From 1e98a0702f7490d03b0c872d520c62080a7b941e Mon Sep 17 00:00:00 2001 From: Andrew Engelbrecht Date: Mon, 27 Jul 2015 16:48:04 -0400 Subject: [PATCH] Removed clearsigning verification Clearsigning is difficult to verify for all encodings and is not a part of RFC 3156. Inclusion in this program would encourage its use and lead users into issues down the road when interacting with other people using clients that do not support this out of spec feature. Enigmail uses PGP/MIME by default so users should have an easy time not creating clearsigned text in their messages unless they decide to paste clearsigned text straight into a message. Because the email self-defence guide guides the user through the steps of installing and setting up enigmail, I am not concerned about leaving out this feature. --- edward | 54 +++-------------------------------------- tests/gpg-flatten-3.out | 4 ++- tests/gpg-flatten-4.out | 11 +++------ 3 files changed, 10 insertions(+), 59 deletions(-) diff --git a/edward b/edward index 4a487c3..922d939 100755 --- a/edward +++ b/edward @@ -54,9 +54,7 @@ langs = ["de", "el", "en", "fr", "ja", "pt-br", "ro", "ru", "tr"] edward.""" -match_types = [('clearsign', - '-----BEGIN PGP SIGNED MESSAGE-----.*?-----BEGIN PGP SIGNATURE-----.*?-----END PGP SIGNATURE-----'), - ('message', +match_types = [('message', '-----BEGIN PGP MESSAGE-----.*?-----END PGP MESSAGE-----'), ('pubkey', '-----BEGIN PGP PUBLIC KEY BLOCK-----.*?-----END PGP PUBLIC KEY BLOCK-----'), @@ -600,14 +598,6 @@ def gpg_on_payloads (eddymsg_obj, gpgme_ctx, prev_parts=[]): piece.gpg_data = GPGData() piece.gpg_data.keys = key_fps - elif piece.piece_type == "clearsign": - (plaintext, sig_fps) = verify_clear_signature(piece.string, gpgme_ctx) - - if sig_fps != []: - piece.gpg_data = GPGData() - piece.gpg_data.sigs = sig_fps - piece.gpg_data.plainobj = parse_pgp_mime(plaintext, gpgme_ctx) - elif piece.piece_type == "detachedsig": for prev in prev_parts: payload_bytes = prev.payload_bytes @@ -682,8 +672,7 @@ def prepare_for_reply_pieces (eddymsg_obj, replyinfo_obj): elif piece.piece_type == "pubkey": prepare_for_reply_pubkey(piece, replyinfo_obj) - elif (piece.piece_type == "clearsign") \ - or (piece.piece_type == "detachedsig") \ + elif (piece.piece_type == "detachedsig") \ or (piece.piece_type == "signature"): prepare_for_reply_sig(piece, replyinfo_obj) @@ -770,8 +759,7 @@ def prepare_for_reply_sig (piece, replyinfo_obj): replyinfo_obj: a ReplyInfo object Pre: - piece.piece_type should be set to "clearsign", "signature", or - "detachedsig". + piece.piece_type should be set to "signature", or "detachedsig". Post: replyinfo_obj has its fields updated. @@ -827,8 +815,7 @@ def flatten_decrypted_payloads (eddymsg_obj, replyinfo_obj, get_signed_part): for piece in eddymsg_obj.payload_pieces: if (get_signed_part): - if ((piece.piece_type == "clearsign") \ - or (piece.piece_type == "detachedsig") \ + if ((piece.piece_type == "detachedsig") \ or (piece.piece_type == "signature")) \ and (piece.gpg_data != None): flatten_decrypted_payloads(piece.gpg_data.plainobj, replyinfo_obj, False) @@ -1005,39 +992,6 @@ def verify_sig_message (msg_block, gpgme_ctx): return (plaintext, fingerprints) -def verify_clear_signature (sig_block, gpgme_ctx): - """Verifies the signature of a clear signature. - - It first encodes the string into utf-8, but this will need to be fixed in - order to support other character encodings. - - Args: - sig_block: a string of clear-signed text. - gpgme_ctx: the gpgme context - - Returns: - A tuple of the plaintext of the signed part and the list of - fingerprints of keys signing the data. If verification failed, then - empty results are returned. - """ - - # FIXME: this might require the un-decoded bytes - # or the correct re-encoding with the carset of the mime part. - msg_fp = io.BytesIO(sig_block.encode('utf-8')) - ptxt_fp = io.BytesIO() - - result = gpgme_ctx.verify(msg_fp, None, ptxt_fp) - - # FIXME: this might require using the charset of the mime part. - plaintext = ptxt_fp.getvalue().decode('utf-8') - - sig_fingerprints = [] - for res_ in result: - sig_fingerprints += [res_.fpr] - - return plaintext, sig_fingerprints - - def verify_detached_signature (detached_sig, plaintext_bytes, gpgme_ctx): """Verifies the signature of a detached signature. diff --git a/tests/gpg-flatten-3.out b/tests/gpg-flatten-3.out index f5eb59f..ec68436 100644 --- a/tests/gpg-flatten-3.out +++ b/tests/gpg-flatten-3.out @@ -1,6 +1,8 @@ -Your signature was verified. +Your signature could not be verified. + +I'm sorry, I was not able to find your public key. Did you remember to attach it? - Edward, the friendly GnuPG bot The Free Software Foundation created me. diff --git a/tests/gpg-flatten-4.out b/tests/gpg-flatten-4.out index 3eb79b8..ec68436 100644 --- a/tests/gpg-flatten-4.out +++ b/tests/gpg-flatten-4.out @@ -1,13 +1,8 @@ -Hello, I am Edward, the friendly GnuPG bot. I received your message and decrypted it. Here's a copy of your message: -> hello again!!!! -> -> i think i'll try this encryption thing and paste this in. -> -> let's see how it works! -> -Your signature was verified. +Your signature could not be verified. + +I'm sorry, I was not able to find your public key. Did you remember to attach it? - Edward, the friendly GnuPG bot The Free Software Foundation created me. -- 2.25.1