[BUG] Decryption fails if message was signed with an unknown key

2013-09-24 Thread Daniel Kahn Gillmor 
On 09/23/2013 07:23 PM, Simon Hirscher wrote:
> Now, in order for you to test that behavior I'm going to send you a
> signed and encrypted message because that should exactly reproduce the
> bug, as long as you don't import my key (id EBACABE5 /
> http://simonhirscher.de/public_key.asc) for signature verification.

message received and tested on debian jessie using notmuch 0.16-1, and i
did not see this misbehavior.

Simon, for future reference, you can also test this sort of thing
yourself by making multiple (phony) gpg homedirectories and notmuch
config files, and setting GNUPGHOME and NOTMUCH_CONFIG environment
variables appropriately.  I find this a pretty handy diagnostic approach.

--dkg

-- next part --
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1027 bytes
Desc: OpenPGP digital signature
URL:

[BUG] Decryption fails if message was signed with an unknown key

2013-09-24 Thread Simon Hirscher 
Hi Daniel,

First of all, sorry for the delay ? I had locked myself out from
everything digital to study for my exams.

On Thu, Sep 5, 2013 at 5:03 PM, Daniel Kahn Gillmor
 wrote:
> I just tried to replicate this, and i do not see this misbehavior.  I'm
> using notmuch 0.16-1 on a debian testing/unstable system.

I'm using notmuch 0.15.2 on Ubuntu 12.04. Maybe the bug got fixed
somehow in the meantime? If you really can't reproduce the bug (see
below) I will build the newest version from source (as well as send
you the output of notmuch show --format=raw id:xyz at example.com |
devel/printmimestructure).

>  A) how does it know that there was a signature if the message was
> encrypted?  normal PGP/MIME messages contain a single OpenPGP chunk that
> contains signatures wrapped inside the encryption, so that an observer
> can't tell whether there is a signature or not (or who made the signature)

That's a good question. I suppose that although GnuPG successfully
decrypts the message, notmuch somehow discards the decrypted content
because the signature verification failed. As I said: GnuPG is
perfectly able to decrypt the message if I do it manually.

>  B) the date of the message is the unix epoch date (1970-01-01), and the
> date of the signature appears to be the unix epoch date as well.  this
> seems suspicious and likely to be false.  how are these messages being
> generated?

I'm sorry, that was just me being ultra paranoid. :)

>  C) you appear to be using gnupg 2.0.17.  the latest version of the
> 2.0.x line of gpg is 2.0.21.  maybe you can upgrade your gpg
> installation and try again?

>  D) you have the mingw32 version of gpg.  Does this mean you're running
> notmuch on windows?

No, as far as I can see this was the sender's GPG version. I'm using
GnuPG 1.4.11 on Ubuntu.

>  E) i'd be curious to see what printmimestructure looks like on the
> message in question.  if you've got a decent shell and the notmuch
> source code, you should be able to do:
>
> [?]
>
> if you can clarify any of the above, i'd appreciate it.
>
> Also, if you can, you're welcome to send a signed/encrypted message
> using the same framework that generated the problematic message directly
> to me (my OpenPGP fingerprint is
> 0EE5BE979282D80B9F7540F1CCD2ED94D21739E9), and i'd be happy to take a
> look at it.

Well, so far the problematic messages have always come from my
contacts, i.e. I didn't generate them myself. But I just tried out the
following in order to reproduce the bug: I created a fresh dummy key
pair, sent a signed and encrypted email (via Emacs'
mml-secure-message-sign-encrypt) in the dummy's name to my regular
email address and checked whether I could open that email. Of course I
could ? because I had both, the recipient's private key (for
decryption) and the sender's public key (for signature verification).
Then I removed the dummy key pair from my key ring ? and voil?:
notmuch failed at decrypting the message (or at least told me there
was a decryption error, as described in my previous mail).

Now, in order for you to test that behavior I'm going to send you a
signed and encrypted message because that should exactly reproduce the
bug, as long as you don't import my key (id EBACABE5 /
http://simonhirscher.de/public_key.asc) for signature verification.

Best,

Simon

Re: [BUG] Decryption fails if message was signed with an unknown key

2013-09-24 Thread Simon Hirscher 
Hi Daniel,

First of all, sorry for the delay – I had locked myself out from
everything digital to study for my exams.

On Thu, Sep 5, 2013 at 5:03 PM, Daniel Kahn Gillmor
d...@fifthhorseman.net wrote:
 I just tried to replicate this, and i do not see this misbehavior.  I'm
 using notmuch 0.16-1 on a debian testing/unstable system.

I'm using notmuch 0.15.2 on Ubuntu 12.04. Maybe the bug got fixed
somehow in the meantime? If you really can't reproduce the bug (see
below) I will build the newest version from source (as well as send
you the output of notmuch show --format=raw id:x...@example.com |
devel/printmimestructure).

  A) how does it know that there was a signature if the message was
 encrypted?  normal PGP/MIME messages contain a single OpenPGP chunk that
 contains signatures wrapped inside the encryption, so that an observer
 can't tell whether there is a signature or not (or who made the signature)

That's a good question. I suppose that although GnuPG successfully
decrypts the message, notmuch somehow discards the decrypted content
because the signature verification failed. As I said: GnuPG is
perfectly able to decrypt the message if I do it manually.

  B) the date of the message is the unix epoch date (1970-01-01), and the
 date of the signature appears to be the unix epoch date as well.  this
 seems suspicious and likely to be false.  how are these messages being
 generated?

I'm sorry, that was just me being ultra paranoid. :)

  C) you appear to be using gnupg 2.0.17.  the latest version of the
 2.0.x line of gpg is 2.0.21.  maybe you can upgrade your gpg
 installation and try again?

  D) you have the mingw32 version of gpg.  Does this mean you're running
 notmuch on windows?

No, as far as I can see this was the sender's GPG version. I'm using
GnuPG 1.4.11 on Ubuntu.

  E) i'd be curious to see what printmimestructure looks like on the
 message in question.  if you've got a decent shell and the notmuch
 source code, you should be able to do:

 […]

 if you can clarify any of the above, i'd appreciate it.

 Also, if you can, you're welcome to send a signed/encrypted message
 using the same framework that generated the problematic message directly
 to me (my OpenPGP fingerprint is
 0EE5BE979282D80B9F7540F1CCD2ED94D21739E9), and i'd be happy to take a
 look at it.

Well, so far the problematic messages have always come from my
contacts, i.e. I didn't generate them myself. But I just tried out the
following in order to reproduce the bug: I created a fresh dummy key
pair, sent a signed and encrypted email (via Emacs'
mml-secure-message-sign-encrypt) in the dummy's name to my regular
email address and checked whether I could open that email. Of course I
could – because I had both, the recipient's private key (for
decryption) and the sender's public key (for signature verification).
Then I removed the dummy key pair from my key ring – and voilà:
notmuch failed at decrypting the message (or at least told me there
was a decryption error, as described in my previous mail).

Now, in order for you to test that behavior I'm going to send you a
signed and encrypted message because that should exactly reproduce the
bug, as long as you don't import my key (id EBACABE5 /
http://simonhirscher.de/public_key.asc) for signature verification.

Best,

Simon
___
notmuch mailing list
notmuch@notmuchmail.org
http://notmuchmail.org/mailman/listinfo/notmuch

Re: [BUG] Decryption fails if message was signed with an unknown key

2013-09-24 Thread Daniel Kahn Gillmor 
On 09/23/2013 07:23 PM, Simon Hirscher wrote:
 Now, in order for you to test that behavior I'm going to send you a
 signed and encrypted message because that should exactly reproduce the
 bug, as long as you don't import my key (id EBACABE5 /
 http://simonhirscher.de/public_key.asc) for signature verification.

message received and tested on debian jessie using notmuch 0.16-1, and i
did not see this misbehavior.

Simon, for future reference, you can also test this sort of thing
yourself by making multiple (phony) gpg homedirectories and notmuch
config files, and setting GNUPGHOME and NOTMUCH_CONFIG environment
variables appropriately.  I find this a pretty handy diagnostic approach.

--dkg



signature.asc
Description: OpenPGP digital signature
___
notmuch mailing list
notmuch@notmuchmail.org
http://notmuchmail.org/mailman/listinfo/notmuch

[BUG] Decryption fails if message was signed with an unknown key

2013-09-10 Thread David Bremner 
Simon Hirscher  writes:
>
> $ gpg --recv-keys 
>
> $ notmuch show --decrypt id:xyz at example.com
>
> [?]
> Hey there,
> Now the decryption worked!
> [?]
>

Is this related to Jamie's report?

   id:87obwrix8s.fsf at servo.finestructure.net

Jamie, did you ever narrow down the gmime problem? is it fixed in
current gmime?

d

Re: [BUG] Decryption fails if message was signed with an unknown key

2013-09-10 Thread David Bremner 
Simon Hirscher pub...@simonhirscher.de writes:

 $ gpg --recv-keys sender's key

 $ notmuch show --decrypt id:x...@example.com

 […]
 Hey there,
 Now the decryption worked!
 […]


Is this related to Jamie's report?

   id:87obwrix8s@servo.finestructure.net

Jamie, did you ever narrow down the gmime problem? is it fixed in
current gmime?

d
___
notmuch mailing list
notmuch@notmuchmail.org
http://notmuchmail.org/mailman/listinfo/notmuch

[BUG] Decryption fails if message was signed with an unknown key

2013-09-05 Thread Daniel Kahn Gillmor 
Hi Simon--

On 09/04/2013 06:01 PM, Simon Hirscher wrote:
> This is now the second time the following has happened to me:

 [ decryption failure until adding sender's key]

> Also, I should add that manually decrypting the message with gpg (i.e.
> without using notmuch) already worked *before* I added the sender's
> key (not shown above). Still, notmuch obviously doesn't like it when
> the sender is unknown.

I just tried to replicate this, and i do not see this misbehavior.  I'm
using notmuch 0.16-1 on a debian testing/unstable system.

using --format=json and piping the output through json_pp, i do see the
following part of the response indicating that i don't have the signer's
key:

 "sigstatus" : [
 {
"errors" : 2,
"keyid" : "CB07362E3294B49E",
"status" : "error"
 }
  ],


but the message body is correctly decrypted and passed through.

I'm confused by a few things in your example above:

 A) how does it know that there was a signature if the message was
encrypted?  normal PGP/MIME messages contain a single OpenPGP chunk that
contains signatures wrapped inside the encryption, so that an observer
can't tell whether there is a signature or not (or who made the signature)

 B) the date of the message is the unix epoch date (1970-01-01), and the
date of the signature appears to be the unix epoch date as well.  this
seems suspicious and likely to be false.  how are these messages being
generated?

 C) you appear to be using gnupg 2.0.17.  the latest version of the
2.0.x line of gpg is 2.0.21.  maybe you can upgrade your gpg
installation and try again?

 D) you have the mingw32 version of gpg.  Does this mean you're running
notmuch on windows?

 E) i'd be curious to see what printmimestructure looks like on the
message in question.  if you've got a decent shell and the notmuch
source code, you should be able to do:

 notmuch show --format=raw id:xyz at example.com | devel/printmimestructure

I'd expect to see output like this:

???multipart/encrypted 3309 bytes
 ???application/pgp-encrypted 11 bytes
 ???application/octet-stream 1351 bytes


if you can clarify any of the above, i'd appreciate it.

Also, if you can, you're welcome to send a signed/encrypted message
using the same framework that generated the problematic message directly
to me (my OpenPGP fingerprint is
0EE5BE979282D80B9F7540F1CCD2ED94D21739E9), and i'd be happy to take a
look at it.

--dkg

-- next part --
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1027 bytes
Desc: OpenPGP digital signature
URL:

[BUG] Decryption fails if message was signed with an unknown key

2013-09-05 Thread Simon Hirscher 
Dear notmuch developers,

This is now the second time the following has happened to me:

#
$ notmuch show --decrypt id:xyz at example.com

message{ id:xyz at example.com depth:0 match:1 excluded:0 
filename:/home/simon/***

header{
John Doe  (Today 21:52) (encrypted inbox new)
Subject: foobar
From: John Doe 
To: ***
Date: Thu, 01 Jan 1970 00:00:00 +

header}

body{
Failed to decrypt part: gpg: ASCII-H?lle: Version: GnuPG v2.0.17 (MingW32)
gpg: 
gpg: AES256 encrypted data
gpg: Original file name=''
gpg: Signature from Thu 01 Jan 1970 00:00:00 UTC by DSA key ID 
gpg: Signature cannot be verified. Public key not found

part{ ID: 1, Content-type: multipart/encrypted

part{ ID: 2, Content-type: application/pgp-encrypted
Non-text part: application/pgp-encrypted

part}

part{ ID: 3, Filename: encrypted.asc, Content-type: application/octet-stream
Non-text part: application/octet-stream

part}

part}

body}

message}

$ gpg --recv-keys 

$ notmuch show --decrypt id:xyz at example.com

[?]
Hey there,
Now the decryption worked!
[?]



Also, I should add that manually decrypting the message with gpg (i.e.
without using notmuch) already worked *before* I added the sender's
key (not shown above). Still, notmuch obviously doesn't like it when
the sender is unknown.

I hope you're going to look into this. Thank you!

Re: [BUG] Decryption fails if message was signed with an unknown key

2013-09-05 Thread Daniel Kahn Gillmor 
Hi Simon--

On 09/04/2013 06:01 PM, Simon Hirscher wrote:
 This is now the second time the following has happened to me:

 [ decryption failure until adding sender's key]

 Also, I should add that manually decrypting the message with gpg (i.e.
 without using notmuch) already worked *before* I added the sender's
 key (not shown above). Still, notmuch obviously doesn't like it when
 the sender is unknown.

I just tried to replicate this, and i do not see this misbehavior.  I'm
using notmuch 0.16-1 on a debian testing/unstable system.

using --format=json and piping the output through json_pp, i do see the
following part of the response indicating that i don't have the signer's
key:

 sigstatus : [
 {
errors : 2,
keyid : CB07362E3294B49E,
status : error
 }
  ],


but the message body is correctly decrypted and passed through.

I'm confused by a few things in your example above:

 A) how does it know that there was a signature if the message was
encrypted?  normal PGP/MIME messages contain a single OpenPGP chunk that
contains signatures wrapped inside the encryption, so that an observer
can't tell whether there is a signature or not (or who made the signature)

 B) the date of the message is the unix epoch date (1970-01-01), and the
date of the signature appears to be the unix epoch date as well.  this
seems suspicious and likely to be false.  how are these messages being
generated?

 C) you appear to be using gnupg 2.0.17.  the latest version of the
2.0.x line of gpg is 2.0.21.  maybe you can upgrade your gpg
installation and try again?

 D) you have the mingw32 version of gpg.  Does this mean you're running
notmuch on windows?

 E) i'd be curious to see what printmimestructure looks like on the
message in question.  if you've got a decent shell and the notmuch
source code, you should be able to do:

 notmuch show --format=raw id:x...@example.com | devel/printmimestructure

I'd expect to see output like this:

└┬╴multipart/encrypted 3309 bytes
 ├─╴application/pgp-encrypted 11 bytes
 └─╴application/octet-stream 1351 bytes


if you can clarify any of the above, i'd appreciate it.

Also, if you can, you're welcome to send a signed/encrypted message
using the same framework that generated the problematic message directly
to me (my OpenPGP fingerprint is
0EE5BE979282D80B9F7540F1CCD2ED94D21739E9), and i'd be happy to take a
look at it.

--dkg



signature.asc
Description: OpenPGP digital signature
___
notmuch mailing list
notmuch@notmuchmail.org
http://notmuchmail.org/mailman/listinfo/notmuch

[BUG] Decryption fails if message was signed with an unknown key

2013-09-04 Thread Simon Hirscher 
Dear notmuch developers,

This is now the second time the following has happened to me:

#
$ notmuch show --decrypt id:x...@example.com

message{ id:x...@example.com depth:0 match:1 excluded:0 filename:/home/simon/***

header{
John Doe sen...@example.com (Today 21:52) (encrypted inbox new)
Subject: foobar
From: John Doe sen...@example.com
To: ***
Date: Thu, 01 Jan 1970 00:00:00 +

header}

body{
Failed to decrypt part: gpg: ASCII-Hülle: Version: GnuPG v2.0.17 (MingW32)
gpg: list of keys the message was encrypted with
gpg: AES256 encrypted data
gpg: Original file name=''
gpg: Signature from Thu 01 Jan 1970 00:00:00 UTC by DSA key ID sender's key
gpg: Signature cannot be verified. Public key not found

part{ ID: 1, Content-type: multipart/encrypted

part{ ID: 2, Content-type: application/pgp-encrypted
Non-text part: application/pgp-encrypted

part}

part{ ID: 3, Filename: encrypted.asc, Content-type: application/octet-stream
Non-text part: application/octet-stream

part}

part}

body}

message}

$ gpg --recv-keys sender's key

$ notmuch show --decrypt id:x...@example.com

[…]
Hey there,
Now the decryption worked!
[…]



Also, I should add that manually decrypting the message with gpg (i.e.
without using notmuch) already worked *before* I added the sender's
key (not shown above). Still, notmuch obviously doesn't like it when
the sender is unknown.

I hope you're going to look into this. Thank you!
___
notmuch mailing list
notmuch@notmuchmail.org
http://notmuchmail.org/mailman/listinfo/notmuch

Decryption fails

2011-06-02 Thread Felix Geller 
On Thu, 02 Jun 2011 08:35:49 -0700, Jameson Graef Rollins  wrote:
Non-text part: multipart/signed

> Hey, Felix.  Yeah, I unfortunately don't have any other suggestions
> other than asking the gmime folks.

Jeff replied and sent me a working patch :) Not sure yet how he prefers
to publish the patch, but the problem is fixed.

> Interestingly, I see the following message in your crypto test output:
> 
>   Error: search term did not match precisely one message.
> 
> which seems to indicate that the desired message wasn't actually
> delivered properly, contrary to what the emacs delivery tests are
> stating.  Not sure how that could be related, though, since it looks
> like the trace that you show above definitely looks like gmime caught in
> a poll loop.

Just ran the tests with a "fixed" poll function and it seems that many
problems remain. Don't have the time at the moment to take a closer
look, but I attached the output.

Anyway, I'm a glad decrypting user now ;)


Cheers,
Felix

> jamie.
Non-text part: application/pgp-signature
-- next part --
An embedded and charset-unspecified text was scrubbed...
Name: crypto.txt
URL: 

-- next part --
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 202 bytes
Desc: not available
URL:

Decryption fails

2011-06-02 Thread Jameson Graef Rollins 
On Thu, 02 Jun 2011 18:49:22 +0200, Felix Geller  wrote:
> Jeff replied and sent me a working patch :) Not sure yet how he prefers
> to publish the patch, but the problem is fixed.

That's great!  What did Jeff say exactly?  Is the patch to gmime 2.4?
Did he mention that he was including them in upstream, hopefully in the
next release?

> > Interestingly, I see the following message in your crypto test output:
> > 
> >   Error: search term did not match precisely one message.
> > 
> > which seems to indicate that the desired message wasn't actually
> > delivered properly, contrary to what the emacs delivery tests are
> > stating.  Not sure how that could be related, though, since it looks
> > like the trace that you show above definitely looks like gmime caught in
> > a poll loop.
> 
> Just ran the tests with a "fixed" poll function and it seems that many
> problems remain. Don't have the time at the moment to take a closer
> look, but I attached the output.

Those test failures look very strange to me.  There are a bunch of 'n's
being output after the commas in the json output.  Felix, are you sure
you haven't modified your source at all?

jamie.
-- next part --
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL:

Decryption fails

2011-06-02 Thread Jameson Graef Rollins 
On Tue, 31 May 2011 19:33:29 +0200, Felix Geller  wrote:
> I get the following trace when using show --decrypt to decrypt a
> specific message (have to kill the process to actually get the trace):
> 
> #0  0x0001006121a6 in poll ()
> #1  0x00010006d3d2 in gpg_ctx_op_step ()
> #2  0x00010006e5c7 in gpg_decrypt ()
> #3  0x0001000566cf in g_mime_multipart_encrypted_decrypt ()
> #4  0x0001a413 in show_message_part (part=0x10606fc20,
> #state=0x7fff5fbfd1c0, format=0x10002ef80, params=0x7fff5fbfd2c0,
> #first=1) at show-message.c:71
> 
> So I guess it ends up looping or waiting in poll(), but I can't tell why
> it would do that. I guess the next step is to post to the gmime mailing
> list, or?

Hey, Felix.  Yeah, I unfortunately don't have any other suggestions
other than asking the gmime folks.

Interestingly, I see the following message in your crypto test output:

  Error: search term did not match precisely one message.

which seems to indicate that the desired message wasn't actually
delivered properly, contrary to what the emacs delivery tests are
stating.  Not sure how that could be related, though, since it looks
like the trace that you show above definitely looks like gmime caught in
a poll loop.

jamie.
-- next part --
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL:

Re: Decryption fails

2011-06-02 Thread Jameson Graef Rollins 
On Tue, 31 May 2011 19:33:29 +0200, Felix Geller fgel...@gmail.com wrote:
 I get the following trace when using show --decrypt to decrypt a
 specific message (have to kill the process to actually get the trace):
 
 #0  0x0001006121a6 in poll ()
 #1  0x00010006d3d2 in gpg_ctx_op_step ()
 #2  0x00010006e5c7 in gpg_decrypt ()
 #3  0x0001000566cf in g_mime_multipart_encrypted_decrypt ()
 #4  0x0001a413 in show_message_part (part=0x10606fc20,
 #state=0x7fff5fbfd1c0, format=0x10002ef80, params=0x7fff5fbfd2c0,
 #first=1) at show-message.c:71
 
 So I guess it ends up looping or waiting in poll(), but I can't tell why
 it would do that. I guess the next step is to post to the gmime mailing
 list, or?

Hey, Felix.  Yeah, I unfortunately don't have any other suggestions
other than asking the gmime folks.

Interestingly, I see the following message in your crypto test output:

  Error: search term did not match precisely one message.

which seems to indicate that the desired message wasn't actually
delivered properly, contrary to what the emacs delivery tests are
stating.  Not sure how that could be related, though, since it looks
like the trace that you show above definitely looks like gmime caught in
a poll loop.

jamie.


pgp4EpZBs1AvD.pgp
Description: PGP signature
___
notmuch mailing list
notmuch@notmuchmail.org
http://notmuchmail.org/mailman/listinfo/notmuch

Re: Decryption fails

2011-06-02 Thread Felix Geller 
On Thu, 02 Jun 2011 08:35:49 -0700, Jameson Graef Rollins 
jroll...@finestructure.net wrote:
Non-text part: multipart/signed

 Hey, Felix.  Yeah, I unfortunately don't have any other suggestions
 other than asking the gmime folks.

Jeff replied and sent me a working patch :) Not sure yet how he prefers
to publish the patch, but the problem is fixed.
 
 Interestingly, I see the following message in your crypto test output:
 
   Error: search term did not match precisely one message.
 
 which seems to indicate that the desired message wasn't actually
 delivered properly, contrary to what the emacs delivery tests are
 stating.  Not sure how that could be related, though, since it looks
 like the trace that you show above definitely looks like gmime caught in
 a poll loop.

Just ran the tests with a fixed poll function and it seems that many
problems remain. Don't have the time at the moment to take a closer
look, but I attached the output.

Anyway, I'm a glad decrypting user now ;)


Cheers,
Felix

 jamie.
Non-text part: application/pgp-signature
crypto: Testing PGP/MIME signature verification and decryption
 PASS   emacs delivery of signed message
 FAIL   signature verification
--- crypto.2.expected   2011-06-02 16:46:27.0 +
+++ crypto.2.output 2011-06-02 16:46:27.0 +
@@ -1,23 +1 @@
-[[[{id: X,
- match: true,
- filename: Y,
- timestamp: 946728000,
- date_relative: 2000-01-01,
- tags: [inbox,signed],
- headers: {Subject: test signed message 001,
- From: Notmuch Test Suite test_su...@notmuchmail.org,
- To: test_su...@notmuchmail.org,
- Cc: ,
- Bcc: ,
- Date: 01 Jan 2000 12:00:00 -},
- body: [{id: 1,
- sigstatus: [{status: good,
- fingerprint: 5AEAB11F5E33DCE875DDB75B6D92612D94E46381,
- created: 946728000}],
- content-type: multipart/signed,
- content: [{id: 2,
- content-type: text/plain,
- content: This is a test signed message.\n},
- {id: 3,
- content-type: application/pgp-signature}]}]},
- [
+[[[{id: X,n match: true,n filename: Y,n timestamp: 
946728000,n date_relative: 2000-01-01,n tags: [inbox,signed],n 
headers: {Subject: test signed message 001,n From: Notmuch Test Suite 
test_su...@notmuchmail.org,n To: test_su...@notmuchmail.org,n Cc: ,n 
Bcc: ,n Date: 01 Jan 2000 12:00:00 -},n body: [{id: 1,n 
sigstatus: [{status: good,n fingerprint: 
5AEAB11F5E33DCE875DDB75B6D92612D94E46381,n created: 946728000}],n 
content-type: multipart/signed,n content: [{id: 2,n content-type: 
text/plain,n content: This is a test signed message.\n},n {id: 3,n 
content-type: application/pgp-signature}]}]},n [
 FAIL   signature verification with full owner trust
--- crypto.3.expected   2011-06-02 16:46:27.0 +
+++ crypto.3.output 2011-06-02 16:46:27.0 +
@@ -1,24 +1 @@
-[[[{id: X,
- match: true,
- filename: Y,
- timestamp: 946728000,
- date_relative: 2000-01-01,
- tags: [inbox,signed],
- headers: {Subject: test signed message 001,
- From: Notmuch Test Suite test_su...@notmuchmail.org,
- To: test_su...@notmuchmail.org,
- Cc: ,
- Bcc: ,
- Date: 01 Jan 2000 12:00:00 -},
- body: [{id: 1,
- sigstatus: [{status: good,
- fingerprint: 5AEAB11F5E33DCE875DDB75B6D92612D94E46381,
- created: 946728000,
- userid:  Notmuch Test Suite test_su...@notmuchmail.org 
(INSECURE!)}],
- content-type: multipart/signed,
- content: [{id: 2,
- content-type: text/plain,
- content: This is a test signed message.\n},
- {id: 3,
- content-type: application/pgp-signature}]}]},
- [
+[[[{id: X,n match: true,n filename: Y,n timestamp: 
946728000,n date_relative: 2000-01-01,n tags: [inbox,signed],n 
headers: {Subject: test signed message 001,n From: Notmuch Test Suite 
test_su...@notmuchmail.org,n To: test_su...@notmuchmail.org,n Cc: ,n 
Bcc: ,n Date: 01 Jan 2000 12:00:00 -},n body: [{id: 1,n 
sigstatus: [{status: good,n fingerprint: 
5AEAB11F5E33DCE875DDB75B6D92612D94E46381,n created: 946728000,n userid:  
Notmuch Test Suite test_su...@notmuchmail.org (INSECURE!)}],n 
content-type: multipart/signed,n content: [{id: 2,n content-type: 
text/plain,n content: This is a test signed message.\n},n {id: 3,n 
content-type: application/pgp-signature}]}]},n [
 FAIL   signature verification with signer key unavailable
--- crypto.4.expected   2011-06-02 16:46:28.0 +
+++ crypto.4.output 2011-06-02 16:46:28.0 +
@@ -1,23 +1 @@
-[[[{id: X,
- match: true,
- filename: Y,
- timestamp: 946728000,
- date_relative: 2000-01-01,
- tags:

Re: Decryption fails

2011-06-02 Thread Jameson Graef Rollins 
On Thu, 02 Jun 2011 18:49:22 +0200, Felix Geller fgel...@gmail.com wrote:
 Jeff replied and sent me a working patch :) Not sure yet how he prefers
 to publish the patch, but the problem is fixed.

That's great!  What did Jeff say exactly?  Is the patch to gmime 2.4?
Did he mention that he was including them in upstream, hopefully in the
next release?

  Interestingly, I see the following message in your crypto test output:
  
Error: search term did not match precisely one message.
  
  which seems to indicate that the desired message wasn't actually
  delivered properly, contrary to what the emacs delivery tests are
  stating.  Not sure how that could be related, though, since it looks
  like the trace that you show above definitely looks like gmime caught in
  a poll loop.
 
 Just ran the tests with a fixed poll function and it seems that many
 problems remain. Don't have the time at the moment to take a closer
 look, but I attached the output.

Those test failures look very strange to me.  There are a bunch of 'n's
being output after the commas in the json output.  Felix, are you sure
you haven't modified your source at all?

jamie.


pgp4mvsSQW5VC.pgp
Description: PGP signature
___
notmuch mailing list
notmuch@notmuchmail.org
http://notmuchmail.org/mailman/listinfo/notmuch

Decryption fails

2011-05-31 Thread Felix Geller 
On Tue, 31 May 2011 00:18:26 -0700, Jameson Graef Rollins  wrote:
> Hey, Felix.  As David said, all crypto tests should be passing with
> libgmime 2.4.24.  It would probably be instructive to know which crypto
> tests failed and why.  Maybe you could supply some output from the
> failed crypto tests.

Ok, so the following tests pass:

 PASS   emacs delivery of signed message
 PASS   emacs delivery of encrypted + signed message
 PASS   emacs delivery of encrypted message with attachment

I'm attaching the full output for the cypto tests.

I get the following trace when using show --decrypt to decrypt a
specific message (have to kill the process to actually get the trace):

#0  0x0001006121a6 in poll ()
#1  0x00010006d3d2 in gpg_ctx_op_step ()
#2  0x00010006e5c7 in gpg_decrypt ()
#3  0x0001000566cf in g_mime_multipart_encrypted_decrypt ()
#4  0x0001a413 in show_message_part (part=0x10606fc20,
#state=0x7fff5fbfd1c0, format=0x10002ef80, params=0x7fff5fbfd2c0,
#first=1) at show-message.c:71

So I guess it ends up looping or waiting in poll(), but I can't tell why
it would do that. I guess the next step is to post to the gmime mailing
list, or?


Cheers,
Felix


-- next part --
An embedded and charset-unspecified text was scrubbed...
Name: crypto_tests.txt
URL: 

-- next part --
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 202 bytes
Desc: not available
URL:

Decryption fails

2011-05-31 Thread Jameson Graef Rollins 
On Mon, 30 May 2011 21:30:03 +0200, Felix Geller  wrote:
> Most of the test cases in crypto fail as well, but I'm not sure which
> ones are actually supposed to work.

Hey, Felix.  As David said, all crypto tests should be passing with
libgmime 2.4.24.  It would probably be instructive to know which crypto
tests failed and why.  Maybe you could supply some output from the
failed crypto tests.

jamie.
-- next part --
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL:

Re: Decryption fails

2011-05-31 Thread Felix Geller 
On Tue, 31 May 2011 00:18:26 -0700, Jameson Graef Rollins 
jroll...@finestructure.net wrote:
 Hey, Felix.  As David said, all crypto tests should be passing with
 libgmime 2.4.24.  It would probably be instructive to know which crypto
 tests failed and why.  Maybe you could supply some output from the
 failed crypto tests.

Ok, so the following tests pass:

 PASS   emacs delivery of signed message
 PASS   emacs delivery of encrypted + signed message
 PASS   emacs delivery of encrypted message with attachment

I'm attaching the full output for the cypto tests.

I get the following trace when using show --decrypt to decrypt a
specific message (have to kill the process to actually get the trace):

#0  0x0001006121a6 in poll ()
#1  0x00010006d3d2 in gpg_ctx_op_step ()
#2  0x00010006e5c7 in gpg_decrypt ()
#3  0x0001000566cf in g_mime_multipart_encrypted_decrypt ()
#4  0x0001a413 in show_message_part (part=0x10606fc20,
#state=0x7fff5fbfd1c0, format=0x10002ef80, params=0x7fff5fbfd2c0,
#first=1) at show-message.c:71

So I guess it ends up looping or waiting in poll(), but I can't tell why
it would do that. I guess the next step is to post to the gmime mailing
list, or?


Cheers,
Felix


crypto: Testing PGP/MIME signature verification and decryption
 PASS   emacs delivery of signed message
 FAIL   signature verification
--- crypto.2.expected   2011-05-31 17:30:47.0 +
+++ crypto.2.output 2011-05-31 17:30:47.0 +
@@ -1,23 +1 @@
-[[[{id: X,
- match: true,
- filename: Y,
- timestamp: 946728000,
- date_relative: 2000-01-01,
- tags: [inbox,signed],
- headers: {Subject: test signed message 001,
- From: Notmuch Test Suite test_su...@notmuchmail.org,
- To: test_su...@notmuchmail.org,
- Cc: ,
- Bcc: ,
- Date: 01 Jan 2000 12:00:00 -},
- body: [{id: 1,
- sigstatus: [{status: good,
- fingerprint: 5AEAB11F5E33DCE875DDB75B6D92612D94E46381,
- created: 946728000}],
- content-type: multipart/signed,
- content: [{id: 2,
- content-type: text/plain,
- content: This is a test signed message.\n},
- {id: 3,
- content-type: application/pgp-signature}]}]},
- [
+[]
 FAIL   signature verification with full owner trust
--- crypto.3.expected   2011-05-31 17:30:47.0 +
+++ crypto.3.output 2011-05-31 17:30:47.0 +
@@ -1,24 +1 @@
-[[[{id: X,
- match: true,
- filename: Y,
- timestamp: 946728000,
- date_relative: 2000-01-01,
- tags: [inbox,signed],
- headers: {Subject: test signed message 001,
- From: Notmuch Test Suite test_su...@notmuchmail.org,
- To: test_su...@notmuchmail.org,
- Cc: ,
- Bcc: ,
- Date: 01 Jan 2000 12:00:00 -},
- body: [{id: 1,
- sigstatus: [{status: good,
- fingerprint: 5AEAB11F5E33DCE875DDB75B6D92612D94E46381,
- created: 946728000,
- userid:  Notmuch Test Suite test_su...@notmuchmail.org 
(INSECURE!)}],
- content-type: multipart/signed,
- content: [{id: 2,
- content-type: text/plain,
- content: This is a test signed message.\n},
- {id: 3,
- content-type: application/pgp-signature}]}]},
- [
+[]
 FAIL   signature verification with signer key unavailable
--- crypto.4.expected   2011-05-31 17:30:47.0 +
+++ crypto.4.output 2011-05-31 17:30:47.0 +
@@ -1,23 +1 @@
-[[[{id: X,
- match: true,
- filename: Y,
- timestamp: 946728000,
- date_relative: 2000-01-01,
- tags: [inbox,signed],
- headers: {Subject: test signed message 001,
- From: Notmuch Test Suite test_su...@notmuchmail.org,
- To: test_su...@notmuchmail.org,
- Cc: ,
- Bcc: ,
- Date: 01 Jan 2000 12:00:00 -},
- body: [{id: 1,
- sigstatus: [{status: error,
- keyid: 6D92612D94E46381,
- errors: 2}],
- content-type: multipart/signed,
- content: [{id: 2,
- content-type: text/plain,
- content: This is a test signed message.\n},
- {id: 3,
- content-type: application/pgp-signature}]}]},
- [
+[]
 PASS   emacs delivery of encrypted message with attachment
 FAIL   decryption, --format=text
--- crypto.6.expected   2011-05-31 17:30:48.0 +
+++ crypto.6.output 2011-05-31 17:30:48.0 +
@@ -1,25 +1 @@
-message{ id:X depth:0 match:1 filename:X
-header{
-Notmuch Test Suite test_su...@notmuchmail.org (2000-01-01) 
(encrypted inbox)
-Subject: test encrypted message 001
-From: Notmuch Test Suite

Decryption fails

2011-05-30 Thread Felix Geller 
Hi all,

I'm using a version of notmuch based on cb84187 from the master branch
on notmuchmail.org/git/notmuch and am accessing it mostly through the
Emacs UI. Signature verification seems to work nicely, only decryption
fails for any message/thread that I've tried it on. The respective
notmuch process 
notmuch show --format=json --decrypt 'id:x' 
starts eating all my CPU and doesn't return. Doing it on the command
line using gpg directly or going through Emacs' epa works fine. Most of
the test cases in crypto fail as well, but I'm not sure which ones are
actually supposed to work.

My OS is MacOS X, which seems to be non-existent among notmuch
developers and therefore might at some level be the cause. However, I
built gmime 2.4.24 (through a little modification to MacPorts'
respective Portfile) as was recommended on IRC at some point and am not
aware of any other incompatibilities.

I'm not sure how to identify the cause for this problem, do you have any
hints where to start searching?


Cheers,
Felix
-- next part --
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 202 bytes
Desc: not available
URL: 
<http://notmuchmail.org/pipermail/notmuch/attachments/20110530/3cb33256/attachment.pgp>

Decryption fails

2011-05-30 Thread David Bremner 
On Mon, 30 May 2011 21:30:03 +0200, Felix Geller  wrote:

> starts eating all my CPU and doesn't return. Doing it on the command
> line using gpg directly or going through Emacs' epa works fine. Most of
> the test cases in crypto fail as well, but I'm not sure which ones are
> actually supposed to work.

I can't help much with MacOS X, but all of the test cases should work
with gmime 2.4.24 (at least they do for people on Debian).

d

Decryption fails

2011-05-30 Thread Felix Geller 
Hi all,

I'm using a version of notmuch based on cb84187 from the master branch
on notmuchmail.org/git/notmuch and am accessing it mostly through the
Emacs UI. Signature verification seems to work nicely, only decryption
fails for any message/thread that I've tried it on. The respective
notmuch process 
notmuch show --format=json --decrypt 'id:x' 
starts eating all my CPU and doesn't return. Doing it on the command
line using gpg directly or going through Emacs' epa works fine. Most of
the test cases in crypto fail as well, but I'm not sure which ones are
actually supposed to work.

My OS is MacOS X, which seems to be non-existent among notmuch
developers and therefore might at some level be the cause. However, I
built gmime 2.4.24 (through a little modification to MacPorts'
respective Portfile) as was recommended on IRC at some point and am not
aware of any other incompatibilities.

I'm not sure how to identify the cause for this problem, do you have any
hints where to start searching?


Cheers,
Felix


pgpUrnu0xy4BJ.pgp
Description: PGP signature
___
notmuch mailing list
notmuch@notmuchmail.org
http://notmuchmail.org/mailman/listinfo/notmuch

Re: Decryption fails

2011-05-30 Thread David Bremner 
On Mon, 30 May 2011 21:30:03 +0200, Felix Geller fgel...@gmail.com wrote:

 starts eating all my CPU and doesn't return. Doing it on the command
 line using gpg directly or going through Emacs' epa works fine. Most of
 the test cases in crypto fail as well, but I'm not sure which ones are
 actually supposed to work.

I can't help much with MacOS X, but all of the test cases should work
with gmime 2.4.24 (at least they do for people on Debian).

d
___
notmuch mailing list
notmuch@notmuchmail.org
http://notmuchmail.org/mailman/listinfo/notmuch