search

CZ-NIC / envelope

Insert a message and attachments and send e-mail / sign / encrypt contents by a single line.
Other
171 stars 12 forks source link

Automatic GPG / S/MIME detection #29

Open multiflexi opened 1 year ago

multiflexi commented 1 year ago

When I try this with sign being path to S/MIME key+cert:

if os.path.isfile(sign)
    envelope.signature(key=open(sign))

I get IndexError: list index out of range because it is trying to use it as GPG (sign = result.fingerprints[0] in _determine_gpg), but when I try this:

if os.path.isfile(sign):
    envelope.smime()
    envelope.signature(key=open(sign))

The email is signed without any issues.

Documentation says: "Note that if neither gpg nor smime is specified, we try to determine the method automatically."

e3rd commented 1 year ago

Cool, check whether the following commit works!

multiflexi commented 1 year ago

Still the same issue:

Traceback (most recent call last):
File "/app/publishers/email_publisher.py", line 125, in publish
  envelope.send()
File "/usr/local/lib/python3.9/site-packages/envelope/envelope.py", line 911, in send
  self._start(sign=sign, encrypt=encrypt, send=send)
File "/usr/local/lib/python3.9/site-packages/envelope/envelope.py", line 949, in _start
  encrypt, sign, gpg_on = self._determine_gpg(encrypt, sign)
File "/usr/local/lib/python3.9/site-packages/envelope/envelope.py", line 1051, in _determine_gpg
 sign = result.fingerprints[0]
IndexError: list index out of range
e3rd commented 1 year ago

Is it a testing key file, could you send it to me? (Or could you create a new one that fails the same way and send it)

multiflexi commented 1 year ago

I think I know what was the issue. So I have generated a free cert from codegic.com, but it worked fine. The one that does not work, is from GEANT Personal CA 4 (CESNET) and the difference between those two was that the GEANT one has private key at the end of the PEM file while the one from codegic has it at the beginning. I moved the private key to the beginning of the file and now it works. Are you trying to read just the first cert/key the from the file?

e3rd commented 1 year ago

(Interesting! If that works for you, I'll investigate not earlier than in two weeks)

e3rd commented 8 months ago

I was desperately trying to repliate this. Would you help me again, please?

Are you trying to read just the first cert/key the from the file?

Under the hood, I am sending the file contents to the smime internal method EVP.load_key_string to check whether this is an smime. I am working with the key-cert-together.pem from the tests directory. However, whether I put the key and certificate:

-----BEGIN PRIVATE KEY-----
MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAOX0Zb8oP0dsGIu3
...
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIICaDCCAdGgAwIBAgIUTpsJCB+t6Gq6dzaUKhaCk8tUN7UwDQYJKoZIhvcNAQEL
...
-----END CERTIFICATE-----

or that way:

-----BEGIN CERTIFICATE-----
MIICaDCCAdGgAwIBAgIUTpsJCB+t6Gq6dzaUKhaCk8tUN7UwDQYJKoZIhvcNAQEL
...
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----
MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAOX0Zb8oP0dsGIu3
...
-----END PRIVATE KEY-----

it always works. I need you to try the following lines onto your private file and tell me whether it raises an issue:

from M2Crypto import EVP
from pathlib import Path

PATH = "tests/smime/key-cert-together.pem"  # your private file
EVP.load_key_string(Path(PATH).read_bytes())
e3rd commented 8 months ago

For my future reference:

    def test_fix_29(self):
        # Implicit GPG
        e = (Envelope(MESSAGE).from_(IDENTITY_2).to(IDENTITY_2)
             #.smime()
                         .signature(key=Path("tests/smime/key-cert-together.pem")))
        print(self.check_lines(e, result=True))
        print(str(e))