[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[sup-devel] [Heliotrope/Turnsole] GPG signature verification



Excerpts from Michael Stapelberg's message of 2012-03-01 03:58:24 -0800:
> I tried implementing GPG signature verification first, and got it
> nearly working

Awesome!

> 1) In ChunkParser#chunks_for_message, the message object has multiple
> parts, which in turn are just hashes. At least in my tests, the first
> part usually has a "content" entry, but the second part doesn’t.

As background, these message parts are pre-digested things sent by
Heliotrope as a way of displaying messages without needing to download
all the attachments. They are based on MIME parts but undergo a lossy
transformation. The basic rule right now is that text parts include the
content by default, and non-text parts do not (and so require a separate
download).

> Therefore, I need to request it from heliotrope. Should I introduce a
> new class for that or am I missing an existing class which I can use
> for that?

I think introducing a new chunk class is the right approach.

> 2) For verification, I need the not-decoded MIME part, but heliotrope
> decodes MIME parts. Thus, I always get a bad signature. How should we
> fix this? Not decode MIME in heliotrope, but in turnsole? Decode MIME
> in both? Make turnsole get the raw message, too, for GPG (roundtrip
> alert!)?

I think you will need to get the entire raw message and MIME decode it
in turnsole.

BTW, you can look at Sup for a lot of relevant code. There is a
CryptoNotice class in message-chunks.rb, and an inline_gpg_to_chunks
method in message.rb. The structure is pretty similar to what you
see in Turnsole (although not, of course, identical).

Good luck!
-- 
William <wmorgan@masanjin.net>
_______________________________________________
Sup-devel mailing list
Sup-devel@rubyforge.org
http://rubyforge.org/mailman/listinfo/sup-devel