[sup-devel] [PATCH] Bugfix: for encrypted and signed messages, run verification and decryption separately

From: Michael Stapelberg <michael+sup@stapelberg.de>
To: sup-devel <sup-devel@rubyforge.org>
Subject: [sup-devel] [PATCH] Bugfix: for encrypted and signed messages, run verification and decryption separately
Date: Fri, 26 Mar 2010 05:33:07 +0100	[thread overview]
Message-ID: <1269577931-sup-7751@midna.zekjur.net> (raw)

[-- Attachment #1: Type: text/plain, Size: 317 bytes --]

Hi,

attached to this email you can find a patch which runs verification and
decryption of signed + encrypted messages separately. This is necessary
because GPG will stop decrypting a message when the signature cannot be
verified for any reason (like the public key not being in your keyring).

Best regards,
Michael

[-- Attachment #2: 0001-Bugfix-for-encrypted-and-signed-messages-run-verific.patch --]
[-- Type: application/octet-stream, Size: 2907 bytes --]

From e0f37167bfa4167901371df6ebb71f99b2b904fe Mon Sep 17 00:00:00 2001
From: Michael Stapelberg <michael@stapelberg.de>
Date: Thu, 25 Mar 2010 13:12:11 +0100
Subject: [PATCH] Bugfix: for encrypted and signed messages, run verification and decryption separately

gpg aborts if the signature cannot be verified, even though it
might still be able to decrypt the message.
---
 lib/sup/crypto.rb |   40 ++++++++++++++++++++--------------------
 1 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/lib/sup/crypto.rb b/lib/sup/crypto.rb
index 28a6054..289fb0e 100644
--- a/lib/sup/crypto.rb
+++ b/lib/sup/crypto.rb
@@ -97,6 +97,20 @@ EOS
     encrypt from, to, payload, true
   end
 
+  def verified_ok? output, rc
+    output_lines = output.split(/\n/)
+
+    if output =~ /^gpg: (.* signature from .*$)/
+      if rc == 0
+        Chunk::CryptoNotice.new :valid, $1, output_lines
+      else
+        Chunk::CryptoNotice.new :invalid, $1, output_lines
+      end
+    else
+      unknown_status output_lines
+    end
+  end
+
   def verify payload, signature, detached=true # both RubyMail::Message objects
     return unknown_status(cant_find_binary) unless @cmd
 
@@ -115,17 +129,8 @@ EOS
     else
       output = run_gpg "--verify #{signature_fn.path}"
     end
-    output_lines = output.split(/\n/)
 
-    if output =~ /^gpg: (.* signature from .*$)/
-      if $? == 0
-        Chunk::CryptoNotice.new :valid, $1, output_lines
-      else
-        Chunk::CryptoNotice.new :invalid, $1, output_lines
-      end
-    else
-      unknown_status output_lines
-    end
+    self.verified_ok? output, $?
   end
 
   ## returns decrypted_message, status, desc, lines
@@ -139,7 +144,7 @@ EOS
     output_fn = Tempfile.new "redwood.output"
     output_fn.close
 
-    message = run_gpg "--output #{output_fn.path} --yes --decrypt #{payload_fn.path}", :interactive => true
+    message = run_gpg "--output #{output_fn.path} --skip-verify --yes --decrypt #{payload_fn.path}", :interactive => true
 
     unless $?.success?
       info "Error while running gpg: #{message}"
@@ -149,15 +154,10 @@ EOS
     output = IO.read output_fn.path
     output.force_encoding Encoding::ASCII_8BIT if output.respond_to? :force_encoding
 
-    ## there's probably a better way to do this, but we're using the output to
-    ## look for a valid signature being present.
-
-    sig = case message
-    when /^gpg: (Good signature from .*$)/i
-      Chunk::CryptoNotice.new :valid, $1, message.split("\n")
-    when /^gpg: (Bad signature from .*$)/i
-      Chunk::CryptoNotice.new :invalid, $1, message.split("\n")
-    end
+    ## check for a valid signature in an extra run because gpg aborts if the
+    ## signature cannot be verified (but it is still able to decrypt)
+    sigoutput = run_gpg "#{payload_fn.path}"
+    sig = self.verified_ok? sigoutput, $?
 
     if armor
       msg = RMail::Message.new
-- 
1.6.5


[-- Attachment #3: Type: text/plain, Size: 143 bytes --]

_______________________________________________
Sup-devel mailing list
Sup-devel@rubyforge.org
http://rubyforge.org/mailman/listinfo/sup-devel
