@spwhitton.name>
|
| |
|
|
|
|
|
| |
No functional change.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Acked-by: Sean Whitton <spwhitton@spwhitton.name>
|
| |
|
|
|
|
|
|
| |
Fully decode the encrypted part before passing it to any decryption
mechanism.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Acked-by: Sean Whitton <spwhitton@spwhitton.name>
|
| |
|
|
|
|
|
|
|
| |
As we prepare for S/MIME decryption, we want to identify pgp
decryption as just one type of decryption. There is no functional
change here.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Acked-by: Sean Whitton <spwhitton@spwhitton.name>
|
| |
|
|
|
|
|
| |
This allows the user to avoid being affected by any future change in
the default.
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Turns out that type=bool doesn't really do what we want it to do (see
https://bugs.python.org/issue37564), and there is no built-in easy
answer for argparse to accept a boolean value sensibly
(e.g. type='bool', which might be able to handle "yes" and "no" and
"1" and "0" and "on" and "off" as well as "true" and "false", etc)
So rather than implement all of that here, we'll just have
--use-gpg-agent as a simple flag. This is an API change, but the
previous API has only been out for a few days, and the tool is
documented for interactive use.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
|
| |
|
|
|
|
|
|
| |
This is modeled after the use of argcomplete in diffoscope, and it
should be possible to use it for any other pythonic mailscript that
uses argparse.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In some cases, the user may want to try to use their own GnuPG secret
keys to decrypt encrypted parts of the message.
By default it is disabled so that we aren't accidentally triggering
the use of user secret key material.
Note that gpg(1) says:
It is highly recommended to use [--batch] along with the options
--status-fd and --with-colons for any unattended use of gpg.
I am deliberately choosing to not use either --status-fd or
--with-colons for email-print-mime-structure.
I'm not using --with-colons because there is no output from GnuPG that
we expect to be machine-readable -- we're just looking for the cleartext
of whatever ciphertext is in the message part.
I'm not using --status-fd because there is nothing actionable we can do
with GnuPG status messages, and asking for them would require switching
from subprocess.run to subprocess.Popen to take advantage of the
pass_fds argument, which in turn would make the script only work in a
POSIX environment (I believe, but have not tested, that the script can
currently be used on Windows).
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
|
| |
|
|
|
|
|
|
| |
No functional change here: this just prepares for adding other
decryption capabilities.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Acked-by: Sean Whitton <spwhitton@spwhitton.name>
|
| |
|
|
|
|
|
|
| |
This has no functional changes, it's just a reorganization for easier
readability. Thanks to Sean Whitton for the suggestion.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Acked-by: Sean Whitton <spwhitton@spwhitton.name>
|
| |
|
|
|
|
|
|
| |
We want to make sure we're decrypting the thing that we expect. This
typecheck should keep us honest.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Acked-by: Sean Whitton <spwhitton@spwhitton.name>
|
| |
|
|
|
|
| |
For consistency with the manpage.
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add simple decryption capability for email-print-mime-structure, so
that it can do stuff like this:
$ email-print-mime-structure --pgpkey alice@openpgp.example.sec.asc < msg.eml
└┬╴multipart/encrypted 2190 bytes
├─╴application/pgp-encrypted 11 bytes
└─╴application/octet-stream 1613 bytes
↧ (decrypts to)
└─╴text/plain 425 bytes
$
At the moment, it only works with keys that can be found in the
filesystem, and when the pgpy module is installed.
Possible future work:
- try using gpg to do the decryption from whatever gpg's system
capabilities are
I've added python3-pgpy to the list of Recommends, since it is not a
hard dependency.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
|
| |
|
|
|
|
| |
No functional changes. This is just a more readable function name.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
|
| |
|
|
| |
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
|
| |
|
|
|
|
|
|
|
| |
No functional change.
This is preparatory work to be able to consider the structure of each
part and determine whether we should consider trying to decrypt it.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
|
| |
|
|
|
|
| |
No functional changes.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
|
| |
|
|
|
|
|
|
| |
This adds a -h and --help option, which is currently pretty useless.
But the argparse will become useful shortly.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
|
| |
|
|
|
|
|
| |
No functional changes. This is a refactoring commit to provide some
non-global scoping and easier readability.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
|
| |
|
|
|
|
|
|
|
|
|
| |
We will need to send arguments to the printer, so it's handy to wrap
the functionality in a class.
No functional changes.
This diff is probably best reviewed with whitespace changes ignored.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
|
| |
|
|
|
|
|
|
| |
This adds enough typechecking that the following check passes:
mypy --strict email-print-mimestructure
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
|
| |
|
|
| |
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
|
|
|
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
|
