GpgME::Data (through gpgme_data_identify()) cannot distinguish whether
CMS signature is detached or opaque. This makes handling of CMS signatures
in Kleopatra very complicated. To get more exact results we do here what
gpgsm --verify does internally: we feed the signature to a real CMS parser
from the KSBA library and let it detect if it is a detached signature or
not. This adds KSBA dependency to libkleo, but that shouldn't be that
much of an issue since it's part of the GnuPG toolchain anyway. Also
invoking the CMS parser certainly represents certain level of overhead,
but I haven't noticed any major performance issues in Kleopatra.
Details
- Reviewers
aheinecke JochenSaalfeld - Maniphest Tasks
- T7310: S/MIME - Encrypt and Sign Option broken Files
- Commits
- R168:2edf2b81949f: Fix detached S/MIME signature verification
Kleopatra can now correctly handle detached CMS signatures.
Diff Detail
- Repository
- R168 Kleopatra
- Lint
Automatic diff as part of commit; lint not applicable. - Unit
Automatic diff as part of commit; unit tests not applicable.
Now detached signatures, created with S/MIME can be sucesfully verified.
Unfortunately, when a detached signature and an encrypted file are created, there is only a statement that the encryption was successfull, no statement about the signature.
This does not happen, when there is just a detached signature for an unencrypted file.
Well, if you select a detached signature file, then we only verify the signature. You need to select the encrypted file so that it can be decrypted :-) The Decrypt/Verify file selection dialog lets you to select multiple files though, so if you select both signature and encrypted file, it performs both actions.
Discussed with @dvratil that an additional dependency is not the optimal way to solve this issue. Will be halted back until further investigation.
@dvratil Any new progress here? It's urgent. We have to release an updated Kleopatra/Gpg4win version as soon as possible...
src/utils/output.cpp | ||
---|---|---|
686 | m_ioDevice is an std::shared_ptr, so not a mem leak :-) |
src/utils/input_p.h | ||
---|---|---|
6 | Do you really mean 2007? |