search

leahneukirchen / mblaze

Unix utilities to deal with Maildir
Other
441 stars 48 forks source link

Handling of encrypted PGP/MIME multipart messages #175

Open nmeum opened 4 years ago

nmeum commented 4 years ago

I recently noticed that contrib/mpgp doesn't seem to handle encrypted PGP/MIME multipart messages well. For instance, consider an encrypted PGP/MIME messages which consists of text + attachments (e.g. tarballs). Since mpgp is a filter it does not seem to be possible to extract attachments from such a message (e.g. through mshow -x) or at least, I didn't manage to do so.

In case anybody else is encountering this issue, I wrote myself the following script (mshowpgp) which I use instead of mpgp:

#!/bin/sh
# Decryptes current mblaze PGP/MIME message.
set -e

# See ENVIRONMENT section in mseq(1).
MBLAZE="${MBLAZE:-$HOME/.mblaze}"
MAILCUR="${MAILCUR:-$MBLAZE/cur}"

n=$(mshow -t | awk -F: '
    /: application\/pgp-encrypted/ {supported = 1}
    /: application\/octet-stream/ {if (supported) { print $1; exit }}')

if [ "$n" ]; then
    mshow -n -O "$MAILCUR" "$n" | gpg --decrypt | mshow -n /dev/stdin "$@"
    exit 0
else
    echo "Current mblaze message is not PGP/MIME encrypted" 1>&2
    exit 1
fi

If the current message is PGP/MIME encrypted its attachments can be extracted using mshowpgp -x as usual. The script also illustrates some shortcomings of mshow:

  1. There doesn't seem to be any portable way of reading messages from standard input (iirc /dev/stdin is not specified by POSIX).
  2. If mshow -x or mshow -O is used it does not seem to be possible to use the current message without explicitly specifying its path.

If there is any way to extract attachments with the mpgp filter please let me know.

leahneukirchen commented 4 years ago

/dev/stdin is indeed not POSIX, but exist on every system except for AIX it seems. ;) I can't use - as that is the previous message.

mshow -x . 3 should work fine?

leahneukirchen commented 4 years ago

I dunno an easier way to solve your problem.

leahneukirchen commented 4 years ago

Reopening this. I looked into using filters for mshow -t and -x, but it seems like a waste to run them just because of the exit status.

Perhaps mgpg should just be integrated into mshow directly (and spawn gpg via a pipe).

Patches welcome.

nmeum commented 4 years ago

Perhaps mgpg should just be integrated into mshow directly (and spawn gpg via a pipe).

I am personally happy with my setup where I decrypt mails using a separate mshowpgp program. If someone implements PGP support in mshow itself, be careful not to run into efail in combination with text/html filters.

xelxebar commented 1 year ago

Late to the party here, but I'm just doing something way dumber here: mgpgshow(){ mraw "$1" | gpg --decrypt | mshow -;}.

That said. It would be nice to also verify the signature.