[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
semi: Missing mandatory MIME parameter in multipart/signed entities
Hi SEMI developers,
Forwarding a bug report from Debian:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584113
On June 1, 2010 at 1:36PM +0200,
dmaus (at ictsoc.de) wrote:
> Package: semi
> Version: 1.14.6+0.20100207-1
> Severity: normal
>
> A multipart/signed MIME entity requires the MIME parameter "micalg" to
> be set to the digest algorithm used to create the digital signature
> (cf. RFC 1847, 2.1 (3)).
>
> When creating a signed internet message using GnuPG, SEMI does no
> insert this parameter in the multipart/signed entity for recent
> version of GnuPG.
>
> The problem is, that the library responsible for detecting digest
> algorithm uses the list of defined (digest) algorithms according to RFC
> 2440. This RFC was obsoleted by RFC 4880 which extends the list of
> digest, encryption and compression algorithms. Thus, algorithms
> defined in 4880 are not recognized by current SEMI.
>
> Attached patch for pgg-parse.el extends the lists of signature types,
> digest, encryption and compression algorithms to match RFC 4880 and
> adds RFC 4880 as reference in the comment section of pgg-parse.el.
>
> Please note: I've sent this patch upstream on April 13th without
> getting a response, neither was the patch applied in the cvs
> repository.
> Content-Disposition: attachment; filename="semi-pgg-parse-4880.diff"
> diff --git a/semi/pgg-parse.el b/semi/pgg-parse.el
> index 10b2419..f4fa7e8 100644
> --- a/semi/pgg-parse.el
> +++ b/semi/pgg-parse.el
> @@ -27,6 +27,13 @@
>
> ;; This module is based on
>
> +;; [OpenPGP] RFC 4880: "OpenPGP Message Format"
> +;; by Derek Atkins <derek@ihtfp.com>,
> +;; Jon Callas <jon@callas.org>, Lutz Donnerhacke <lutz@iks-jena.de>,
> +;; Hal Finney <hal@finney.org>, David Shaw <dshaw@jabberwocky.com>
> +;; and Rodney Thayer <rodney@canola-jones.com>
> +;; (2007/11)
> +;;
> ;; [OpenPGP] RFC 2440: "OpenPGP Message Format"
> ;; by John W. Noerenberg, II <jwn2@qualcomm.com>,
> ;; Jon Callas <jon@pgp.com>, Lutz Donnerhacke <lutz@iks-jena.de>,
> @@ -54,13 +61,15 @@
> :type 'alist)
>
> (defcustom pgg-parse-symmetric-key-algorithm-alist
> - '((1 . IDEA) (2 . 3DES) (4 . CAST5) (5 . SAFER-SK128))
> + '((1 . IDEA) (2 . 3DES) (3 . CAST5) (4 . BLOWFISH) (5 . SAFER-SK128)
> + (7 . AES) (8 . AES192) (9. AES256) (10 . TWOFISH))
> "Alist of the assigned number to the simmetric key algorithm."
> :group 'pgg-parse
> :type 'alist)
>
> (defcustom pgg-parse-hash-algorithm-alist
> - '((1 . MD5) (2 . SHA1) (3 . RIPEMD160) (5 . MD2))
> + '((1 . MD5) (2 . SHA1) (3 . RIPEMD160) (5 . MD2)
> + (8 . SHA256) (9 . SHA384) (10 . SHA512) (11 . SHA224))
> "Alist of the assigned number to the cryptographic hash algorithm."
> :group 'pgg-parse
> :type 'alist)
> @@ -68,7 +77,8 @@
> (defcustom pgg-parse-compression-algorithm-alist
> '((0 . nil); Uncompressed
> (1 . ZIP)
> - (2 . ZLIB))
> + (2 . ZLIB)
> + (3 . BZip2))
> "Alist of the assigned number to the compression algorithm."
> :group 'pgg-parse
> :type 'alist)
> @@ -82,11 +92,13 @@
> (18 . "Casual certification of a User ID and Public Key packet")
> (19 . "Positive certification of a User ID and Public Key packet")
> (24 . "Subkey Binding Signature")
> + (25 . "Primary Key Binding Signature")
> (31 . "Signature directly on a key")
> (32 . "Key revocation signature")
> (40 . "Subkey revocation signature")
> (48 . "Certification revocation signature")
> - (64 . "Timestamp signature."))
> + (64 . "Timestamp signature")
> + (80 . "Third-Party Confirmation signature"))
> "Alist of the assigned number to the signature type."
> :group 'pgg-parse
> :type 'alist)
Thanks,
--
Tatsuya Kinoshita