[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[sup-devel] [Heliotrope/Turnsole] GPG signature verification

To: sup-devel@rubyforge.org
Subject: [sup-devel] [Heliotrope/Turnsole] GPG signature verification
From: William Morgan <wmorgan@masanjin.net>
Date: Mon, 05 Mar 2012 14:45:20 -0800
Authentication-results: mx.google.com; spf=pass (google.com: domain of sup-devel-bounces@rubyforge.org designates 50.56.192.79 as permitted sender) smtp.mail=sup-devel-bounces@rubyforge.org
Delivered-to: eg@gaute.vetsj.com
Delivered-to: sup-devel@rubyforge.org
In-reply-to: <1330602132-sup-2087@stapelberg.de>
List-archive: <http://rubyforge.org/pipermail/sup-devel>
List-help: <mailto:sup-devel-request@rubyforge.org?subject=help>
List-id: Sup developer discussion <sup-devel.rubyforge.org>
List-post: <mailto:sup-devel@rubyforge.org>
List-subscribe: <http://rubyforge.org/mailman/listinfo/sup-devel>, <mailto:sup-devel-request@rubyforge.org?subject=subscribe>
List-unsubscribe: <http://rubyforge.org/mailman/options/sup-devel>, <mailto:sup-devel-request@rubyforge.org?subject=unsubscribe>
References: <1330602132-sup-2087@stapelberg.de>
Reply-to: Sup developer discussion <sup-devel@rubyforge.org>
Sender: sup-devel-bounces@rubyforge.org
User-agent: turnsole, a heliotrope client v.git

Excerpts from Michael Stapelberg's message of 2012-03-01 03:58:24 -0800:
> I tried implementing GPG signature verification first, and got it
> nearly working

Awesome!

> 1) In ChunkParser#chunks_for_message, the message object has multiple
> parts, which in turn are just hashes. At least in my tests, the first
> part usually has a "content" entry, but the second part doesn’t.

As background, these message parts are pre-digested things sent by
Heliotrope as a way of displaying messages without needing to download
all the attachments. They are based on MIME parts but undergo a lossy
transformation. The basic rule right now is that text parts include the
content by default, and non-text parts do not (and so require a separate
download).

> Therefore, I need to request it from heliotrope. Should I introduce a
> new class for that or am I missing an existing class which I can use
> for that?

I think introducing a new chunk class is the right approach.

> 2) For verification, I need the not-decoded MIME part, but heliotrope
> decodes MIME parts. Thus, I always get a bad signature. How should we
> fix this? Not decode MIME in heliotrope, but in turnsole? Decode MIME
> in both? Make turnsole get the raw message, too, for GPG (roundtrip
> alert!)?

I think you will need to get the entire raw message and MIME decode it
in turnsole.

BTW, you can look at Sup for a lot of relevant code. There is a
CryptoNotice class in message-chunks.rb, and an inline_gpg_to_chunks
method in message.rb. The structure is pretty similar to what you
see in Turnsole (although not, of course, identical).

Good luck!
-- 
William <wmorgan@masanjin.net>
_______________________________________________
Sup-devel mailing list
Sup-devel@rubyforge.org
http://rubyforge.org/mailman/listinfo/sup-devel

References:
- [sup-devel] [Heliotrope/Turnsole] GPG signature verification
  - From: Michael Stapelberg <michael+sup@stapelberg.de>

Prev by Date: Re: [sup-devel] [Heliotrope] search for cyrillic terms does not work
Next by Date: [sup-devel] [Heliotrope/Turnsole] RMail's parsing leads to SystemStackError
Previous by thread: [sup-devel] [Heliotrope/Turnsole] GPG signature verification
Next by thread: [sup-devel] [Turnsole] Lack of a test suite
Index(es):
- Date
- Thread