From 3c84e68d79ed84f916f1b983168d58e0f360686b Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Mon, 25 Nov 2019 16:45:48 -0500
Subject: email-print-mime-structure: decrypt S/MIME parts using gpgsm

Decrypt ciphertext using gpgsm if the user has indicated that it's ok.

This includes a new element in the test suite, which uses secret key
material from https://www.ietf.org/id/draft-dkg-lamps-samples-01.html

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Acked-by: Sean Whitton <spwhitton@spwhitton.name>
---
 email-print-mime-structure | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'email-print-mime-structure')

diff --git a/email-print-mime-structure b/email-print-mime-structure
index d152b34..e82d56e 100755
--- a/email-print-mime-structure
+++ b/email-print-mime-structure
@@ -83,6 +83,7 @@ class MimePrinter(object):
         print(f'{prefix}{z.get_content_type()}{cset}{disposition}{fname} {nbytes:d} bytes')
         cryptopayload:Optional[Message] = None
         try_pgp_decrypt:bool = self.args.pgpkey or self.args.use_gpg_agent
+        try_cms_decrypt:bool = self.args.use_gpg_agent
 
         if try_pgp_decrypt and \
            (parent is not None) and \
@@ -91,6 +92,13 @@ class MimePrinter(object):
            (num == 2):
             cryptopayload = self.decrypt_part(z, EncType.PGPMIME)
 
+        if try_cms_decrypt and \
+           cryptopayload is None and \
+           z.get_content_type().lower() == 'application/pkcs7-mime' and \
+           str(z.get_param('smime-type')).lower() in ['authenveloped-data',
+                                                      'enveloped-data']:
+            cryptopayload = self.decrypt_part(z, EncType.SMIME)
+
         if cryptopayload is not None:
             newprefix = prefix[:-3] + ' '
             print(f'{newprefix}↧ (decrypts to)')
@@ -107,6 +115,9 @@ class MimePrinter(object):
                 cryptopayload = self.pgpy_decrypt(self.args.pgpkey, ciphertext)
             if cryptopayload is None and self.args.use_gpg_agent:
                 cryptopayload = self.pipe_decrypt(ciphertext, ['gpg', '--batch', '--decrypt'])
+        elif flavor == EncType.SMIME:
+            if self.args.use_gpg_agent:
+                cryptopayload = self.pipe_decrypt(ciphertext, ['gpgsm', '--batch', '--decrypt'])
         if cryptopayload is None:
             logging.warning(f'Unable to decrypt')
         return cryptopayload
-- 
cgit v1.2.3