Skip Menu |

This queue is for tickets about the Mail-GnuPG CPAN distribution.

Report information
The Basics
Id: 97338
Status: new
Priority: 0/
Queue: Mail-GnuPG
People
Owner: Nobody in particular
Requestors: robert.schubert [...] mathint.com
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)

History Show all quoted text
  Fri Jul 18 10:29:12 2014 robert.schubert [...] mathint.com - Ticket created
Subject: decrypt from entities nested in security multipart
Date: Fri, 18 Jul 2014 16:28:44 +0200
To: bug-Mail-GnuPG [...] rt.cpan.org
From: Robert Sachunsky <robert.schubert [...] mathint.com>
Dear maintainer, I often get messages with nested multipart/encrypted inside a multipart/signed entity. With respect to MIME, RFC 1847 details no preferred ordering between the two. But as for OpenPGP, RFC 4880 demands first signing, then encrypting the signed message. So yes, this is non-conforming. But some MUAs apparently still prefer to do so. Now since is_encrypted() does not look at MIME structure, it positively attests these messages. But decrypt() so far only knows about either multipart/encrypted, or non-multipart (with bodyhandle), thus failing to decrypt them. Please find attached below a patch that covers this case. What do you think? Regards, Robert

Message body is not shown because sender requested not to inline it.

  Fri Dec 18 12:17:03 2015 robert.schubert [...] mathint.com - Correspondence added
Subject: Re: [rt.cpan.org #97338] decrypt from entities nested in security multipart
Date: Fri, 18 Dec 2015 18:21:04 +0100
To: bug-Mail-GnuPG [...] rt.cpan.org
From: Robert Sachunsky <robert.schubert [...] mathint.com>
Am 18.07.2014 um 16:28 schrieb Robert Sachunsky: Show quoted text
> I often get messages with nested multipart/encrypted inside a > multipart/signed entity. With respect to MIME, RFC 1847 details no > preferred ordering between the two. But as for OpenPGP, RFC 4880 demands > first signing, then encrypting the signed message. So yes, this is > non-conforming. But some MUAs apparently still prefer to do so. > > Now since is_encrypted() does not look at MIME structure, it positively > attests these messages. But decrypt() so far only knows about either > multipart/encrypted, or non-multipart (with bodyhandle), thus failing to > decrypt them. > > Please find attached below a patch that covers this case. What do you think?
Hi there, can someone please comment on this (aged) proposal? I still find this patch both necessary and effective. It also seems to fit the most recent git revision 5a8f91743707db3dd090f34b463c7a4686dfd37f. Anyhow, here is a slightly improved version which also handles errors from the MIME parser more nicely. Regards, Robert

Message body is not shown because sender requested not to inline it.