RubyGems - mail-gpg - Versions diffs - 0.1.7 → 0.2.1 - Mend

mail-gpg 0.1.7 → 0.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (22) hide show

checksums.yaml +7 -0
data/History.txt +11 -0
data/README.md +22 -6
data/lib/mail/gpg.rb +46 -2
data/lib/mail/gpg/decrypted_part.rb +3 -1
data/lib/mail/gpg/gpgme_ext.rb +9 -0
data/lib/mail/gpg/gpgme_helper.rb +35 -5
data/lib/mail/gpg/inline_decrypted_message.rb +9 -2
data/lib/mail/gpg/inline_signed_message.rb +72 -0
data/lib/mail/gpg/message_patch.rb +18 -2
data/lib/mail/gpg/mime_signed_message.rb +30 -0
data/lib/mail/gpg/missing_keys_error.rb +6 -0
data/lib/mail/gpg/sign_part.rb +6 -0
data/lib/mail/gpg/verified_part.rb +10 -0
data/lib/mail/gpg/verify_result_attribute.rb +31 -0
data/lib/mail/gpg/version.rb +1 -1
data/test/decrypted_part_test.rb +6 -0
data/test/gpg_test.rb +18 -3
data/test/inline_decrypted_message_test.rb +22 -6
data/test/inline_signed_message_test.rb +121 -0
data/test/message_test.rb +64 -7
metadata +29 -39

checksums.yaml ADDED Viewed

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 431a878dcca05522a519c9edca6a42e658c9b0c2
+  data.tar.gz: 18f9aeb942581062f8644e14391520d825829473
+SHA512:
+  metadata.gz: baf5ef3a729d141a0d76d1fe1466a8cbbdc954e373af0c23e58020d64933af087cf3839a1ff6bdc9ccfebaa539aa2af5026b6c543848998912344361718a3163
+  data.tar.gz: 0052629db9f5c1a595c10d2dbf491be5f9544ae0fdb37b7541437bb2bf4866f559a9f7cd98d235d9cd414494e049905069c7dd730181d9fb749deec277943eaa

data/History.txt CHANGED Viewed

@@ -1,3 +1,14 @@
+== 0.2.1 2014-07-23
+* keep original message id if set
+== 0.2.0 2014-07-16
+* implement signature verification for inline signed messages
+* make signature verification more consistent with decryption by providing
+  Mail::Message#verify which strips raw signature data and initializes verify_result member.
+* add Mail::Message#signatures as an easy way to retrieve all signatures on a Message
 == 0.1.7 2014-06-03
 * preserve References: header

data/README.md CHANGED Viewed

@@ -119,14 +119,28 @@ Receive the mail as usual. Check if it is signed using the `signed?` method. Che
 ```ruby
 mail = Mail.first
 if !mail.encrypted? && mail.signed?
-  # do not call signed on encrypted mails. The signature on encrypted mails
-  # must be checked by setting the :verify option when decrypting
-  puts "signature(s) valid: #{mail.signature_valid?}"
+  verified = mail.verify
+  puts "signature(s) valid: #{verified.signature_valid?}"
+  puts "message signed by: #{verified.signatures.map{|sig|sig.from}.join("\n")}"
 end
 ```
-Note that for encrypted mails the signatures can not be checked using these methods. For encrypted mails
-the `:verify` option for the `decrypt` operation must be used instead.
+Note that for encrypted mails the signatures can not be checked using these
+methods. For encrypted mails the `:verify` option for the `decrypt` operation
+must be used instead:
+```ruby
+if mail.encrypted?
+  decrypted = mail.decrypt(verify: true, password: 's3cr3t')
+  puts "signature(s) valid: #{decrypted.signature_valid?}"
+  puts "message signed by: #{decrypted.signatures.map{|sig|sig.from}.join("\n")}"
+end
+```
+It's important to actually use the information contained in the `signatures`
+array to check if the message really has been signed by the person that you (or
+your users) think is the sender - usually by comparing the key id of the
+signature with the key id of the expected sender.
 ### Key import from public key servers
@@ -201,5 +215,7 @@ around with your personal gpg keychain.
 Thanks to:
+* [Planio GmbH](https://plan.io) for sponsoring the ongoing maintenance and development of this library
 * [morten-andersen](https://github.com/morten-andersen) for implementing decryption support for PGP/MIME and inline encrypted messages
-* [FewKinG](https://github.com/FewKinG) for implementing the sign only featur and keyserver url lookup
+* [FewKinG](https://github.com/FewKinG) for implementing the sign only feature and keyserver url lookup
+* [Fup Duck](https://github.com/duckdalbe) for various tweaks and fixes

data/lib/mail/gpg.rb CHANGED Viewed

@@ -3,6 +3,7 @@ require 'mail/message'
 require 'gpgme'
 require 'mail/gpg/version'
+require 'mail/gpg/missing_keys_error'
 require 'mail/gpg/version_part'
 require 'mail/gpg/decrypted_part'
 require 'mail/gpg/encrypted_part'
@@ -11,6 +12,8 @@ require 'mail/gpg/gpgme_helper'
 require 'mail/gpg/message_patch'
 require 'mail/gpg/rails'
 require 'mail/gpg/signed_part'
+require 'mail/gpg/mime_signed_message'
+require 'mail/gpg/inline_signed_message'
 module Mail
   module Gpg
@@ -71,6 +74,8 @@ module Mail
     def self.signature_valid?(signed_mail, options = {})
       if signed_mime?(signed_mail)
         signature_valid_pgp_mime?(signed_mail, options)
+      elsif signed_inline?(signed_mail)
+        signature_valid_inline?(signed_mail, options)
       else
         raise EncodingError, "Unsupported signature format '#{signed_mail.content_type}'"
       end
@@ -108,6 +113,9 @@ module Mail
             self.header[field] = h.value
           end
         end
+        if cleartext_mail.message_id
+          header['Message-ID'] = cleartext_mail['Message-ID'].value
+        end
         cleartext_mail.header.fields.each do |field|
           if MORE_HEADERS.include?(field.name) or field.name =~ /^X-/
             header[field.name] = field.value
@@ -126,7 +134,8 @@ module Mail
       if !VersionPart.isVersionPart? encrypted_mail.parts[0]
         raise EncodingError, "RFC 3136 first part not a valid version part '#{encrypted_mail.parts[0]}'"
       end
-      Mail.new(DecryptedPart.new(encrypted_mail.parts[1], options)) do
+      decrypted = DecryptedPart.new(encrypted_mail.parts[1], options)
+      Mail.new(decrypted) do
         %w(from to cc bcc subject reply_to in_reply_to).each do |field|
           send field, encrypted_mail.send(field)
         end
@@ -136,6 +145,7 @@ module Mail
         encrypted_mail.header.fields.each do |field|
           header[field.name] = field.value if field.name =~ /^X-/ && header[field.name].nil?
         end
+        verify_result decrypted.verify_result if options[:verify]
       end
     end
@@ -144,15 +154,49 @@ module Mail
       InlineDecryptedMessage.new(encrypted_mail, options)
     end
+    def self.verify(signed_mail, options = {})
+      if signed_mime?(signed_mail)
+        Mail::Gpg::MimeSignedMessage.new signed_mail, options
+      elsif signed_inline?(signed_mail)
+        Mail::Gpg::InlineSignedMessage.new signed_mail, options
+      else
+        signed_mail
+      end
+    end
     # check signature for PGP/MIME (RFC 3156, section 5) signed mail
     def self.signature_valid_pgp_mime?(signed_mail, options)
       # MUST contain exactly two body parts
       if signed_mail.parts.length != 2
         raise EncodingError, "RFC 3136 mandates exactly two body parts, found '#{signed_mail.parts.length}'"
       end
-      SignPart.signature_valid?(signed_mail.parts[0], signed_mail.parts[1], options)
+      result, verify_result = SignPart.verify_signature(signed_mail.parts[0], signed_mail.parts[1], options)
+      signed_mail.verify_result = verify_result
+      return result
     end
+    # check signature for inline signed mail
+    def self.signature_valid_inline?(signed_mail, options)
+      result = nil
+      if signed_mail.multipart?
+        signed_mail.parts.each do |part|
+          if signed_inline?(part)
+            if result.nil?
+              result = true
+              signed_mail.verify_result = []
+            end
+            result &= signature_valid_inline?(part, options)
+            signed_mail.verify_result << part.verify_result
+          end
+        end
+      else
+        result, verify_result = GpgmeHelper.inline_verify(signed_mail.body.to_s, options)
+        signed_mail.verify_result = verify_result
+      end
+      return result
+    end
     # check if PGP/MIME encrypted (RFC 3156)
     def self.encrypted_mime?(mail)
       mail.has_content_type? &&

data/lib/mail/gpg/decrypted_part.rb CHANGED Viewed

@@ -1,6 +1,7 @@
+require 'mail/gpg/verified_part'
 module Mail
   module Gpg
-    class DecryptedPart < Mail::Part
+    class DecryptedPart < VerifiedPart
       # options are:
       #
@@ -11,6 +12,7 @@ module Mail
         end
         decrypted = GpgmeHelper.decrypt(cipher_part.body.decoded, options)
+        self.verify_result = decrypted.verify_result if options[:verify]
         super(decrypted)
       end
     end

data/lib/mail/gpg/gpgme_ext.rb ADDED Viewed

@@ -0,0 +1,9 @@
+require 'gpgme'
+require 'mail/gpg/verify_result_attribute'
+# extend GPGME::Data with an attribute to hold the result of signature
+# verifications
+class GPGME::Data
+  include Mail::Gpg::VerifyResultAttribute
+end

data/lib/mail/gpg/gpgme_helper.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+require 'mail/gpg/gpgme_ext'
 # GPGME methods for encryption/decryption/signing
 module Mail
   module Gpg
@@ -11,6 +13,10 @@ module Mail
         recipient_keys = keys_for_data options[:recipients], options.delete(:keys)
+        if recipient_keys.empty?
+          raise MissingKeysError.new('No keys to encrypt to!')
+        end
         flags = 0
         flags |= GPGME::ENCRYPT_ALWAYS_TRUST if options[:always_trust]
@@ -46,6 +52,7 @@ module Mail
           begin
             if options[:verify]
               ctx.decrypt_verify(cipher_data, plain_data)
+              plain_data.verify_result = ctx.verify_result
             else
               ctx.decrypt(cipher_data, plain_data)
             end
@@ -72,13 +79,36 @@ module Mail
         crypto.sign GPGME::Data.new(plain), options
       end
+      # returns [success(bool), VerifyResult(from gpgme)]
+      # success will be true when there is at least one sig and no invalid sig
       def self.sign_verify(plain, signature, options = {})
-        signed = false
-        GPGME::Crypto.new.verify(signature, signed_text: plain) do |sig|
-          return false if !sig.valid? # just one invalid signature leads to false
-          signed = true
+        signed_data = GPGME::Data.new(plain)
+        signature = GPGME::Data.new(signature)
+        success = verify_result = nil
+        GPGME::Ctx.new(options) do |ctx|
+          ctx.verify signature, signed_data, nil
+          verify_result = ctx.verify_result
+          signatures = verify_result.signatures
+          success = signatures &&
+            signatures.size > 0 &&
+            signatures.detect{|s| !s.valid? }.nil?
+        end
+        return [success, verify_result]
+      end
+      def self.inline_verify(signed_text, options = {})
+        signed_data = GPGME::Data.new(signed_text)
+        success = verify_result = nil
+        GPGME::Ctx.new(options) do |ctx|
+          ctx.verify signed_data, nil
+          verify_result = ctx.verify_result
+          signatures = verify_result.signatures
+          success = signatures &&
+            signatures.size > 0 &&
+            signatures.detect{|s| !s.valid? }.nil?
         end
-        return signed
+        return [success, verify_result]
       end
       private

data/lib/mail/gpg/inline_decrypted_message.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+require 'mail/gpg/verified_part'
 # decryption of the so called 'PGP-Inline' message types
 # this is not a standard, so the implementation is based on the notes
 # here http://binblog.info/2008/03/12/know-your-pgp-implementation/
@@ -17,11 +19,12 @@ module Mail
               header[field.name] = field.value
             end
             cipher_mail.parts.each do |part|
-              part Mail::Part.new do |p|
+              p = VerifiedPart.new do |p|
                 if part.has_content_type? && /application\/(?:octet-stream|pgp-encrypted)/ =~ part.mime_type
                   # encrypted attachment, we set the content_type to the generic 'application/octet-stream'
                   # and remove the .pgp/gpg/asc from name/filename in header fields
                   decrypted = GpgmeHelper.decrypt(part.decoded, options)
+                  p.verify_result decrypted.verify_result if options[:verify]
                   p.content_type part.content_type.sub(/application\/(?:octet-stream|pgp-encrypted)/, 'application/octet-stream')
                     .sub(/name=(?:"')?(.*)\.(?:pgp|gpg|asc)(?:"')?/, 'name="\1"')
                   p.content_disposition part.content_disposition.sub(/filename=(?:"')?(.*)\.(?:pgp|gpg|asc)(?:"')?/, 'filename="\1"')
@@ -29,7 +32,9 @@ module Mail
                   p.body Mail::Encodings::Base64::encode(decrypted.to_s)
                 else
                   if part.body.include?('-----BEGIN PGP MESSAGE-----')
-                    p.body GpgmeHelper.decrypt(part.decoded, options).to_s
+                    decrypted = GpgmeHelper.decrypt(part.decoded, options)
+                    p.verify_result decrypted.verify_result if options[:verify]
+                    p.body decrypted.to_s
                   else
                     p.content_type part.content_type
                     p.content_transfer_encoding part.content_transfer_encoding
@@ -37,6 +42,7 @@ module Mail
                   end
                 end
               end
+              add_part p
             end
           end # of multipart
         else
@@ -46,6 +52,7 @@ module Mail
               header[field.name] = field.value
             end
             body decrypted.to_s
+            verify_result decrypted.verify_result if options[:verify] && '' != decrypted
           end
         end
       end

data/lib/mail/gpg/inline_signed_message.rb ADDED Viewed

@@ -0,0 +1,72 @@
+require 'mail/gpg/verified_part'
+module Mail
+  module Gpg
+    class InlineSignedMessage < Mail::Message
+      def initialize(signed_mail, options = {})
+        if signed_mail.multipart?
+          super() do
+            global_verify_result = []
+            signed_mail.header.fields.each do |field|
+              header[field.name] = field.value
+            end
+            signed_mail.parts.each do |part|
+              if Mail::Gpg.signed_inline?(part)
+                signed_text = part.body.to_s
+                success, vr = GpgmeHelper.inline_verify(signed_text, options)
+                p = VerifiedPart.new(part)
+                if success
+                  p.body self.class.strip_inline_signature signed_text
+                end
+                p.verify_result vr
+                global_verify_result << vr
+                add_part p
+              else
+                add_part part
+              end
+            end
+            verify_result global_verify_result
+          end # of multipart
+        else
+          super() do
+            signed_mail.header.fields.each do |field|
+              header[field.name] = field.value
+            end
+            signed_text = signed_mail.body.to_s
+            success, vr = GpgmeHelper.inline_verify(signed_text, options)
+            if success
+              body self.class.strip_inline_signature signed_text
+            else
+              body signed_text
+            end
+            verify_result vr
+          end
+        end
+      end
+      END_SIGNED_TEXT = '-----END PGP SIGNED MESSAGE-----'
+      END_SIGNED_TEXT_RE = /^#{END_SIGNED_TEXT}\s*$/
+      INLINE_SIG_RE = Regexp.new('^-----BEGIN PGP SIGNATURE-----\s*$.*^-----END PGP SIGNATURE-----\s*$', Regexp::MULTILINE)
+      BEGIN_SIG_RE = /^(-----BEGIN PGP SIGNATURE-----)\s*$/
+      # utility method to remove inline signature and related pgp markers
+      def self.strip_inline_signature(signed_text)
+        if signed_text =~ INLINE_SIG_RE
+          signed_text = signed_text.dup
+          if signed_text !~ END_SIGNED_TEXT_RE
+            # insert the 'end of signed text' marker in case it is missing
+            signed_text = signed_text.gsub BEGIN_SIG_RE, "-----END PGP SIGNED MESSAGE-----\n\\1"
+          end
+          signed_text.gsub! INLINE_SIG_RE, ''
+          signed_text.strip!
+        end
+        signed_text
+      end
+    end
+  end
+end

data/lib/mail/gpg/message_patch.rb CHANGED Viewed

@@ -1,4 +1,5 @@
 require 'mail/gpg/delivery_handler'
+require 'mail/gpg/verify_result_attribute'
 module Mail
   module Gpg
@@ -7,6 +8,7 @@ module Mail
       def self.included(base)
         base.class_eval do
           attr_accessor :raise_encryption_errors
+          include VerifyResultAttribute
         end
       end
@@ -51,21 +53,35 @@ module Mail
         end
       end
+      # true if this mail is encrypted
       def encrypted?
         Mail::Gpg.encrypted?(self)
       end
+      # returns the decrypted mail object.
+      #
+      # pass verify: true to verify signatures as well. The gpgme verification
+      # result will be available via decrypted_mail.verify_result
       def decrypt(options = {})
         Mail::Gpg.decrypt(self, options)
       end
+      # true if this mail is signed (but not encrypted)
       def signed?
         Mail::Gpg.signed?(self)
       end
-      def signature_valid?(options = {})
-        Mail::Gpg.signature_valid?(self, options)
+      # verify signatures. returns a new mail object with signatures removed and
+      # populated verify_result.
+      #
+      # verified = signed_mail.verify()
+      # verified.signature_valid?
+      # signers = mail.signatures.map{|sig| sig.from}
+      def verify(options = {})
+        Mail::Gpg.verify(self, options)
       end
     end
   end
 end

data/lib/mail/gpg/mime_signed_message.rb ADDED Viewed

@@ -0,0 +1,30 @@
+require 'mail/gpg/verified_part'
+module Mail
+  module Gpg
+    class MimeSignedMessage < Mail::Message
+      def initialize(signed_mail, options = {})
+        content_part, signature = signed_mail.parts
+        success, vr = SignPart.verify_signature(content_part, signature, options)
+        super() do
+          verify_result vr
+          signed_mail.header.fields.each do |field|
+            header[field.name] = field.value
+          end
+          content_part.header.fields.each do |field|
+            header[field.name] = field.value
+          end
+          if content_part.multipart?
+            content_part.parts.each{|part| add_part part}
+          else
+            body content_part.body.to_s
+          end
+        end
+      end
+    end
+  end
+end

data/lib/mail/gpg/missing_keys_error.rb ADDED Viewed

@@ -0,0 +1,6 @@
+module Mail
+  module Gpg
+    class MissingKeysError < StandardError
+    end
+  end
+end

data/lib/mail/gpg/sign_part.rb CHANGED Viewed

@@ -12,7 +12,13 @@ module Mail
         end
       end
+      # true if all signatures are valid
       def self.signature_valid?(plain_part, signature_part, options = {})
+        verify_signature(plain_part, signature_part, options)[0]
+      end
+      # will return [success(boolean), verify_result(as returned by gpgme)]
+      def self.verify_signature(plain_part, signature_part, options = {})
         if !(signature_part.has_content_type? &&
              ('application/pgp-signature' == signature_part.mime_type))
           return false

data/lib/mail/gpg/verified_part.rb ADDED Viewed

@@ -0,0 +1,10 @@
+require 'mail/gpg/verify_result_attribute'
+module Mail
+  module Gpg
+    class VerifiedPart < Mail::Part
+      include VerifyResultAttribute
+    end
+  end
+end

data/lib/mail/gpg/verify_result_attribute.rb ADDED Viewed

@@ -0,0 +1,31 @@
+module Mail
+  module Gpg
+    module VerifyResultAttribute
+      # the result of signature verification, as provided by GPGME
+      def verify_result(result = nil)
+        if result
+          self.verify_result = result
+        else
+          @verify_result
+        end
+      end
+      def verify_result=(result)
+        @verify_result = result
+      end
+      # checks validity of signatures (true / false)
+      def signature_valid?
+        sigs = self.signatures
+        sigs.any? && sigs.detect{|s|!s.valid?}.blank?
+      end
+      # list of all signatures from verify_result
+      def signatures
+        [verify_result].flatten.compact.map do |vr|
+          vr.signatures
+        end.flatten.compact
+      end
+    end
+  end
+end

data/lib/mail/gpg/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 module Mail
   module Gpg
-    VERSION = "0.1.7"
+    VERSION = "0.2.1"
   end
 end

data/test/decrypted_part_test.rb CHANGED Viewed

@@ -26,6 +26,10 @@ class DecryptedPartTest < Test::Unit::TestCase
       assert mail == @mail
       assert mail.message_id == @mail.message_id
       assert mail.message_id != @part.message_id
+      assert vr = mail.verify_result
+      assert sig = vr.signatures.first
+      assert sig.to_s=~ /Joe/
+      assert sig.valid?
     end
     should 'raise encoding error for non gpg mime type' do
@@ -33,5 +37,7 @@ class DecryptedPartTest < Test::Unit::TestCase
       part.content_type = 'text/plain'
       assert_raise(EncodingError) { Mail::Gpg::DecryptedPart.new(part) }
     end
   end
 end

data/test/gpg_test.rb CHANGED Viewed

@@ -36,6 +36,11 @@ class GpgTest < Test::Unit::TestCase
       assert sig.valid?
     end
     assert Mail::Gpg.signature_valid?(signed)
+    assert verified = signed.verify
+    assert verified.verify_result.present?
+    assert verified.verify_result.signatures.any?
+    assert verified.signatures.any?
+    assert verified.signature_valid?
   end
   def check_mime_structure_signed(mail = @mail, signed = @signed)
@@ -250,6 +255,10 @@ class GpgTest < Test::Unit::TestCase
       should 'decrypt and verify' do
         assert mail = Mail::Gpg.decrypt(@encrypted, { :verify => true, :password => 'abc' })
         assert mail == @mail
+        assert mail.verify_result
+        assert sig = mail.signatures.first
+        assert sig.to_s =~ /Joe/
+        assert sig.valid?
       end
     end
@@ -330,7 +339,7 @@ class GpgTest < Test::Unit::TestCase
     context 'multipart mail' do
       setup do
         @mail.add_file 'Rakefile'
-        @encrypted = Mail::Gpg.encrypt(@mail)
+        @encrypted = Mail::Gpg.encrypt(@mail, sign: true, password: 'abc')
       end
       should 'have same recipients and subject' do
@@ -355,10 +364,16 @@ class GpgTest < Test::Unit::TestCase
         assert_match /Rakefile/, m.parts.last.content_disposition
       end
-      should 'decrypt' do
-        assert mail = Mail::Gpg.decrypt(@encrypted, { :password => 'abc' })
+      should 'decrypt and verify' do
+        assert mail = Mail::Gpg.decrypt(@encrypted, { :verify => true, :password => 'abc' })
         assert mail == @mail
         assert mail.parts[1] == @mail.parts[1]
+        assert mail.verify_result
+        assert signatures = mail.signatures
+        assert_equal 1, signatures.size
+        assert sig = signatures[0]
+        assert sig.to_s =~ /Joe/
+        assert sig.valid?
       end
     end
   end

data/test/inline_decrypted_message_test.rb CHANGED Viewed

@@ -17,15 +17,19 @@ class InlineDecryptedMessageTest < Test::Unit::TestCase
     end
     context "inline message" do
-      should "decrypt body" do
+      should "decrypt and verify body" do
         mail = Mail.new(@mail)
         mail.body = InlineDecryptedMessageTest.encrypt(mail, mail.body.to_s)
         assert !mail.multipart?
         assert mail.encrypted?
-        assert decrypted = mail.decrypt(:password => 'abc')
+        assert decrypted = mail.decrypt(:password => 'abc', verify: true)
         assert decrypted == @mail
         assert !decrypted.encrypted?
+        assert vr = decrypted.verify_result
+        assert sig = vr.signatures.first
+        assert sig.to_s=~ /Joe/
+        assert sig.valid?
       end
     end
@@ -55,7 +59,7 @@ class InlineDecryptedMessageTest < Test::Unit::TestCase
     end
     context "cleartext body and encrypted attachment message" do
-      should "decrypt attachment" do
+      should "decrypt and verify attachment" do
         rakefile = File.open('Rakefile') { |file| file.read }
         mail = Mail.new(@mail)
         mail.content_type = 'multipart/mixed'
@@ -68,7 +72,7 @@ class InlineDecryptedMessageTest < Test::Unit::TestCase
         assert mail.multipart?
         assert mail.encrypted?
-        assert decrypted = mail.decrypt(:password => 'abc')
+        assert decrypted = mail.decrypt(password: 'abc', verify: true)
         assert !decrypted.encrypted?
         check_headers(@mail, decrypted)
         assert_equal 2, decrypted.parts.length
@@ -76,11 +80,17 @@ class InlineDecryptedMessageTest < Test::Unit::TestCase
         assert /application\/octet-stream; (?:charset=UTF-8; )?name=Rakefile/ =~ decrypted.parts[1].content_type
         assert_equal 'attachment; filename=Rakefile', decrypted.parts[1].content_disposition
         assert_equal rakefile, decrypted.parts[1].body.decoded
+        assert_nil decrypted.parts[0].verify_result
+        assert vr = decrypted.parts[1].verify_result
+        assert sig = vr.signatures.first
+        assert sig.to_s=~ /Joe/
+        assert sig.valid?
       end
     end
     context "encrypted body and attachment message" do
-      should "decrypt" do
+      should "decrypt and verify" do
         rakefile = File.open('Rakefile') { |file| file.read }
         mail = Mail.new(@mail)
         mail.content_type = 'multipart/mixed'
@@ -94,7 +104,7 @@ class InlineDecryptedMessageTest < Test::Unit::TestCase
         assert mail.multipart?
         assert mail.encrypted?
-        assert decrypted = mail.decrypt(:password => 'abc')
+        assert decrypted = mail.decrypt(password: 'abc', verify: true)
         assert !decrypted.encrypted?
         check_headers(@mail, decrypted)
         assert_equal 2, decrypted.parts.length
@@ -102,6 +112,12 @@ class InlineDecryptedMessageTest < Test::Unit::TestCase
         assert /application\/octet-stream; (?:charset=UTF-8; )?name=Rakefile/ =~ decrypted.parts[1].content_type
         assert_equal 'attachment; filename=Rakefile', decrypted.parts[1].content_disposition
         assert_equal rakefile, decrypted.parts[1].body.decoded
+        decrypted.parts.each do |part|
+          assert vr = part.verify_result
+          assert sig = vr.signatures.first
+          assert sig.to_s=~ /Joe/
+          assert sig.valid?
+        end
       end
     end
   end

data/test/inline_signed_message_test.rb ADDED Viewed

@@ -0,0 +1,121 @@
+require 'test_helper'
+# test cases for PGP inline signed messages (i.e. non-mime)
+class InlineSignedMessageTest < Test::Unit::TestCase
+  context "InlineSignedMessage" do
+    setup do
+      (@mails = Mail::TestMailer.deliveries).clear
+      @mail = Mail.new do
+        to 'jane@foo.bar'
+        from 'joe@foo.bar'
+        subject 'test'
+        body 'i am unencrypted'
+      end
+    end
+    context 'strip_inline_signature' do
+      should 'strip signature from signed text' do
+        body = self.class.inline_sign(@mail, 'i am signed')
+        assert stripped_body = Mail::Gpg::InlineSignedMessage.strip_inline_signature(body)
+        assert_equal "-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\ni am signed\n-----END PGP SIGNED MESSAGE-----", stripped_body
+      end
+      should 'not change unsigned text' do
+        assert stripped_body = Mail::Gpg::InlineSignedMessage.strip_inline_signature("foo\nbar\n")
+        assert_equal "foo\nbar\n", stripped_body
+      end
+    end
+    context "signed message" do
+      should "verify body" do
+        mail = Mail.new(@mail)
+        mail.body = self.class.inline_sign(mail, mail.body.to_s)
+        assert !mail.multipart?
+        assert mail.signed?
+        assert verified = mail.verify
+        assert verified.signature_valid?
+        assert sig = verified.signatures.first
+        assert sig.to_s=~ /Joe/
+        assert sig.valid?
+      end
+      should "detect invalid sig" do
+        mail = Mail.new(@mail)
+        mail.body = self.class.inline_sign(mail, mail.body.to_s).gsub /i am/, 'i was'
+        assert !mail.multipart?
+        assert mail.signed?
+        assert verified = mail.verify
+        assert !verified.signature_valid?
+        assert vr = verified.verify_result
+        assert sig = verified.signatures.first
+        assert sig.to_s=~ /Joe/
+        assert !sig.valid?
+      end
+    end
+    context "message with signed attachment" do
+      should "check attachment signature" do
+        mail = Mail.new(@mail)
+        mail.body = 'foobar'
+        mail.part do |p|
+          p.body = self.class.inline_sign(mail, 'sign me!')
+        end
+        assert mail.multipart?
+        assert mail.signed?
+        assert verified = mail.verify
+        assert verified.signature_valid?
+        assert vr = verified.parts.last.verify_result
+        assert !verified.parts.first.signed?
+        assert verified.parts.last.signed?
+        assert Mail::Gpg.signed_inline?(verified.parts.last)
+        assert_equal [vr], verified.verify_result
+        assert sig = verified.signatures.first
+        assert sig.to_s=~ /Joe/
+        assert sig.valid?
+      end
+      should "detect invalid sig" do
+        mail = Mail.new(@mail)
+        mail.body = 'foobar'
+        mail.part do |p|
+          p.body = self.class.inline_sign(mail, 'i am signed!').gsub /i am/, 'i was'
+        end
+        mail.part do |p|
+          p.body = self.class.inline_sign(mail, 'i am signed!')
+        end
+        assert mail.multipart?
+        assert mail.signed?
+        assert verified = mail.verify
+        assert !verified.signature_valid?
+        assert vr = verified.verify_result
+        assert_equal 2, vr.size
+        invalid = verified.parts[1]
+        assert !invalid.signature_valid?
+        assert sig = invalid.verify_result.signatures.first
+        assert sig.to_s=~ /Joe/
+        assert !sig.valid?
+        valid = verified.parts[2]
+        assert valid.signature_valid?
+        assert sig = valid.verify_result.signatures.first
+        assert sig.to_s=~ /Joe/
+        assert sig.valid?
+      end
+    end
+  end
+  def self.inline_sign(mail, plain, armor = true)
+    GPGME::Crypto.new.clearsign(plain,
+      password: 'abc',
+      signers: mail.from,
+      armor: armor).to_s
+  end
+end

data/test/message_test.rb CHANGED Viewed

@@ -42,6 +42,35 @@ class MessageTest < Test::Unit::TestCase
         @mail.gpg sign: true, password: 'abc'
       end
+      context 'with multiple parts' do
+        setup do
+          p = Mail::Part.new do
+            body 'and another part'
+          end
+          @mail.add_part p
+          p = Mail::Part.new do
+            body 'and a third part'
+          end
+          @mail.add_part p
+          @mail.deliver
+          @signed = @mails.first
+          @verified = @signed.verify
+        end
+        should 'verify signature' do
+          assert @verified.signature_valid?
+        end
+        should 'have original three parts' do
+          assert_equal 3, @mail.parts.size
+          assert_equal 3, @verified.parts.size
+          assert_equal 'i am unencrypted', @verified.parts[0].body.to_s
+          assert_equal 'and another part', @verified.parts[1].body.to_s
+          assert_equal 'and a third part', @verified.parts[2].body.to_s
+        end
+      end
       context "" do
         setup do
           @mail.header['Auto-Submitted'] = 'foo'
@@ -59,14 +88,18 @@ class MessageTest < Test::Unit::TestCase
           assert !m.encrypted?
           assert m.signed?
           assert m.multipart?
-          assert m.signature_valid?
           assert sign_part = m.parts.last
-          #assert m = Mail::Message.new(m.parts.first)
-          #assert !m.multipart?
           GPGME::Crypto.new.verify(sign_part.body.to_s, signed_text: m.parts.first.encoded) do |sig|
             assert sig.valid?
           end
-          assert_equal 'i am unencrypted', m.parts.first.body.to_s
+        end
+        should 'verify signed mail' do
+          assert m = @mails.first
+          assert verified = m.verify
+          assert verified.signature_valid?
+          assert !verified.multipart?
+          assert_equal 'i am unencrypted', verified.body.to_s
         end
         should "fail signature on tampered body" do
@@ -76,13 +109,36 @@ class MessageTest < Test::Unit::TestCase
           assert !m.encrypted?
           assert m.signed?
           assert m.multipart?
-          assert m.signature_valid?
+          assert verified = m.verify
+          assert verified.signature_valid?
           m.parts.first.body = 'replaced body'
-          assert !m.signature_valid?
+          assert verified = m.verify
+          assert !verified.signature_valid?
         end
       end
     end
+    context 'with encryption and signing' do
+      setup do
+        @mail.gpg encrypt: true, sign: true, password: 'abc'
+        @mail.deliver
+      end
+      should 'decrypt and check signature' do
+        assert_equal 1, @mails.size
+        assert m = @mails.first
+        assert_equal 'test', m.subject
+        assert m.multipart?
+        assert m.encrypted?
+        assert decrypted = m.decrypt(:password => 'abc', verify: true)
+        assert_equal 'test', decrypted.subject
+        assert decrypted == @mail
+        assert_equal 'i am unencrypted', decrypted.body.to_s
+        assert decrypted.signature_valid?
+        assert_equal 1, decrypted.signatures.size
+      end
+    end
     context "with gpg turned on" do
       setup do
         @mail.gpg encrypt: true
@@ -94,7 +150,7 @@ class MessageTest < Test::Unit::TestCase
         end
         should "raise encryption error" do
-          assert_raises(GPGME::Error::InvalidValue){
+          assert_raises(Mail::Gpg::MissingKeysError){
             @mail.deliver
           }
         end
@@ -106,6 +162,7 @@ class MessageTest < Test::Unit::TestCase
         end
       end
       context "" do
         setup do
           @mail.deliver

metadata CHANGED Viewed

@@ -1,64 +1,58 @@
 --- !ruby/object:Gem::Specification
 name: mail-gpg
 version: !ruby/object:Gem::Version
-  version: 0.1.7
-  prerelease:
+  version: 0.2.1
 platform: ruby
 authors:
 - Jens Kraemer
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2014-06-03 00:00:00.000000000 Z
+date: 2014-07-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: mail
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
         version: '2.5'
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: 2.5.3
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
         version: '2.5'
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: 2.5.3
 - !ruby/object:Gem::Dependency
   name: gpgme
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
         version: '2.0'
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: 2.0.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
         version: '2.0'
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: 2.0.2
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
@@ -66,7 +60,6 @@ dependencies:
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
@@ -74,7 +67,6 @@ dependencies:
 - !ruby/object:Gem::Dependency
   name: minitest
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
@@ -82,7 +74,6 @@ dependencies:
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
@@ -90,55 +81,48 @@ dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: actionmailer
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: 3.2.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: 3.2.0
 - !ruby/object:Gem::Dependency
   name: pry-nav
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: shoulda-context
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
@@ -146,15 +130,13 @@ dependencies:
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
         version: '1.1'
-description: ! 'GPG/MIME encryption plugin for the Ruby Mail Library
-  This tiny gem adds GPG capabilities to Mail::Message and ActionMailer::Base. Because
-  privacy matters.'
+description: |-
+  GPG/MIME encryption plugin for the Ruby Mail Library
+  This tiny gem adds GPG capabilities to Mail::Message and ActionMailer::Base. Because privacy matters.
 email:
 - jk@jkraemer.net
 executables: []
@@ -174,13 +156,19 @@ files:
 - lib/mail/gpg/decrypted_part.rb
 - lib/mail/gpg/delivery_handler.rb
 - lib/mail/gpg/encrypted_part.rb
+- lib/mail/gpg/gpgme_ext.rb
 - lib/mail/gpg/gpgme_helper.rb
 - lib/mail/gpg/inline_decrypted_message.rb
+- lib/mail/gpg/inline_signed_message.rb
 - lib/mail/gpg/message_patch.rb
+- lib/mail/gpg/mime_signed_message.rb
+- lib/mail/gpg/missing_keys_error.rb
 - lib/mail/gpg/rails.rb
 - lib/mail/gpg/rails/action_mailer_base_patch.rb
 - lib/mail/gpg/sign_part.rb
 - lib/mail/gpg/signed_part.rb
+- lib/mail/gpg/verified_part.rb
+- lib/mail/gpg/verify_result_attribute.rb
 - lib/mail/gpg/version.rb
 - lib/mail/gpg/version_part.rb
 - mail-gpg.gemspec
@@ -195,6 +183,7 @@ files:
 - test/gpghome/trustdb.gpg
 - test/hkp_test.rb
 - test/inline_decrypted_message_test.rb
+- test/inline_signed_message_test.rb
 - test/message_test.rb
 - test/sign_part_test.rb
 - test/test_helper.rb
@@ -202,27 +191,26 @@ files:
 homepage: https://github.com/jkraemer/mail-gpg
 licenses:
 - MIT
+metadata: {}
 post_install_message:
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 1.8.23.2
+rubygems_version: 2.2.2
 signing_key:
-specification_version: 3
+specification_version: 4
 summary: GPG/MIME encryption plugin for the Ruby Mail Library
 test_files:
 - test/action_mailer_test.rb
@@ -236,7 +224,9 @@ test_files:
 - test/gpghome/trustdb.gpg
 - test/hkp_test.rb
 - test/inline_decrypted_message_test.rb
+- test/inline_signed_message_test.rb
 - test/message_test.rb
 - test/sign_part_test.rb
 - test/test_helper.rb
 - test/version_part_test.rb
+has_rdoc: