Problems with gpgme/gpgsm

Stephan Menzel smenzel at gmx-gmbh.de
Thu Apr 6 12:42:11 CEST 2006


Hi there,

I'm trying to use gpgme with gpgsm backend to verify signed S/MIME email.
Progress is going well thanks to excellent gpgme docs, but I'm stuck now and I 
would need some help. Here's what I did:

I have a S/MIME signed mail with a single signed text/plain part
First I took the mail apart, parsing it, separating text and signature, 
deconding both and saving into seperate files.

With the content I made sure all lines end with CRLF. The content in the file 
looks like this:

00000000  43 6f 6e 74 65 6e 74 2d  54 79 70 65 3a 20 74 65  |Content-Type: te|
00000010  78 74 2f 70 6c 61 69 6e  3b 20 63 68 61 72 73 65  |xt/plain; charse|
00000020  74 3d 69 73 6f 2d 38 38  35 39 2d 31 35 0d 0a 43  |t=iso-8859-15..C|
00000030  6f 6e 74 65 6e 74 2d 54  72 61 6e 73 66 65 72 2d  |ontent-Transfer-|
00000040  45 6e 63 6f 64 69 6e 67  3a 20 37 62 69 74 0d 0a  |Encoding: 7bit..|
00000050  0d 0a 74 65 73 74 32 0d  0a 0d 0a                 |..test2....|

Then I did something like this (I removed error handling for better looks):

        gpgme_data_t            gd_txt;
        gpgme_data_t            gd_sig;
        gpgme_data_t            gd_plain;
        gpgme_error_t           err;
        gpgme_data_encoding_t   enc;
        gpgme_ctx_t             ctx;
        gpgme_signature_t       sig;
        gpgme_verify_result_t   res;

[.....]

gpgme_data_new(&gd_plain);
gpgme_data_new_from_file(&gd_txt, "cont.dat", 1);
gpgme_data_new_from_file(&gd_sig, "sig.dat", 1);

//      gpgme_data_set_encoding(gd_sig, GPGME_DATA_ENCODING_BASE64);
// I took this out since I base64 decoded the sig myself. If I give the
// base 64 encoded sig directly to the lib and enable this, the results are
//  the same.

gpgme_new(&ctx);
gpgme_set_protocol(ctx, GPGME_PROTOCOL_CMS);
gpgme_op_verify(ctx, gd_sig, gd_txt, gd_plain);
res = gpgme_op_verify_result(ctx);

while (sig) {
  switch (gpg_err_code (sig->status)) {
    case GPG_ERR_NO_ERROR:
        fprintf(stdout, "no error\n");
        break;
    case GPG_ERR_BAD_SIGNATURE:
        fprintf(stdout, "bad signature\n");
        break;
    case GPG_ERR_NO_PUBKEY:
        fprintf(stdout, "no public key\n");
        break;
    case GPG_ERR_NO_DATA:
        fprintf(stdout, "no data\n");
        break;
    case GPG_ERR_SIG_EXPIRED:
        fprintf(stdout, "sig expired\n");
        break;
     case GPG_ERR_KEY_EXPIRED:
        fprintf(stdout, "key expired\n");
        break;
     default:
        fprintf(stdout, "default\n");
        break;
  }
  fprintf(stdout, "signature fingerprint: %s\n", sig->fpr);
  if (sig->wrong_key_usage) {
        fprintf(stdout, "wrong key usage\n");
  }
  switch (sig->summary) {
     case GPGME_SIGSUM_VALID:
          fprintf(stdout, "The signature is fully valid.\n");
          break;
     case GPGME_SIGSUM_GREEN:
         fprintf(stdout, "The signature is good but one might want to display
                         some exttra formation. Check the other bits\n");
         break;
     case GPGME_SIGSUM_RED:
         fprintf(stdout, "The signature is bad. It might be useful to check
                  other bits and display more information, i.e. a revoked
                  certificate might not render a signature invalid when the
                  message was received prior to the cause for the
                  revocation.\n");
          break;
       }
  }
  sig = sig->next;
}

gpgme_release(ctx);
gpgme_data_release(gd_txt);
gpgme_data_release(gd_sig);
gpgme_data_release(gd_plain);

---- snip ----

Sorry for being so verbose  but I wanna make sure I do everything right.
Anyway, what I get is always this:

bad signature
signature fingerprint: 6609AEADB2A9113136A5AE46AFD596A44EFC8B52

This fingerprint, btw is correct, so I assume, the signature has been loaded 
by the lib correctly.

So what I am doing wrong? Can you give me any hint?

Thanks a lot and have a nice day...

Stephan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: not available
Url : /pipermail/attachments/20060406/79c9fbf0/attachment.pgp


More information about the Gnupg-devel mailing list