Am 23.04.18 um 08:50 schrieb Stefan Claas:
Am 23.04.18 um 08:36 schrieb Werner Koch:
On Sun, 22 Apr 2018 20:26, stefan.cl...@posteo.de said:
i was wondering when receiving an S/MIME
message created with Thunderbird, how do
i properly verify the message with gpgsm?
You need to de-compose the S/MIME message to get the CMS objects.
Despit ethe name, gpgsm does not known about S/MIME (or MIME at all) and
thus can't parse it. That is actually the same as with PGP/MIME which
can't be handled directly by gpg [1].
In gnupg/tools/ you can find a basic MIME parser but it is not well
documented and only used for manual testing.
Thank you very much for the information!
I will check out the MIME parser.
Just for the record...
I was not able to successfully compile the parser and did
therefore the following:
I saved in Thunderbird my original message from this thread.
Edited out the additional headers the list server has added,
so that the saved message looks like this:
[snip]
Sender: "Gnupg-users"
Content-Type: multipart/signed; protocol="application/pkcs7-signature";
micalg=sha-256; boundary="ms070707040603000709040508"
This is a cryptographically signed message in MIME format.
--ms070707040603000709040508
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: quoted-printable
Content-Language: de-DE
Hi all,
i was wondering when receiving an S/MIME
message created with Thunderbird, how do
i properly verify the message with gpgsm?
As an example i sign now this message
and would appreciate any tips!
P.S. when i do a verify on a Thunderbird
S/MIME message i always get:
gpgsm: enabled debug flags: ipc
gpgsm: ksba_cms_parse failed: Dateiende
secmem usage: 0/16384 bytes in 0 blocks
Best regards
Stefan
--ms070707040603000709040508
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature
MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCC
[snip]
pfXbwE0DHTM+Fp8xjnGXHBD+8Jfp/R5pAVZehZXh6UYzFMjdS6LzWWM+c2/M9Cum2GS49Q8d
g82Q6zqwFZp4LvVf
--ms070707040603000709040508--
and for de-composing the message i used openssl, so that i had the
content ready to be verified by gpgsm. IMHO not the smartest way,
i assume, but for me as a Mac dummie it works.
openssl cms -verify -in original.eml > message.txt && \
openssl cms -cmsout -in original.eml | \
sed "1,4d" | base64 -d > file.sig && \
gpgsm --verify file.sig message.txt
Regards
Stefan
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users