[PATCH] emacs: process crypto for reply only when specified

[Tomi Ollila]

On Mon, Apr 14 2014, Tomi Ollila  wrote:

> On Mon, Apr 14 2014, Jameson Graef Rollins  
> wrote:
>
>>
>> In any event, if the mml tag is present, it's no longer in notmuch's
>> hands; emacs's mail processing is handling things and calling gpg-agent
>> to sign/encrypt the message.
>>
>> Can you clarify what exactly your situation was?
>
> Exactly that -- the mml tag was present -- so case closed on that issue :D
>
> I did some experiments changing the value of notmuch-crypto-process-mime
> before pressing 'r' button: I had to quit from show mode to search mode and
> choose the thread and then message to have the change to take effect.
>
> I will keep my notmuch-crypto-process-mime set t (and I keep removing
> the mml tags in this system -- and if I forget killing those processes),
> as I want to see [ Good signature by key: 0x... ] -messages. Maybe
> I^HSomebody, Someday provides a patch that provides separate value to
> do just signature checking...

As a current (temporary!;) solution I Added

(defun mml-pgpmime-sign-buffer (cont)
  (error "Signing messages disabled"))

to the end of ~/.emacs.d/notmuch-config.el on this one system only...

I am still vulnerable to DOS attack is someone sends me email encrypted
with my public key... Have to investigate and test this before too long...

Tomi


>
>
>> Presumably people who have not set up any crypto processing should not
>> have notmuch-crypto-process-mime set t.
>>
>> jamie.
>
> Thanks,
>
> Tomi
>
> PS: pkill '(pinentry-curses|gpg)' ++ ;/ -- one step closer to implement 
> that...

[PATCH] emacs: process crypto for reply only when specified

[Tomi Ollila]

On Mon, Apr 14 2014, Jameson Graef Rollins  
wrote:

> On Sun, Apr 13 2014, Tomi Ollila  wrote:
>>> Perhaps people with no ability to sign are less likely to have
>>> "notmuch-crypto-process-mime" set?  Or we can add another configuration
>>> variable initialized from notmuch-crypto-process-mime, but allowing
>>> people to shut this off.
>>
>> Well, I set notmuch-crypto-process-mime to nil -- it still wants to
>> sign the message and runs gpg...
>
> Was my followup patch applied?  My patch controls the insertion of the
> mml tag depending on whether or not notmuch-crypto-process-mime is t or
> not.  If notmuch-crypto-process-mime is nil the tag won't be added.
> Presumably you either did not have that patch applied, or had manually
> set it to t?

For those who don't follow IRC your patch was applied.
>
> In any event, if the mml tag is present, it's no longer in notmuch's
> hands; emacs's mail processing is handling things and calling gpg-agent
> to sign/encrypt the message.
>
> Can you clarify what exactly your situation was?

Exactly that -- the mml tag was present -- so case closed on that issue :D

I did some experiments changing the value of notmuch-crypto-process-mime
before pressing 'r' button: I had to quit from show mode to search mode and
choose the thread and then message to have the change to take effect.

I will keep my notmuch-crypto-process-mime set t (and I keep removing
the mml tags in this system -- and if I forget killing those processes),
as I want to see [ Good signature by key: 0x... ] -messages. Maybe
I^HSomebody, Someday provides a patch that provides separate value to
do just signature checking...


> Presumably people who have not set up any crypto processing should not
> have notmuch-crypto-process-mime set t.
>
> jamie.

Thanks,

Tomi

PS: pkill '(pinentry-curses|gpg)' ++ ;/ -- one step closer to implement that...

Re: [PATCH] emacs: process crypto for reply only when specified

[Tomi Ollila]

On Mon, Apr 14 2014, Tomi Ollila  wrote:

> On Mon, Apr 14 2014, Jameson Graef Rollins  wrote:
>
>>
>> In any event, if the mml tag is present, it's no longer in notmuch's
>> hands; emacs's mail processing is handling things and calling gpg-agent
>> to sign/encrypt the message.
>>
>> Can you clarify what exactly your situation was?
>
> Exactly that -- the mml tag was present -- so case closed on that issue :D
>
> I did some experiments changing the value of notmuch-crypto-process-mime
> before pressing 'r' button: I had to quit from show mode to search mode and
> choose the thread and then message to have the change to take effect.
>
> I will keep my notmuch-crypto-process-mime set t (and I keep removing
> the mml tags in this system -- and if I forget killing those processes),
> as I want to see [ Good signature by key: 0x... ] -messages. Maybe
> I^HSomebody, Someday provides a patch that provides separate value to
> do just signature checking...

As a current (temporary!;) solution I Added

(defun mml-pgpmime-sign-buffer (cont)
  (error "Signing messages disabled"))

to the end of ~/.emacs.d/notmuch-config.el on this one system only...

I am still vulnerable to DOS attack is someone sends me email encrypted
with my public key... Have to investigate and test this before too long...

Tomi


>
>
>> Presumably people who have not set up any crypto processing should not
>> have notmuch-crypto-process-mime set t.
>>
>> jamie.
>
> Thanks,
>
> Tomi
>
> PS: pkill '(pinentry-curses|gpg)' ++ ;/ -- one step closer to implement 
> that...
___
notmuch mailing list
notmuch@notmuchmail.org
http://notmuchmail.org/mailman/listinfo/notmuch

Re: [PATCH] emacs: process crypto for reply only when specified

[Tomi Ollila]

On Mon, Apr 14 2014, Jameson Graef Rollins  wrote:

> On Sun, Apr 13 2014, Tomi Ollila  wrote:
>>> Perhaps people with no ability to sign are less likely to have
>>> "notmuch-crypto-process-mime" set?  Or we can add another configuration
>>> variable initialized from notmuch-crypto-process-mime, but allowing
>>> people to shut this off.
>>
>> Well, I set notmuch-crypto-process-mime to nil -- it still wants to
>> sign the message and runs gpg...
>
> Was my followup patch applied?  My patch controls the insertion of the
> mml tag depending on whether or not notmuch-crypto-process-mime is t or
> not.  If notmuch-crypto-process-mime is nil the tag won't be added.
> Presumably you either did not have that patch applied, or had manually
> set it to t?

For those who don't follow IRC your patch was applied.
>
> In any event, if the mml tag is present, it's no longer in notmuch's
> hands; emacs's mail processing is handling things and calling gpg-agent
> to sign/encrypt the message.
>
> Can you clarify what exactly your situation was?

Exactly that -- the mml tag was present -- so case closed on that issue :D

I did some experiments changing the value of notmuch-crypto-process-mime
before pressing 'r' button: I had to quit from show mode to search mode and
choose the thread and then message to have the change to take effect.

I will keep my notmuch-crypto-process-mime set t (and I keep removing
the mml tags in this system -- and if I forget killing those processes),
as I want to see [ Good signature by key: 0x... ] -messages. Maybe
I^HSomebody, Someday provides a patch that provides separate value to
do just signature checking...


> Presumably people who have not set up any crypto processing should not
> have notmuch-crypto-process-mime set t.
>
> jamie.

Thanks,

Tomi

PS: pkill '(pinentry-curses|gpg)' ++ ;/ -- one step closer to implement that...
___
notmuch mailing list
notmuch@notmuchmail.org
http://notmuchmail.org/mailman/listinfo/notmuch

[PATCH] emacs: process crypto for reply only when specified

[Tomi Ollila]

On Sun, Apr 13 2014, David Bremner wrote:

> Tomi Ollila  writes:
>
>>
>> Code looks OK. +1. I'm interested to see whether replies to signed emails
>> work on this system where sign/(de|en)cryption just doesn't work (out of
>> the box) :D
>>
>
> It's a good point. I need to insert my smartcard to sign things, which
> I'm sometimes too lazy to do. In my case, maybe I should stop being so
> lazy; I suspect my particular case is a but unusual.

Below is what happened to me when I failed to remove the 
"<#secure method=pgpmime mode=sign>" part from the beginning of the message
It is very easy to detect and there is nothing much one can use if they
have configured notmuch-crypto-process-mime to be t (like I seem to have ;)

--8<8<8<8<8<8<8<8<8<8<8<8<--
notmuch-crypto-process-mime is a variable defined in `one-notmuch.el'.
Its value is t
Original value was nil
--8<8<8<8<8<8<8<8<8<8<8<8<--

Emacs stopped responding my keypresses after C-c C-c; C-g brought control
back to me -- and then I tried again...

ps output

19028 ? SLs  0:00 /usr/bin/gpg --no-tty --status-fd 1 --yes --command-f
19029 ? SL   0:00 gpg-agent --server
19030 ? RL   0:50 /usr/bin/pinentry-curses
19034 ? SLs  0:00 /usr/bin/gpg --no-tty --status-fd 1 --yes --command-f
19035 ? SL   0:00 gpg-agent --server
19036 ? RL   0:04 /usr/bin/pinentry-curses
19037 pts/6 R+   0:00 ps x

The 'pinentry-curses' and this emacs doesn't play along well (I've seen
this happening before when I tried to encrypt some messages). I had
to pkill gpg and pinentry-curses to get rid of the above processes.

> Perhaps people with no ability to sign are less likely to have
> "notmuch-crypto-process-mime" set?  Or we can add another configuration
> variable initialized from notmuch-crypto-process-mime, but allowing
> people to shut this off.

Well, I set notmuch-crypto-process-mime to nil -- it still wants to
sign the message and runs gpg...

... my case may be unique enough no-one else has the same problem; anyway
ideas how to automatically kill the gpg process(es) when one aborts send
attempt? 

Tomi

[PATCH] emacs: process crypto for reply only when specified

[David Bremner]

Tomi Ollila  writes:

>
> Well, I set notmuch-crypto-process-mime to nil -- it still wants to
> sign the message and runs gpg...
>

Was it nil when you replied, i.e. when the mml tags were created?

d

Re: [PATCH] emacs: process crypto for reply only when specified

[Jameson Graef Rollins]

On Sun, Apr 13 2014, Tomi Ollila  wrote:
>> Perhaps people with no ability to sign are less likely to have
>> "notmuch-crypto-process-mime" set?  Or we can add another configuration
>> variable initialized from notmuch-crypto-process-mime, but allowing
>> people to shut this off.
>
> Well, I set notmuch-crypto-process-mime to nil -- it still wants to
> sign the message and runs gpg...

Was my followup patch applied?  My patch controls the insertion of the
mml tag depending on whether or not notmuch-crypto-process-mime is t or
not.  If notmuch-crypto-process-mime is nil the tag won't be added.
Presumably you either did not have that patch applied, or had manually
set it to t?

In any event, if the mml tag is present, it's no longer in notmuch's
hands; emacs's mail processing is handling things and calling gpg-agent
to sign/encrypt the message.

Can you clarify what exactly your situation was?

Presumably people who have not set up any crypto processing should not
have notmuch-crypto-process-mime set t.

jamie.


pgp3U5wDLQOHU.pgp
Description: PGP signature
___
notmuch mailing list
notmuch@notmuchmail.org
http://notmuchmail.org/mailman/listinfo/notmuch

[PATCH] emacs: process crypto for reply only when specified

[Jameson Graef Rollins]

On Sun, Apr 13 2014, Tomi Ollila  wrote:
>> Perhaps people with no ability to sign are less likely to have
>> "notmuch-crypto-process-mime" set?  Or we can add another configuration
>> variable initialized from notmuch-crypto-process-mime, but allowing
>> people to shut this off.
>
> Well, I set notmuch-crypto-process-mime to nil -- it still wants to
> sign the message and runs gpg...

Was my followup patch applied?  My patch controls the insertion of the
mml tag depending on whether or not notmuch-crypto-process-mime is t or
not.  If notmuch-crypto-process-mime is nil the tag won't be added.
Presumably you either did not have that patch applied, or had manually
set it to t?

In any event, if the mml tag is present, it's no longer in notmuch's
hands; emacs's mail processing is handling things and calling gpg-agent
to sign/encrypt the message.

Can you clarify what exactly your situation was?

Presumably people who have not set up any crypto processing should not
have notmuch-crypto-process-mime set t.

jamie.
-- next part --
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 818 bytes
Desc: not available
URL: 

Re: [PATCH] emacs: process crypto for reply only when specified

[David Bremner]

Tomi Ollila  writes:

>
> Well, I set notmuch-crypto-process-mime to nil -- it still wants to
> sign the message and runs gpg...
>

Was it nil when you replied, i.e. when the mml tags were created?

d
___
notmuch mailing list
notmuch@notmuchmail.org
http://notmuchmail.org/mailman/listinfo/notmuch

[PATCH] emacs: process crypto for reply only when specified

[Tomi Ollila]

On Sun, Apr 13 2014, David Bremner  wrote:

> Jameson Graef Rollins  writes:
>
>> This is a tweak to patch "emacs: sign/encrypt replies to
>> signed/encrypted messages" to only add mml crypto flags for replys
>> when crypto processing has been activated.
>>
>
> The (merged) patch seems straightforward and seems to work. I'll
> probably push it tomorrow if nobody complains.

Code looks OK. +1. I'm interested to see whether replies to signed emails
work on this system where sign/(de|en)cryption just doesn't work (out of
the box) :D

> d

Tomi

Re: [PATCH] emacs: process crypto for reply only when specified

[Tomi Ollila]

On Sun, Apr 13 2014, David Bremner wrote:

> Tomi Ollila  writes:
>
>>
>> Code looks OK. +1. I'm interested to see whether replies to signed emails
>> work on this system where sign/(de|en)cryption just doesn't work (out of
>> the box) :D
>>
>
> It's a good point. I need to insert my smartcard to sign things, which
> I'm sometimes too lazy to do. In my case, maybe I should stop being so
> lazy; I suspect my particular case is a but unusual.

Below is what happened to me when I failed to remove the 
"<#secure method=pgpmime mode=sign>" part from the beginning of the message
It is very easy to detect and there is nothing much one can use if they
have configured notmuch-crypto-process-mime to be t (like I seem to have ;)

--8<8<8<8<8<8<8<8<8<8<8<8<--
notmuch-crypto-process-mime is a variable defined in `one-notmuch.el'.
Its value is t
Original value was nil
--8<8<8<8<8<8<8<8<8<8<8<8<--

Emacs stopped responding my keypresses after C-c C-c; C-g brought control
back to me -- and then I tried again...

ps output

19028 ? SLs  0:00 /usr/bin/gpg --no-tty --status-fd 1 --yes --command-f
19029 ? SL   0:00 gpg-agent --server
19030 ? RL   0:50 /usr/bin/pinentry-curses
19034 ? SLs  0:00 /usr/bin/gpg --no-tty --status-fd 1 --yes --command-f
19035 ? SL   0:00 gpg-agent --server
19036 ? RL   0:04 /usr/bin/pinentry-curses
19037 pts/6 R+   0:00 ps x

The 'pinentry-curses' and this emacs doesn't play along well (I've seen
this happening before when I tried to encrypt some messages). I had
to pkill gpg and pinentry-curses to get rid of the above processes.

> Perhaps people with no ability to sign are less likely to have
> "notmuch-crypto-process-mime" set?  Or we can add another configuration
> variable initialized from notmuch-crypto-process-mime, but allowing
> people to shut this off.

Well, I set notmuch-crypto-process-mime to nil -- it still wants to
sign the message and runs gpg...

... my case may be unique enough no-one else has the same problem; anyway
ideas how to automatically kill the gpg process(es) when one aborts send
attempt? 

Tomi

___
notmuch mailing list
notmuch@notmuchmail.org
http://notmuchmail.org/mailman/listinfo/notmuch

[PATCH] emacs: process crypto for reply only when specified

[David Bremner]

Tomi Ollila  writes:

>
> Code looks OK. +1. I'm interested to see whether replies to signed emails
> work on this system where sign/(de|en)cryption just doesn't work (out of
> the box) :D
>

It's a good point. I need to insert my smartcard to sign things, which
I'm sometimes too lazy to do. In my case, maybe I should stop being so
lazy; I suspect my particular case is a but unusual.

Perhaps people with no ability to sign are less likely to have
"notmuch-crypto-process-mime" set?  Or we can add another configuration
variable initialized from notmuch-crypto-process-mime, but allowing
people to shut this off.

Re: [PATCH] emacs: process crypto for reply only when specified

[David Bremner]

Tomi Ollila  writes:

>
> Code looks OK. +1. I'm interested to see whether replies to signed emails
> work on this system where sign/(de|en)cryption just doesn't work (out of
> the box) :D
>

It's a good point. I need to insert my smartcard to sign things, which
I'm sometimes too lazy to do. In my case, maybe I should stop being so
lazy; I suspect my particular case is a but unusual.

Perhaps people with no ability to sign are less likely to have
"notmuch-crypto-process-mime" set?  Or we can add another configuration
variable initialized from notmuch-crypto-process-mime, but allowing
people to shut this off.
___
notmuch mailing list
notmuch@notmuchmail.org
http://notmuchmail.org/mailman/listinfo/notmuch

Re: [PATCH] emacs: process crypto for reply only when specified

[Tomi Ollila]

On Sun, Apr 13 2014, David Bremner  wrote:

> Jameson Graef Rollins  writes:
>
>> This is a tweak to patch "emacs: sign/encrypt replies to
>> signed/encrypted messages" to only add mml crypto flags for replys
>> when crypto processing has been activated.
>>
>
> The (merged) patch seems straightforward and seems to work. I'll
> probably push it tomorrow if nobody complains.

Code looks OK. +1. I'm interested to see whether replies to signed emails
work on this system where sign/(de|en)cryption just doesn't work (out of
the box) :D

> d

Tomi
___
notmuch mailing list
notmuch@notmuchmail.org
http://notmuchmail.org/mailman/listinfo/notmuch

[PATCH] emacs: process crypto for reply only when specified

[David Bremner]

Jameson Graef Rollins  writes:

> This is a tweak to patch "emacs: sign/encrypt replies to
> signed/encrypted messages" to only add mml crypto flags for replys
> when crypto processing has been activated.
>

The (merged) patch seems straightforward and seems to work. I'll
probably push it tomorrow if nobody complains.

d

Re: [PATCH] emacs: process crypto for reply only when specified

[David Bremner]

Jameson Graef Rollins  writes:

> This is a tweak to patch "emacs: sign/encrypt replies to
> signed/encrypted messages" to only add mml crypto flags for replys
> when crypto processing has been activated.
>

The (merged) patch seems straightforward and seems to work. I'll
probably push it tomorrow if nobody complains.

d
___
notmuch mailing list
notmuch@notmuchmail.org
http://notmuchmail.org/mailman/listinfo/notmuch

[PATCH] emacs: process crypto for reply only when specified

[Jameson Graef Rollins]

This is a tweak to patch "emacs: sign/encrypt replies to
signed/encrypted messages" to only add mml crypto flags for replys
when crypto processing has been activated.

---

Thanks to mjw1009 for implementation suggestions.

Jani, you might consider squashing this with your original for a v2.
Pushing them separately seems fine to me as well.

jamie.

---
 emacs/notmuch-mua.el | 6 --
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/emacs/notmuch-mua.el b/emacs/notmuch-mua.el
index 9fb84b5..bf6253f 100644
--- a/emacs/notmuch-mua.el
+++ b/emacs/notmuch-mua.el
@@ -160,9 +160,10 @@ list."
 
 (defun notmuch-mua-reply (query-string &optional sender reply-all)
   (let ((args '("reply" "--format=sexp" "--format-version=1"))
+   (process-crypto notmuch-show-process-crypto)
reply
original)
-(when notmuch-show-process-crypto
+(when process-crypto
   (setq args (append args '("--decrypt"
 
 (if reply-all
@@ -236,7 +237,8 @@ list."
(message-cite-original)))
 
 ;; Sign and/or encrypt replies to signed and/or encrypted messages.
-(notmuch-mua-reply-crypto (plist-get original :body)))
+(when process-crypto
+  (notmuch-mua-reply-crypto (plist-get original :body
 
   ;; Push mark right before signature, if any.
   (message-goto-signature)
-- 
1.9.1

___
notmuch mailing list
notmuch@notmuchmail.org
http://notmuchmail.org/mailman/listinfo/notmuch

[PATCH] emacs: process crypto for reply only when specified

[Jameson Graef Rollins]

This is a tweak to patch "emacs: sign/encrypt replies to
signed/encrypted messages" to only add mml crypto flags for replys
when crypto processing has been activated.

---

Thanks to mjw1009 for implementation suggestions.

Jani, you might consider squashing this with your original for a v2.
Pushing them separately seems fine to me as well.

jamie.

---
 emacs/notmuch-mua.el | 6 --
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/emacs/notmuch-mua.el b/emacs/notmuch-mua.el
index 9fb84b5..bf6253f 100644
--- a/emacs/notmuch-mua.el
+++ b/emacs/notmuch-mua.el
@@ -160,9 +160,10 @@ list."

 (defun notmuch-mua-reply (query-string &optional sender reply-all)
   (let ((args '("reply" "--format=sexp" "--format-version=1"))
+   (process-crypto notmuch-show-process-crypto)
reply
original)
-(when notmuch-show-process-crypto
+(when process-crypto
   (setq args (append args '("--decrypt"

 (if reply-all
@@ -236,7 +237,8 @@ list."
(message-cite-original)))

 ;; Sign and/or encrypt replies to signed and/or encrypted messages.
-(notmuch-mua-reply-crypto (plist-get original :body)))
+(when process-crypto
+  (notmuch-mua-reply-crypto (plist-get original :body

   ;; Push mark right before signature, if any.
   (message-goto-signature)
-- 
1.9.1