Discussion:
[RCD] Enigma decryption password prompt
Kyle Francis
2016-06-25 23:47:40 UTC
Permalink
_______________________________________________
Roundcube Development discussion mailing list
***@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/dev
A.L.E.C
2016-06-26 13:23:36 UTC
Permalink
I hit a road block and I've kind of been putting off finishing up the
SMIME support because of it. I originally didn't have a password
protected private keys for testing purposes, but have now added that.
Prior to that signing and decrypting worked just fine. Now with the
password, I can get Enigma to prompt for the password if it's not cached
for signing outgoing (in the compose task) but I'm not able to figure
out how to get it to prompt for the password from the inbox task when
attempting to decrypt a message. If the password is cached the message
decrypts perfectly.
The result of decryption is handled in enigma_ui::status_message()
method
(https://github.com/roundcube/roundcubemail/blob/master/plugins/enigma/lib/enigma_ui.php#L773).

So, we prompt for password when $engine->decryptions array contains
enigma_error object for specified message part. The code of the error
should be enigma_error::BADPASS. In this case it is important which
message part ID you're using.

The same applies for when you reply to an encrypted message. See
enigma_ui::message_compose(). Here we also use $engine->decryptions
property, but here the part ID is irrelevant.

How we set $decryptions property you can see for example in
enigma_engine::parse_plain_encrypted() and
enigma_driver_gnupg::get_error_from_exception().
--
Aleksander 'A.L.E.C' Machniak
Kolab Groupware Developer [http://kolab.org]
Roundcube Webmail Developer [http://roundcube.net]
---------------------------------------------------
PGP: 19359DC1 @@ GG: 2275252 @@ WWW: http://alec.pl
Kyle Francis
2016-06-27 16:42:15 UTC
Permalink
Post by A.L.E.C
I hit a road block and I've kind of been putting off finishing up the
SMIME support because of it. I originally didn't have a password
protected private keys for testing purposes, but have now added that.
Prior to that signing and decrypting worked just fine. Now with the
password, I can get Enigma to prompt for the password if it's not cached
for signing outgoing (in the compose task) but I'm not able to figure
out how to get it to prompt for the password from the inbox task when
attempting to decrypt a message. If the password is cached the message
decrypts perfectly.
The result of decryption is handled in enigma_ui::status_message()
method
(https://github.com/roundcube/roundcubemail/blob/master/plugins/enigma/lib/enigma_ui.php#L773).
So, we prompt for password when $engine->decryptions array contains
enigma_error object for specified message part. The code of the error
should be enigma_error::BADPASS. In this case it is important which
message part ID you're using.
The same applies for when you reply to an encrypted message. See
enigma_ui::message_compose(). Here we also use $engine->decryptions
property, but here the part ID is irrelevant.
How we set $decryptions property you can see for example in
enigma_engine::parse_plain_encrypted() and
enigma_driver_gnupg::get_error_from_exception().
Alec,

Thanks for the guidance. I was putting the enigma_error::BADPASS into
the $engine->decryptions array, but thanks to your advise I found that
the enigma_ui::find_part_id call in enigma_ui::status_message is not
returning the expected result, since S/MIME messages are formatted
differently than PGP ones. I'm working on adding some logic to the
enigma_ui::find_part_id function to detect and handle SMIME formatted
messages. Hopefully that will work out!

-Kyle
A.L.E.C
2016-06-27 16:52:04 UTC
Permalink
Post by Kyle Francis
I'm working on adding some logic to the
enigma_ui::find_part_id function to detect and handle SMIME formatted
messages. Hopefully that will work out!
Hmm... this is a simple method, I'd say you probably should rather
modify the code that sets $decryptions property.
--
Aleksander 'A.L.E.C' Machniak
Kolab Groupware Developer [http://kolab.org]
Roundcube Webmail Developer [http://roundcube.net]
---------------------------------------------------
PGP: 19359DC1 @@ GG: 2275252 @@ WWW: http://alec.pl
Kyle Francis
2016-06-28 05:47:54 UTC
Permalink
Post by A.L.E.C
Post by Kyle Francis
I'm working on adding some logic to the
enigma_ui::find_part_id function to detect and handle SMIME formatted
messages. Hopefully that will work out!
Hmm... this is a simple method, I'd say you probably should rather
modify the code that sets $decryptions property.
Didn't end up needing to modify that function. It turns out I wasn't
passing all the information needed in my enigma_error from
enigma_driver_phpssl::decrypt. Also, SMIME encrypted messages are
attachments, vice inline so there was some fudging with that.
A.L.E.C
2016-06-28 06:13:41 UTC
Permalink
Post by Kyle Francis
Didn't end up needing to modify that function. It turns out I wasn't
passing all the information needed in my enigma_error from
enigma_driver_phpssl::decrypt. Also, SMIME encrypted messages are
attachments, vice inline so there was some fudging with that.
Yup. As you can see in parse_encrypted() and parse_pgp_encrypted()
PGP/MIME also uses an attachment part for encrypted body. I think this
is pretty the same as in S/MIME.
--
Aleksander 'A.L.E.C' Machniak
Kolab Groupware Developer [http://kolab.org]
Roundcube Webmail Developer [http://roundcube.net]
---------------------------------------------------
PGP: 19359DC1 @@ GG: 2275252 @@ WWW: http://alec.pl
Loading...