Problems using gpgsm
Stephan Menzel
smenzel at gmx-gmbh.de
Thu Apr 6 11:58:37 CEST 2006
Hi there,
I'm trying to use gpgme with gpgsm backend to verify signed S/MIME email.
Progress is going well thanks to excellent gpgme docs, but I'm stuck now and I
would need some help. Here's what I did:
I have a S/MIME signed mail with a single signed text/plain part
First I took the mail apart, parsing it, separating text and signature,
deconding both and saving into seperate files.
With the content I made sure all lines end with CRLF. The content in the file
looks like this:
00000000 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 |Content-Type: te|
00000010 78 74 2f 70 6c 61 69 6e 3b 20 63 68 61 72 73 65 |xt/plain; charse|
00000020 74 3d 69 73 6f 2d 38 38 35 39 2d 31 35 0d 0a 43 |t=iso-8859-15..C|
00000030 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d |ontent-Transfer-|
00000040 45 6e 63 6f 64 69 6e 67 3a 20 37 62 69 74 0d 0a |Encoding: 7bit..|
00000050 0d 0a 74 65 73 74 32 0d 0a 0d 0a |..test2....|
Then I did something like this (I removed error handling for better looks):
gpgme_data_t gd_txt;
gpgme_data_t gd_sig;
gpgme_data_t gd_plain;
gpgme_error_t err;
gpgme_data_encoding_t enc;
gpgme_ctx_t ctx;
gpgme_signature_t sig;
gpgme_verify_result_t res;
[.....]
gpgme_data_new(&gd_plain);
gpgme_data_new_from_file(&gd_txt, "cont.dat", 1);
gpgme_data_new_from_file(&gd_sig, "sig.dat", 1);
// gpgme_data_set_encoding(gd_sig, GPGME_DATA_ENCODING_BASE64);
// I took this out since I base64 decoded the sig myself. If I give the
// base 64 encoded sig directly to the lib and enable this, the results are
// the same.
gpgme_new(&ctx);
gpgme_set_protocol(ctx, GPGME_PROTOCOL_CMS);
gpgme_op_verify(ctx, gd_sig, gd_txt, gd_plain);
res = gpgme_op_verify_result(ctx);
while (sig) {
switch (gpg_err_code (sig->status)) {
case GPG_ERR_NO_ERROR:
fprintf(stdout, "no error\n");
break;
case GPG_ERR_BAD_SIGNATURE:
fprintf(stdout, "bad signature\n");
break;
case GPG_ERR_NO_PUBKEY:
fprintf(stdout, "no public key\n");
break;
case GPG_ERR_NO_DATA:
fprintf(stdout, "no data\n");
break;
case GPG_ERR_SIG_EXPIRED:
fprintf(stdout, "sig expired\n");
break;
case GPG_ERR_KEY_EXPIRED:
fprintf(stdout, "key expired\n");
break;
default:
fprintf(stdout, "default\n");
break;
}
fprintf(stdout, "signature fingerprint: %s\n", sig->fpr);
if (sig->wrong_key_usage) {
fprintf(stdout, "wrong key usage\n");
}
switch (sig->summary) {
case GPGME_SIGSUM_VALID:
fprintf(stdout, "The signature is fully valid.\n");
break;
case GPGME_SIGSUM_GREEN:
fprintf(stdout, "The signature is good but one might want to display
some exttra formation. Check the other bits\n");
break;
case GPGME_SIGSUM_RED:
fprintf(stdout, "The signature is bad. It might be useful to check
other bits and display more information, i.e. a revoked
certificate might not render a signature invalid when the
message was received prior to the cause for the
revocation.\n");
break;
}
}
sig = sig->next;
}
gpgme_release(ctx);
gpgme_data_release(gd_txt);
gpgme_data_release(gd_sig);
gpgme_data_release(gd_plain);
---- snip ----
Sorry for being so verbose but I wanna make sure I do everything right.
Anyway, what I get is always this:
bad signature
signature fingerprint: 6609AEADB2A9113136A5AE46AFD596A44EFC8B52
So what I am doing wrong? Can you give me any hint?
Thanks a lot and have a nice day...
Stephan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: not available
Url : /pipermail/attachments/20060406/2c8acead/attachment.pgp
More information about the Gnupg-devel
mailing list