Subject: | GnuPG.pm: Encrypting an already signed email (feature request) |
Date: | Sun, 20 Mar 2016 15:20:32 +0100 |
To: | no-operation [...] t-online.de, bug-Mail-GnuPG [...] rt.cpan.org |
From: | Darius Zarrabi <no-operation [...] t-online.de> |
Ladies and Gents,
I use a script (a modified version of "gpgit.pl" from https://gitlab.com/mikecardwell/gpgit), which serves as a Postfix-filter and which automatically gpg-encrypts all outgoing(!) mails for which a public key is known.
The gpgit.pl-script in turn uses Mail::GnuPG by calling mime_encrypt($mime,@recipients). When a mail arrives at the server, _mime_encrypt first separates headers from the body and then calls MIME::Entity->build to assemble the part-headers to add it to the entity (the body) to be encrypted.
Everything is working fine beside one minor issue. If a signed email comes in, it contains a header looking like this:
Content-Type: multipart/signed;
boundary="----------=_1458481552-7056-0";
protocol="application/pgp-signature";
micalg=pgp-sha512
While passing _mime_encrypt, the original header is removed and replaced by
Content-Type: multipart/signed; boundary="----------=_5647921540-1266-0";
which is then added to the entity to be encrypted.
Unfortunately, Thunderbird / Enigmail insists on the additional entries
protocol="application/pgp-signature";
micalg=pgp-sha512
Without them, it refuses to check the signature.
May I therefore suggest, please, that, beginning with line 859 (my version of Mail::GnuPG is 0.21), the code should be altered from
my $workingentity = $entity;
$entity->make_multipart;
if ($entity->parts > 1) {
$workingentity = MIME::Entity->build(Type => $entity->head->mime_attr("Content-Type"));
$workingentity->add_part($_) for ($entity->parts);
$entity->parts([]);
$entity->add_part($workingentity);
}
to
my $workingentity = $entity;
$entity->make_multipart;
if ($entity->parts > 1) {
$workingentity = MIME::Entity->build(Type => $entity->head->mime_attr("Content-Type"));
+ if ($entity->head->mime_attr("Content-Type") eq "multipart/signed"){
+ $workingentity->head->mime_attr("Content-Type.micalg",$entity->head->mime_attr("Content-Type.micalg"));
+ $workingentity->head->mime_attr("Content-Type.protocol",$entity->head->mime_attr("Content-Type.protocol"));
+ }
$workingentity->add_part($_) for ($entity->parts);
$entity->parts([]);
$entity->add_part($workingentity);
}
Does this make sense? Or do I oversee something that could get broken by this change?
For me, the modified code works and performs as expected in the sense that the later decrypted mail contains a signature that can be checked with Enigmail.
Best regards,
Dr. Darius Zarrabi
Wiesbaden, Germany