On 29/08/2009 Jonas Meurer wrote:
the PGP plugin needs access to the raw content of mime parts. verify_mime() requires the _exact_ raw content, not a stripped down, parsed or otherwise modified version. this is not possible yet. $this->get_part_content($mime_id) from rcube_message.php, and even iil_C_HandlePartBody($this->conn, $this->mailbox, $uid, true, $part) from rcube_imap.php give back stripped down versions of the content. i wonder whether it's possible to access the raw content at all.
looked into that issue today and finally discovered that the way roundcube mime parsing code doesn't support to fetch raw content of mime parts.
that's a problem for mime signed messages at least: in order to verify the signature, the original message is required. that message usually contains mime headers like 'Content-Type' and 'Content-Disposion'. the roundcube mime parsing code strips these headers from the mime body.
<... more message headers ...> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="E13BgyNx05feLLmH" Content-Disposition: inline
--E13BgyNx05feLLmH Content-Type: text/plain; charset=us-ascii Content-Disposition: inline
plain text mime signed
--E13BgyNx05feLLmH Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkp/YKcACgkQa+/U1rRZq1j/wwCfZ8AGlXn1ckWZF6VmqVnFEi8O rGsAoI/aZ8A4ErFjx3wjH2eSgsStu95o =C79P -----END PGP SIGNATURE-----
--E13BgyNx05feLLmH--
this message is splitted into three equivalent mime parts:
- part 0 is text/plain and cotains 'plain text mime signed'
- part 1 is application/pgp-signature and contains the pgp signature
- part 2 is micalg/pgp-sha1 and contains nothing useful
in order to verify the signature, part 0 and part 1 are required, but part 0 is required in the original format, with all mime headers:
Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline
both get_message_part() and get_body() from rcube_imap.php return the truncated message part, while get_raw_body() returns the whole message with all message headers etc. i guess we'll need an additionaly function get_raw_part() which gives the raw, unmodified message part.
greetings, jonas
--- 8< --- detachments --- 8< --- The following attachments have been detached and are available for viewing. http://detached.gigo.com/rc/VA/WptuSVr7/signature.asc Only click these links if you trust the sender, as well as this message. --- 8< --- detachments --- 8< ---
List info: http://lists.roundcube.net/dev/