Re: [nmh-workers] Additional features for S/MIME support

[Ken Hornstein]

>if possible please keep that part generic enough to also work for
>pgp/mime (https://tools.ietf.org/html/rfc3156). i strongly suspect that
>there's fewer hoops to jump through for pgp/mime than for s/mime, so
>supporting both shouldn't be onerous.

It looks like there's a fair amount of overlap.  Oh, there is one additional
bit of tooling I think is necessary: being able to specify the "raw" contents
of a multipart part when CREATING a message.

>>All of these seem like they are extra stuff that should be added to mhstore.
>
>i'm not entirely sure how you envision that split between nmh and 'other
>tools' to work, because you mention both generating s/mime messages
>and mhstore at the same time.

Let me see if I can make it clear enough.  Here's my vauge idea of
a sample script that would generate a S/MIME multipart/signed.  The
argument is a nmh draft file.  Pretend error checking is being done,
cleanup on exit, etc etc.

#!/bin/sh

mhbuild -auto -directives $1
mhstore -file $1 -headers -outfile /tmp/newdraft.$$
mhstore -file $1 -toplevel -canonical -multicontent -outfile 
/tmp/body-canonical.$$
mhstore -file $1 -toplevel -multicontent -outfile /tmp/body.$$
[ ... command to sign the data in /tmp/body-canonical.$$, output in
  /tmp/signdata.$$ ]
echo "------" >> /tmp/newdraft.$$
echo "#begin signed; protocol=application/pkcs7-signature; micalg=sha-256" >> 
/tmp/newdraft.$$
# This is a hypothetical syntax for including "pre-formed" multipart content
echo '#!<' >> /tmp/newdraft.$$
cat /tmp/body.$$ >> /tmp/newdraft.$$
echo "#application/pkcs7-signature; name=smime.p7s {attachment; 
filename=smime.p7s} /tmp/signdata.$$" >> /tmp/newdraft.$$
echo "#end" >> /tmp/newdraft.$$

mhbuild /tmp/newdraft.$$

exit 0

Does that make sense?  I'm not sure that's all 100% correct, but I think it
is kinda close.  What you would do with PGP/GPG is pretty close to that,
I think.

--Ken