[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: epg.el: epg--status-GET_LINE not working?

From: Teemu Likonen
Subject: Re: epg.el: epg--status-GET_LINE not working?
Date: Wed, 05 Jul 2017 22:03:30 +0300
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux)

Daiki Ueno [2017-07-05 18:25:29+02] wrote:

> Teemu Likonen <address@hidden> writes:
>> I suggest a minimal handler so that epg wouldn't wait GET_LINE input in
>> tofu conflicts (which currently doesn't work anyway) and
>> epg-signature-to-string function would return a string like this:
>>     Good signature from [keyid] [user id] (tofu conflict) created at
>>     [date] using [algorithm]
>> I believe epg is mostly used with Gnus and that line alone is useful.
> Would that work?  I mean, if there is an unresolved tofu conflict,
> shouldn't signature verification fail?

Yes and no. There are two different point of views in verification:

 1. Signature is "good" if message's content matches the signature hash
    (message were not altered). Otherwise the signatures is "bad". This
    part can be "good" even if there is a tofu conflict.

 2. The key that made the signature is valid (we trust that it belong to
    the person we think). Gpg returns: TRUST_ULTIMATE, TRUST_FULLY,
    TRUST_MARGINAL etc. If there is a tofu conflict we don't get that
    TRUST_* information at all from gpg.

> Anyway, I would rather ignore "tofu.conflict" like the attached patch
> (not tested), until it becomes really useful.

I agree but with a small addition. That skips the "GET_LINE
tofu.conflict" case (which I think is good) but user is left without any
information about what happened. Function epg-signature-to-string will
return a string like this:

    Good signature from [keyid] [user id] created at
    2017-07-05T21:25:57+0300 using RSA

The signature is good but the usual "(trust ...)" is missing so there is
no information about key's validity. I suggest adding just the tofu
conflict info. With a patch like below the mentioned function would

    Good signature from [keyid] [user id] (trust: tofu-conflict) created
    at 2017-07-05T21:25:57+0300 using RSA

diff --git i/lisp/epg.el w/lisp/epg.el
index c701954b75..80bcea8064 100644
--- i/lisp/epg.el
+++ w/lisp/epg.el
@@ -421,7 +421,7 @@ epg-signature-to-string
                   (epg-decode-dn user-id)))
      (if (epg-signature-validity signature)
-        (format " (trust %s)"  (epg-signature-validity signature))
+        (format " (trust: %s)"  (epg-signature-validity signature))
      (if (epg-signature-creation-time signature)
         (format-time-string " created at %Y-%m-%dT%T%z"
@@ -905,12 +905,21 @@ epg--status-GET_LINE
   (let ((entry (assoc string epg-prompt-alist))
     (condition-case nil
-       (process-send-string (epg-context-process context)
-                            (concat (read-string
-                                     (if entry
-                                         (cdr entry)
-                                       (concat string ": ")))
-                                    "\n"))
+       (process-send-string
+         (epg-context-process context)
+         (cond ((equal string "tofu.conflict")
+                (let ((signature
+                       (car (epg-context-result-for context 'verify))))
+                  (when (and signature
+                             (eq (epg-signature-status signature) 'good))
+                    (setf (epg-signature-validity signature)
+                          'tofu-conflict))
+                  "\n"))
+               (t (concat (read-string
+                           (if entry
+                               (cdr entry)
+                             (concat string ": ")))
+                          "\n"))))
        context 'error

Attachment: signature.asc
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]