* [sup-devel] [Heliotrope/Turnsole] GPG signature verification
@ 2012-03-01 11:58 Michael Stapelberg
2012-03-05 22:45 ` William Morgan
0 siblings, 1 reply; 2+ messages in thread
From: Michael Stapelberg @ 2012-03-01 11:58 UTC (permalink / raw)
To: sup-devel
Hi,
Before I can actually switch to Heliotrope/Turnsole, I need to have GPG working
properly. I tried implementing GPG signature verification first, and got it
nearly working, but before I go down the rabbit hole too far, I decided to ask
a few questions here first:
1) In ChunkParser#chunks_for_message, the message object has multiple parts,
which in turn are just hashes. At least in my tests, the first part usually
has a "content" entry, but the second part doesn’t. Therefore, I need to
request it from heliotrope. Should I introduce a new class for that or am I
missing an existing class which I can use for that? Chunk::Attachment has
very similar functionality with its content method.
2) For verification, I need the not-decoded MIME part, but heliotrope decodes
MIME parts. Thus, I always get a bad signature. How should we fix this? Not
decode MIME in heliotrope, but in turnsole? Decode MIME in both? Make
turnsole get the raw message, too, for GPG (roundtrip alert!)?
Best regards,
Michael
_______________________________________________
Sup-devel mailing list
Sup-devel@rubyforge.org
http://rubyforge.org/mailman/listinfo/sup-devel
^ permalink raw reply [flat|nested] 2+ messages in thread
* [sup-devel] [Heliotrope/Turnsole] GPG signature verification
2012-03-01 11:58 [sup-devel] [Heliotrope/Turnsole] GPG signature verification Michael Stapelberg
@ 2012-03-05 22:45 ` William Morgan
0 siblings, 0 replies; 2+ messages in thread
From: William Morgan @ 2012-03-05 22:45 UTC (permalink / raw)
To: sup-devel
Excerpts from Michael Stapelberg's message of 2012-03-01 03:58:24 -0800:
> I tried implementing GPG signature verification first, and got it
> nearly working
Awesome!
> 1) In ChunkParser#chunks_for_message, the message object has multiple
> parts, which in turn are just hashes. At least in my tests, the first
> part usually has a "content" entry, but the second part doesn’t.
As background, these message parts are pre-digested things sent by
Heliotrope as a way of displaying messages without needing to download
all the attachments. They are based on MIME parts but undergo a lossy
transformation. The basic rule right now is that text parts include the
content by default, and non-text parts do not (and so require a separate
download).
> Therefore, I need to request it from heliotrope. Should I introduce a
> new class for that or am I missing an existing class which I can use
> for that?
I think introducing a new chunk class is the right approach.
> 2) For verification, I need the not-decoded MIME part, but heliotrope
> decodes MIME parts. Thus, I always get a bad signature. How should we
> fix this? Not decode MIME in heliotrope, but in turnsole? Decode MIME
> in both? Make turnsole get the raw message, too, for GPG (roundtrip
> alert!)?
I think you will need to get the entire raw message and MIME decode it
in turnsole.
BTW, you can look at Sup for a lot of relevant code. There is a
CryptoNotice class in message-chunks.rb, and an inline_gpg_to_chunks
method in message.rb. The structure is pretty similar to what you
see in Turnsole (although not, of course, identical).
Good luck!
--
William <wmorgan@masanjin.net>
_______________________________________________
Sup-devel mailing list
Sup-devel@rubyforge.org
http://rubyforge.org/mailman/listinfo/sup-devel
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2012-03-06 0:16 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-03-01 11:58 [sup-devel] [Heliotrope/Turnsole] GPG signature verification Michael Stapelberg
2012-03-05 22:45 ` William Morgan
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox