mail-gpg 0.0.6 → 0.1.0

data/README.md

@@ -3,6 +3,13 @@
 This gem adds GPG/MIME encryption capabilities to the [Ruby Mail
 Library](https://github.com/mikel/mail)
 
+For maximum interoperability the gem also supports *decryption* of messages using the non-standard 'PGP-Inline' method
+as for example supported in the Mozilla Enigmail OpenPGP plugin.
+
+There may still be GPG encrypted messages that can not be handled by the library, as there are some legacy formats used in the
+wild as described in this [Know your PGP implementation](http://binblog.info/2008/03/12/know-your-pgp-implementation/) blog.
+
+
 ## Installation
 
 Add this line to your application's Gemfile:
@@ -75,11 +82,65 @@ updating it's db when necessary.
 You may also want to have a look at the [GPGME](https://github.com/ueno/ruby-gpgme) docs and code base for more info on the various options, especially regarding the `passphrase_callback` arguments.
 
 
+### Decrypting
+
+Receive the mail as usual. Check if it is encrypted using the `encrypted?` method. Get a decrypted version of the mail with the `decrypt` method:
+
+```ruby
+mail = Mail.first
+mail.subject # subject is never encrypted
+if mail.encrypted?
+  # decrypt using your private key, protected by the given passphrase
+  plaintext_mail = mail.decrypt(:password => 'abc')
+  # the plaintext_mail, is a full Mail::Message object, just decrypted
+end
+```
+
+A `GPGME::Error::BadPassphrase` will be raised if the password for the private key is incorrect.
+A `EncodingError` will be raised if the encrypted mails is not encoded correctly as a [RFC 3156](http://www.ietf.org/rfc/rfc3156.txt) message.
+
+
 ### Signing only
 
-This is not implemented yet
+Just leave the the `:encrypt` option out or pass `encrypt: false`, i.e.
+
+
+    Mail.new do
+      to 'jane@doe.net'
+      gpg sign: true
+    end.deliver 
 
 
+### Key import from public key servers
+
+The Hkp class can be used to lookup and import public keys from public key servers.
+You can specify the keyserver url when initializing the class:
+
+```
+hkp = Hkp.new("hkp://my-key-server.de")
+```
+
+If no url is given, this gem will try to determine the default keyserver
+url from the system's gpg config (using `gpgconf` if available or by
+parsing the `gpg.conf` file). As a last resort, the server-pool at
+`http://pool.sks-keyservers.net:11371` will be used.
+
+Lookup key ids by searching the keyserver for an email address
+
+```
+hkp.search('jane@doe.net')
+```
+
+You can lookup (and import) a specific key by its id:
+
+```
+key = hkp.fetch(id)
+GPGME::Key.import(key)
+
+# or do both in one step
+hkp.fetch_and_import(id)
+```
+
 ## Rails / ActionMailer integration
 
     class MyMailer < ActionMailer::Base
@@ -102,8 +163,7 @@ around with your personal gpg keychain.
 
 ## Todo
 
-* Signing of unencrypted mails
-* Decryption and signature verification for received mails
+* signature verification for received mails
 * on the fly import of recipients' keys from public key servers based on email address or key id
 * handle encryption errors due to missing keys - maybe return a list of failed
   recipients
@@ -120,3 +180,9 @@ around with your personal gpg keychain.
 5. Create new Pull Request
 
 
+## Credits
+
+Thanks to:
+
+* [morten-andersen](https://github.com/morten-andersen) for implementing decryption support for PGP/MIME and inline encrypted messages
+* [FewKinG](https://github.com/FewKinG) for implementing the sign only featur and keyserver url lookup

data/lib/hkp.rb

@@ -3,8 +3,8 @@ require 'gpgme'
 
 # simple HKP client for public key retrieval
 class Hkp
-  def initialize(keyserver = 'http://pool.sks-keyservers.net:11371')
-    @keyserver = keyserver
+  def initialize(keyserver = nil)
+    @keyserver = keyserver || lookup_keyserver || 'http://pool.sks-keyservers.net:11371'
   end
 
   # hkp.search 'user@host.com'
@@ -50,4 +50,23 @@ class Hkp
     end
   end
 
+  def exec_cmd(cmd)
+    res = `#{cmd}`
+    return nil if $?.exitstatus != 0
+    res
+  end
+
+  def lookup_keyserver
+    url = nil
+    if res = exec_cmd("gpgconf --list-options gpgs 2>&1 | grep keyserver 2>&1")
+      url = URI.decode(res.split(":").last.split("\"").last.strip)
+    elsif res = exec_cmd("gpg --gpgconf-list 2>&1 | grep gpgconf-gpg.conf 2>&1")
+      conf_file = res.split(":").last.split("\"").last.strip
+      if res = exec_cmd("cat #{conf_file} 2>&1 | grep ^keyserver 2>&1")
+        url = res.split(" ").last.strip
+      end
+    end
+    url =~ /^(http|hkp)/ ? url : nil
+  end
+
 end

data/lib/mail/gpg/decrypted_part.rb

@@ -0,0 +1,18 @@
+module Mail
+  module Gpg
+    class DecryptedPart < Mail::Part
+
+      # options are:
+      #
+      # :verify: decrypt and verify
+      def initialize(cipher_part, options = {})
+        if cipher_part.mime_type != EncryptedPart::CONTENT_TYPE
+          raise EncodingError, "RFC 3136 incorrect mime type for encrypted part '#{cipher_part.mime_type}'"
+        end
+      
+        decrypted = GpgmeHelper.decrypt(cipher_part.body.decoded, options)
+        super(decrypted)
+      end
+    end
+  end
+end

data/lib/mail/gpg/delivery_handler.rb

@@ -10,7 +10,7 @@ module Mail
             if options.delete(:encrypt)
               encrypted_mail = Mail::Gpg.encrypt(mail, options)
             elsif options[:sign] || options[:sign_as]
-              raise "signing without encryption is not supported yet"
+							encrypted_mail = Mail::Gpg.sign(mail, options)
             else
               # encrypt and sign are off -> do not encrypt or sign
               yield

data/lib/mail/gpg/encrypted_part.rb

@@ -2,10 +2,12 @@ module Mail
   module Gpg
     class EncryptedPart < Mail::Part
 
+      CONTENT_TYPE = 'application/octet-stream'
+
       # options are:
       #
       # :signers : sign using this key (give the corresponding email address)
-      # :passphrase: passphrase for the signing key
+      # :password: passphrase for the signing key
       # :recipients : array of receiver addresses
       # :keys : A hash mapping recipient email addresses to public keys or public
       # key ids. Imports any keys given here that are not already part of the
@@ -14,70 +16,14 @@ module Mail
       def initialize(cleartext_mail, options = {})
         options = { always_trust: true }.merge options
 
-        encrypted = encrypt(cleartext_mail.encoded, options)
+        encrypted = GpgmeHelper.encrypt(cleartext_mail.encoded, options)
         super() do
           body encrypted.to_s
-          content_type 'application/octet-stream; name="encrypted.asc"'
+          content_type "#{CONTENT_TYPE}; name=\"encrypted.asc\""
           content_disposition 'inline; filename="encrypted.asc"'
           content_description 'OpenPGP encrypted message'
         end
       end
-
-      private
-
-      def encrypt(plain, options = {})
-        options = options.merge({armor: true})
-
-        plain_data  = GPGME::Data.new(plain)
-        cipher_data = GPGME::Data.new(options[:output])
-
-        recipient_keys = keys_for_data options[:recipients], options.delete(:keys)
-
-        flags = 0
-        flags |= GPGME::ENCRYPT_ALWAYS_TRUST if options[:always_trust]
-
-        GPGME::Ctx.new(options) do |ctx|
-          begin
-            if options[:sign]
-              if options[:signers]
-                signers = Key.find(:public, options[:signers], :sign)
-                ctx.add_signer(*signers)
-              end
-              ctx.encrypt_sign(recipient_keys, plain_data, cipher_data, flags)
-            else
-              ctx.encrypt(recipient_keys, plain_data, cipher_data, flags)
-            end
-          rescue GPGME::Error::UnusablePublicKey => exc
-            exc.keys = ctx.encrypt_result.invalid_recipients
-            raise exc
-          rescue GPGME::Error::UnusableSecretKey => exc
-            exc.keys = ctx.sign_result.invalid_signers
-            raise exc
-          end
-        end
-
-        cipher_data.seek(0)
-        cipher_data
-      end
-
-      # normalizes the list of recipients' emails, key ids and key data to a
-      # list of Key objects
-      def keys_for_data(emails_or_shas_or_keys, key_data = nil)
-        if key_data
-          [emails_or_shas_or_keys].flatten.map do |r|
-            # import any given keys
-            k = key_data[r]
-            if k and k =~ /-----BEGIN PGP/
-              k = GPGME::Key.import(k).imports.map(&:fpr)
-            end
-            GPGME::Key.find(:public, k || r, :encrypt)
-          end.flatten
-        else
-          # key lookup in keychain for all receivers
-          GPGME::Key.find :public, emails_or_shas_or_keys, :encrypt
-        end
-      end
-
     end
   end
 end

data/lib/mail/gpg/gpgme_helper.rb

@@ -0,0 +1,96 @@
+# GPGME methods for encryption/decryption/signing
+module Mail
+  module Gpg
+    class GpgmeHelper
+
+      def self.encrypt(plain, options = {})
+        options = options.merge({armor: true})
+
+        plain_data  = GPGME::Data.new(plain)
+        cipher_data = GPGME::Data.new(options[:output])
+
+        recipient_keys = keys_for_data options[:recipients], options.delete(:keys)
+
+        flags = 0
+        flags |= GPGME::ENCRYPT_ALWAYS_TRUST if options[:always_trust]
+
+        GPGME::Ctx.new(options) do |ctx|
+          begin
+            if options[:sign]
+              if options[:signers]
+                signers = GPGME::Key.find(:public, options[:signers], :sign)
+                ctx.add_signer(*signers)
+              end
+              ctx.encrypt_sign(recipient_keys, plain_data, cipher_data, flags)
+            else
+              ctx.encrypt(recipient_keys, plain_data, cipher_data, flags)
+            end
+          rescue GPGME::Error::UnusablePublicKey => exc
+            exc.keys = ctx.encrypt_result.invalid_recipients
+            raise exc
+          rescue GPGME::Error::UnusableSecretKey => exc
+            exc.keys = ctx.sign_result.invalid_signers
+            raise exc
+          end
+        end
+
+        cipher_data.seek(0)
+        cipher_data
+      end
+
+      def self.decrypt(cipher, options = {})
+        cipher_data = GPGME::Data.new(cipher)
+        plain_data  = GPGME::Data.new(options[:output])
+
+        GPGME::Ctx.new(options) do |ctx|
+          begin
+            if options[:verify]
+              ctx.decrypt_verify(cipher_data, plain_data)
+            else
+              ctx.decrypt(cipher_data, plain_data)
+            end
+          rescue GPGME::Error::UnsupportedAlgorithm => exc
+            exc.algorithm = ctx.decrypt_result.unsupported_algorithm
+            raise exc
+          rescue GPGME::Error::WrongKeyUsage => exc
+            exc.key_usage = ctx.decrypt_result.wrong_key_usage
+            raise exc
+          end
+        end
+
+        plain_data.seek(0)
+        plain_data
+      end
+
+      def self.sign(plain, options = {})
+        options.merge!({
+          armor: true,
+          signer: options.delete(:sign_as),
+          mode: GPGME::SIG_MODE_DETACH
+        })
+        crypto = GPGME::Crypto.new
+        crypto.sign GPGME::Data.new(plain), options
+      end
+
+      private
+
+      # normalizes the list of recipients' emails, key ids and key data to a
+      # list of Key objects
+      def self.keys_for_data(emails_or_shas_or_keys, key_data = nil)
+        if key_data
+          [emails_or_shas_or_keys].flatten.map do |r|
+            # import any given keys
+            k = key_data[r]
+            if k and k =~ /-----BEGIN PGP/
+              k = GPGME::Key.import(k).imports.map(&:fpr)
+            end
+            GPGME::Key.find(:public, k || r, :encrypt)
+          end.flatten
+        else
+          # key lookup in keychain for all receivers
+          GPGME::Key.find :public, emails_or_shas_or_keys, :encrypt
+        end
+      end
+    end
+  end
+end

data/lib/mail/gpg/inline_decrypted_message.rb

@@ -0,0 +1,54 @@
+# decryption of the so called 'PGP-Inline' message types
+# this is not a standard, so the implementation is based on the notes
+# here http://binblog.info/2008/03/12/know-your-pgp-implementation/
+# and on test messages generated with the Mozilla Enigmail OpenPGP
+# plugin https://www.enigmail.net
+module Mail
+  module Gpg
+    class InlineDecryptedMessage < Mail::Message
+
+      # options are:
+      #
+      # :verify: decrypt and verify
+      def initialize(cipher_mail, options = {})
+        if cipher_mail.multipart?
+          super() do
+            cipher_mail.header.fields.each do |field|
+              header[field.name] = field.value
+            end
+            cipher_mail.parts.each do |part|
+              part Mail::Part.new do |p|
+                if part.has_content_type? && /application\/(?:octet-stream|pgp-encrypted)/ =~ part.mime_type
+                  # encrypted attachment, we set the content_type to the generic 'application/octet-stream'
+                  # and remove the .pgp/gpg/asc from name/filename in header fields
+                  decrypted = GpgmeHelper.decrypt(part.decoded, options)
+                  p.content_type part.content_type.sub(/application\/(?:octet-stream|pgp-encrypted)/, 'application/octet-stream')
+                    .sub(/name=(?:"')?(.*)\.(?:pgp|gpg|asc)(?:"')?/, 'name="\1"')
+                  p.content_disposition part.content_disposition.sub(/filename=(?:"')?(.*)\.(?:pgp|gpg|asc)(?:"')?/, 'filename="\1"')
+                  p.content_transfer_encoding Mail::Encodings::Base64
+                  p.body Mail::Encodings::Base64::encode(decrypted.to_s)
+                else
+                  if part.body.include?('-----BEGIN PGP MESSAGE-----')
+                    p.body GpgmeHelper.decrypt(part.decoded, options).to_s
+                  else
+                    p.content_type part.content_type
+                    p.content_transfer_encoding part.content_transfer_encoding
+                    p.body part.body.to_s
+                  end
+                end
+              end
+            end
+          end # of multipart
+        else
+          decrypted = cipher_mail.body.empty? ? '' : GpgmeHelper.decrypt(cipher_mail.body.decoded, options)
+          super() do
+            cipher_mail.header.fields.each do |field|
+              header[field.name] = field.value
+            end
+            body decrypted.to_s
+          end
+        end
+      end
+    end
+  end
+end

data/lib/mail/gpg/message_patch.rb

@@ -51,6 +51,14 @@ module Mail
         end
       end
 
+      def encrypted?
+        Mail::Gpg.encrypted?(self)
+      end
+
+      def decrypt(options = {})
+        Mail::Gpg.decrypt(self, options)
+      end
+
     end
   end
 end

data/lib/mail/gpg/sign_part.rb

@@ -0,0 +1,16 @@
+module Mail
+	module Gpg
+		class SignPart < Mail::Part
+
+			def initialize(cleartext_mail, options = {})
+				signature = GpgmeHelper.sign(cleartext_mail.encoded, options)
+				super() do
+					body signature.to_s
+					content_type "application/pgp-signature; name=\"signature.asc\""
+					content_disposition 'attachment; filename="signature.asc"'
+					content_description 'OpenPGP digital signature'
+				end	
+			end	
+		end
+	end
+end

data/lib/mail/gpg/version.rb

@@ -1,5 +1,5 @@
 module Mail
   module Gpg
-    VERSION = "0.0.6"
+    VERSION = "0.1.0"
   end
 end

data/lib/mail/gpg/version_part.rb

@@ -3,11 +3,19 @@ require 'mail/part'
 module Mail
   module Gpg
     class VersionPart < Mail::Part
+      VERSION_1 = 'Version: 1'
+      CONTENT_TYPE = 'application/pgp-encrypted'
+      CONTENT_DESC = 'PGP/MIME Versions Identification'
+    
       def initialize(*args)
         super
-        body 'Version: 1'
-        content_type 'application/pgp-encrypted'
-        content_description 'PGP/MIME Versions Identification'
+        body VERSION_1
+        content_type CONTENT_TYPE
+        content_description CONTENT_DESC
+      end
+      
+      def self.isVersionPart?(part)
+        part.mime_type == CONTENT_TYPE && part.body =~ /#{VERSION_1}/
       end
     end
   end

data/lib/mail/gpg.rb

@@ -4,9 +4,13 @@ require 'gpgme'
 
 require 'mail/gpg/version'
 require 'mail/gpg/version_part'
+require 'mail/gpg/decrypted_part'
 require 'mail/gpg/encrypted_part'
+require 'mail/gpg/inline_decrypted_message'
+require 'mail/gpg/gpgme_helper'
 require 'mail/gpg/message_patch'
 require 'mail/gpg/rails'
+require 'mail/gpg/sign_part'
 
 module Mail
   module Gpg
@@ -19,18 +23,57 @@ module Mail
     # local keychain before sending the mail.
     # :always_trust : send encrypted mail to untrusted receivers, true by default
     def self.encrypt(cleartext_mail, options = {})
-      receivers = []
-      receivers += cleartext_mail.to if cleartext_mail.to
-      receivers += cleartext_mail.cc if cleartext_mail.cc
-      receivers += cleartext_mail.bcc if cleartext_mail.bcc
-
-      if options[:sign_as]
-        options[:sign] = true
-        options[:signers] = options.delete(:sign_as)
-      elsif options[:sign]
-        options[:signers] = cleartext_mail.from
+			construct_mail(cleartext_mail, options) do
+				receivers = []
+				receivers += cleartext_mail.to if cleartext_mail.to
+				receivers += cleartext_mail.cc if cleartext_mail.cc
+				receivers += cleartext_mail.bcc if cleartext_mail.bcc
+
+				if options[:sign_as]
+					options[:sign] = true
+					options[:signers] = options.delete(:sign_as)
+				elsif options[:sign]
+					options[:signers] = cleartext_mail.from
+				end
+
+        add_part VersionPart.new
+        add_part EncryptedPart.new(cleartext_mail,
+                                   options.merge({recipients: receivers}))
+        content_type "multipart/encrypted; protocol=\"application/pgp-encrypted\"; boundary=#{boundary}"
+        body.preamble = options[:preamble] || "This is an OpenPGP/MIME encrypted message (RFC 2440 and 3156)"
       end
+    end
+
+		def self.sign(cleartext_mail, options = {})
+			construct_mail(cleartext_mail, options) do
+				options[:sign_as] ||= cleartext_mail.from
+				add_part SignPart.new(cleartext_mail, options)
+				add_part Mail::Part.new(cleartext_mail)	
+
+				content_type "multipart/signed; micalg=pgp-sha1; protocol=\"application/pgp-signature\"; boundary=#{boundary}"
+				body.preamble = options[:preamble] || "This is an OpenPGP/MIME signed message (RFC 4880 and 3156)"
+			end	
+		end
+
+    def self.decrypt(encrypted_mail, options = {})
+      if encrypted_mime?(encrypted_mail)
+        decrypt_pgp_mime(encrypted_mail, options)
+      elsif encrypted_inline?(encrypted_mail)
+        decrypt_pgp_inline(encrypted_mail, options)
+      else
+        raise EncodingError, "Unsupported encryption format '#{encrypted_mail.content_type}'"
+      end
+    end
+    
+    def self.encrypted?(mail)
+      return true if encrypted_mime?(mail)
+      return true if encrypted_inline?(mail)
+      false
+    end
 
+    private
+
+		def self.construct_mail(cleartext_mail, options, &block)	
       Mail.new do
         self.perform_deliveries = cleartext_mail.perform_deliveries
         %w(from to cc bcc subject reply_to in_reply_to).each do |field|
@@ -39,16 +82,47 @@ module Mail
         cleartext_mail.header.fields.each do |field|
           header[field.name] = field.value if field.name =~ /^X-/
         end
-        add_part VersionPart.new
-        add_part EncryptedPart.new(cleartext_mail,
-                                   options.merge({recipients: receivers}))
-        content_type "multipart/encrypted; protocol=\"application/pgp-encrypted\"; boundary=#{boundary}"
-        body.preamble = options[:preamble] || "This is an OpenPGP/MIME encrypted message (RFC 2440 and 3156)"
+				instance_eval &block
+			end
+		end
+
+    # decrypts PGP/MIME (RFC 3156, section 4) encrypted mail
+    def self.decrypt_pgp_mime(encrypted_mail, options)
+      # MUST containt exactly two body parts
+      if encrypted_mail.parts.length != 2
+        raise EncodingError, "RFC 3136 mandates exactly two body parts, found '#{encrypted_mail.parts.length}'"
+      end
+      if !VersionPart.isVersionPart? encrypted_mail.parts[0]
+        raise EncodingError, "RFC 3136 first part not a valid version part '#{encrypted_mail.parts[0]}'"
       end
+      Mail.new(DecryptedPart.new(encrypted_mail.parts[1], options))
     end
 
-    def self.decrypt(encrypted_mail, options = {})
-      # TODO :)
+    # decrypts inline PGP encrypted mail
+    def self.decrypt_pgp_inline(encrypted_mail, options)
+      InlineDecryptedMessage.new(encrypted_mail, options)
+    end
+
+    # check if PGP/MIME (RFC 3156)
+    def self.encrypted_mime?(mail)
+      mail.has_content_type? &&
+        'multipart/encrypted' == mail.mime_type &&
+        'application/pgp-encrypted' == mail.content_type_parameters[:protocol]
+    end
+
+    # check if inline PGP (i.e. if any parts of the mail includes
+    # the PGP MESSAGE marker
+    def self.encrypted_inline?(mail)
+      return true if mail.body.include?('-----BEGIN PGP MESSAGE-----')
+      if mail.multipart?
+        mail.parts.each do |part|
+          return true if part.body.include?('-----BEGIN PGP MESSAGE-----')
+          return true if part.has_content_type? &&
+            /application\/(?:octet-stream|pgp-encrypted)/ =~ part.mime_type &&
+            /.*\.(?:pgp|gpg|asc)$/ =~ part.content_type_parameters[:name]
+        end
+      end
+      false
     end
   end
 end

data/test/action_mailer_test.rb

@@ -11,6 +11,16 @@ class MyMailer < ActionMailer::Base
     mail subject: 'encrypted', body: 'encrypted mail', gpg: {encrypt: true}
   end
 
+	def signed
+		mail	from: 'jane@foo.bar',
+					to: 'joe@foo.bar',
+					subject: 'signed', 
+					body: 'signed mail', 
+					gpg: {
+						sign: true,
+						password: 'abc'
+					}
+	end
 
 end
 
@@ -42,5 +52,19 @@ class ActionMailerTest < Test::Unit::TestCase
       assert_equal 'encrypted mail', m.body.to_s
     end
 
+		should "send signed mail" do
+			assert m = MyMailer.signed
+			assert true == m.gpg[:sign]
+			m.deliver
+			assert_equal 1, @emails.size
+			assert delivered = @emails.first
+			assert_equal 'signed', delivered.subject
+			assert_equal 2, delivered.parts.size
+			assert sign_part = delivered.parts.detect{|p| p.content_type =~ /signature\.asc/}
+			GPGME::Crypto.new.verify(sign_part.body.to_s, signed_text: m.encoded) do |sig| 
+				assert true == sig.valid?
+			end
+		end
+
   end
 end

data/test/decrypted_part_test.rb

@@ -0,0 +1,37 @@
+require 'test_helper'
+require 'mail/gpg/decrypted_part'
+require 'mail/gpg/encrypted_part'
+
+class DecryptedPartTest < Test::Unit::TestCase
+  context 'DecryptedPart' do
+    setup do
+      @mail = Mail.new do
+        to 'jane@foo.bar'
+        from 'joe@foo.bar'
+        subject 'test'
+        body 'i am unencrypted'
+      end
+      @part = Mail::Gpg::EncryptedPart.new(@mail, { :sign => true, :password => 'abc' })
+    end
+
+    should 'decrypt' do
+      assert mail = Mail::Gpg::DecryptedPart.new(@part, { :password => 'abc' })
+      assert mail == @mail
+      assert mail.message_id == @mail.message_id
+      assert mail.message_id != @part.message_id
+    end
+    
+    should 'decrypt and verify' do
+      assert mail = Mail::Gpg::DecryptedPart.new(@part, { :verify => true, :password => 'abc' })
+      assert mail == @mail
+      assert mail.message_id == @mail.message_id
+      assert mail.message_id != @part.message_id
+    end
+    
+    should 'raise encoding error for non gpg mime type' do
+      part = Mail::Part.new(@part)
+      part.content_type = 'text/plain'
+      assert_raise(EncodingError) { Mail::Gpg::DecryptedPart.new(part) }
+    end    
+  end
+end

data/test/encrypted_part_test.rb

@@ -1,8 +1,14 @@
 require 'test_helper'
 require 'mail/gpg/encrypted_part'
-require 'pry-nav'
 
 class EncryptedPartTest < Test::Unit::TestCase
+
+  def check_key_list(keys)
+    assert_equal 1, keys.size
+    assert_equal GPGME::Key, keys.first.class
+    assert_equal 'jane@foo.bar', keys.first.email
+  end
+
   context 'EncryptedPart' do
     setup do
       mail = Mail.new do
@@ -14,24 +20,18 @@ class EncryptedPartTest < Test::Unit::TestCase
       @part = Mail::Gpg::EncryptedPart.new(mail)
     end
 
-    def check_key_list(keys)
-      assert_equal 1, keys.size
-      assert_equal GPGME::Key, keys.first.class
-      assert_equal 'jane@foo.bar', keys.first.email
-    end
-
     context 'with email address' do
       setup do
         @email = 'jane@foo.bar'
       end
 
       should 'resolve email to gpg keys' do
-        assert keys = @part.send(:keys_for_data, @email)
+        assert keys = Mail::Gpg::GpgmeHelper.send(:keys_for_data, @email)
         check_key_list keys
       end
 
       should 'resolve emails to gpg keys' do
-        assert keys = @part.send(:keys_for_data, [@email])
+        assert keys = Mail::Gpg::GpgmeHelper.send(:keys_for_data, [@email])
         check_key_list keys
       end
 
@@ -43,11 +43,11 @@ class EncryptedPartTest < Test::Unit::TestCase
       end
 
       should 'resolve single id  gpg keys' do
-        assert keys = @part.send(:keys_for_data, @key_id)
+        assert keys = Mail::Gpg::GpgmeHelper.send(:keys_for_data, @key_id)
         check_key_list keys
       end
       should 'resolve id list to gpg keys' do
-        assert keys = @part.send(:keys_for_data, [@key_id])
+        assert keys = Mail::Gpg::GpgmeHelper.send(:keys_for_data, [@key_id])
         check_key_list keys
       end
     end
@@ -58,11 +58,11 @@ class EncryptedPartTest < Test::Unit::TestCase
       end
 
       should 'resolve single id  gpg keys' do
-        assert keys = @part.send(:keys_for_data, @key_fpr)
+        assert keys = Mail::Gpg::GpgmeHelper.send(:keys_for_data, @key_fpr)
         check_key_list keys
       end
       should 'resolve id list to gpg keys' do
-        assert keys = @part.send(:keys_for_data, [@key_fpr])
+        assert keys = Mail::Gpg::GpgmeHelper.send(:keys_for_data, [@key_fpr])
         check_key_list keys
       end
     end
@@ -75,7 +75,7 @@ class EncryptedPartTest < Test::Unit::TestCase
       end
 
       should 'resolve to gpg keys' do
-        assert keys = @part.send(:keys_for_data, @emails, @key_data)
+        assert keys = Mail::Gpg::GpgmeHelper.send(:keys_for_data, @emails, @key_data)
         check_key_list keys
       end
     end

data/test/gpg_test.rb

@@ -17,16 +17,38 @@ class GpgTest < Test::Unit::TestCase
     assert_equal 'application/pgp-encrypted; charset=UTF-8', v_part.content_type
 
     assert_equal 'application/octet-stream; name=encrypted.asc',
-      enc_part.content_type
+    enc_part.content_type
   end
 
 
-  def check_content
-    assert enc = @encrypted.parts.last
+  def check_content(mail = @mail, encrypted = @encrypted)
+    assert enc = encrypted.parts.last
     assert clear = GPGME::Crypto.new.decrypt(enc.to_s, password: 'abc').to_s
     assert_match /encrypt me/, clear
+    assert_equal mail.to_s, clear
   end
 
+	def check_signature(mail = @mail, signed = @signed)
+		assert signature = signed.parts.detect{|p| p.content_type =~ /signature\.asc/}.body.to_s
+		GPGME::Crypto.new.verify(signature, signed_text: mail.encoded) do |sig| 
+			assert true == sig.valid?
+		end
+	end
+
+	def check_mime_structure_signed(mail = @mail, signed = @signed)
+		assert_equal 2, signed.parts.size
+		sign_part, orig_part = signed.parts	
+
+		assert_equal 'application/pgp-signature; name=signature.asc', sign_part.content_type
+		assert_equal orig_part.content_type, @mail.content_type
+	end
+
+  def check_headers_signed(mail = @mail, signed = @signed)
+    assert_equal mail.to, signed.to
+    assert_equal mail.cc, signed.cc
+    assert_equal mail.bcc, signed.bcc
+    assert_equal mail.subject, signed.subject
+  end
 
   context "gpg installation" do
     should "have keys for jane and joe" do
@@ -35,6 +57,104 @@ class GpgTest < Test::Unit::TestCase
     end
   end
 
+	context "gpg signed" do
+		setup do
+			@mail = Mail.new do
+				to 'joe@foo.bar'
+				from 'jane@foo.bar'
+				subject 'test test'
+				body 'sign me!'
+			end
+		end
+
+		context 'simple mail' do
+			setup do
+				@signed = Mail::Gpg.sign(@mail, password: 'abc')
+			end
+
+			should 'have same recipients and subject' do
+				check_headers_signed
+			end
+
+			should 'have proper gpgmime structure' do
+				check_mime_structure_signed
+			end
+
+			should 'have correct signature' do
+				check_signature
+			end
+		end
+
+    context 'mail with custom header' do
+      setup do
+        @mail.header['X-Custom-Header'] = 'custom value'
+        @signed = Mail::Gpg.sign(@mail, password: 'abc')
+      end
+
+      should 'have same recipients and subject' do
+        check_headers_signed
+      end
+
+      should 'have proper gpgmime structure' do
+        check_mime_structure_signed
+      end
+
+      should 'have correct signature' do
+        check_signature
+      end
+
+      should 'preserve customer header values' do
+        assert_equal 'custom value', @signed.header['X-Custom-Header'].to_s
+      end
+    end
+
+    context 'mail with multiple recipients' do
+      setup do
+        @mail.bcc 'jane@foo.bar'
+        @signed = Mail::Gpg.sign(@mail, password: 'abc')
+      end
+
+      should 'have same recipients and subject' do
+        check_headers_signed
+      end
+
+      should 'have proper gpgmime structure' do
+        check_mime_structure_signed
+      end
+
+      should 'have correct signature' do
+        check_signature
+      end
+    end
+
+    context 'multipart mail' do
+      setup do
+        @mail.add_file 'Rakefile'
+        @signed = Mail::Gpg.sign(@mail, password: 'abc')
+      end
+
+      should 'have same recipients and subject' do
+        check_headers_signed
+      end
+
+      should 'have proper gpgmime structure' do
+        check_mime_structure_signed
+      end
+
+      should 'have correct signature' do
+        check_signature
+      end
+
+      should 'have multiple parts in original content' do
+        assert original_part = @signed.parts.last
+        assert original_part.multipart?
+        assert_equal 2, original_part.parts.size
+        assert_match /sign me!/, original_part.parts.first.body.to_s
+        assert_match /Rakefile/, original_part.parts.last.content_disposition
+      end
+    end
+	end
+
   context "gpg encrypted" do
 
     setup do
@@ -63,7 +183,34 @@ class GpgTest < Test::Unit::TestCase
         check_content
       end
 
+      should 'decrypt' do
+        assert mail = Mail::Gpg.decrypt(@encrypted, { :password => 'abc' })
+        assert mail == @mail
+      end
     end
+    
+    context 'simple mail (signed)' do
+      setup do
+        @encrypted = Mail::Gpg.encrypt(@mail, { :sign => true, :password => 'abc' })
+      end
+
+      should 'have same recipients and subject' do
+        check_headers
+      end
+
+      should 'have proper gpgmime structure' do
+        check_mime_structure
+      end
+
+      should 'have correctly encrypted content' do
+        check_content
+      end
+
+      should 'decrypt and verify' do
+        assert mail = Mail::Gpg.decrypt(@encrypted, { :verify => true, :password => 'abc' })
+        assert mail == @mail
+      end
+    end    
 
     context 'mail with custom header' do
       setup do
@@ -86,6 +233,11 @@ class GpgTest < Test::Unit::TestCase
       should 'preserve customer header values' do
         assert_equal 'custom value', @encrypted.header['X-Custom-Header'].to_s
       end
+      
+      should 'decrypt' do
+        assert mail = Mail::Gpg.decrypt(@encrypted, { :password => 'abc' })
+        assert mail == @mail
+      end
     end
 
     context 'mail with multiple recipients' do
@@ -110,6 +262,10 @@ class GpgTest < Test::Unit::TestCase
         assert encrypted_body = @encrypted.parts.last.to_s
       end
 
+      should 'decrypt' do
+        assert mail = Mail::Gpg.decrypt(@encrypted, { :password => 'abc' })
+        assert mail == @mail
+      end
     end
 
     context 'multipart mail' do
@@ -139,6 +295,12 @@ class GpgTest < Test::Unit::TestCase
         assert_match /encrypt me/, m.parts.first.body.to_s
         assert_match /Rakefile/, m.parts.last.content_disposition
       end
+      
+      should 'decrypt' do
+        assert mail = Mail::Gpg.decrypt(@encrypted, { :password => 'abc' })
+        assert mail == @mail
+        assert mail.parts[1] == @mail.parts[1]
+      end
     end
   end
 end

data/test/hkp_test.rb

@@ -0,0 +1,36 @@
+require 'test_helper'
+require 'hkp'
+
+class HkpTest < Test::Unit::TestCase
+
+  context "keyserver setup" do
+
+    context "with url specified" do
+
+      setup do
+        @hkp = Hkp.new("hkp://my-key-server.net")
+      end
+
+      should "use specified keyserver" do
+        assert url = @hkp.instance_variable_get("@keyserver")
+        assert_equal "hkp://my-key-server.net", url
+      end
+
+    end
+
+    context "without url specified" do
+    
+      setup do
+        @hkp = Hkp.new
+      end
+
+      should "have found a non-empty keyserver" do
+        assert url = @hkp.instance_variable_get("@keyserver")
+        assert !url.blank?
+      end
+
+    end
+
+  end
+
+end

data/test/inline_decrypted_message_test.rb

@@ -0,0 +1,126 @@
+require 'test_helper'
+
+# test cases for PGP inline messages (i.e. non-mime)
+class InlineDecryptedMessageTest < Test::Unit::TestCase
+
+  context "InlineDecryptedMessage" do
+
+    setup do
+      (@mails = Mail::TestMailer.deliveries).clear
+      @mail = Mail.new do
+        to 'jane@foo.bar'
+        from 'joe@foo.bar'
+        subject 'test'
+        body 'i am unencrypted'
+        gpg encrypt: false
+      end
+    end
+
+    context "inline message" do
+      should "decrypt body" do
+        mail = Mail.new(@mail)
+        mail.body = InlineDecryptedMessageTest.encrypt(mail, mail.body.to_s)
+
+        assert !mail.multipart?
+        assert mail.encrypted?
+        assert decrypted = mail.decrypt(:password => 'abc')
+        assert decrypted == @mail
+        assert !decrypted.encrypted?
+      end
+    end
+
+    context "attachment message" do
+      should "decrypt attachment" do
+        rakefile = File.open('Rakefile') { |file| file.read }
+        mail = Mail.new(@mail)
+        mail.content_type = 'multipart/mixed'
+        mail.body = ''
+        mail.part do |p|
+          p.content_type 'application/octet-stream; name=Rakefile.pgp'
+          p.content_transfer_encoding Mail::Encodings::Base64
+          p.content_disposition 'attachment; filename="Rakefile.pgp"'
+          p.body Mail::Encodings::Base64::encode(InlineDecryptedMessageTest.encrypt(mail, rakefile, false))
+        end
+
+        assert mail.multipart?
+        assert mail.encrypted?
+        assert decrypted = mail.decrypt(:password => 'abc')
+        assert !decrypted.encrypted?
+        check_headers(@mail, decrypted)
+        assert_equal 1, decrypted.parts.length
+        assert /application\/octet-stream; (?:charset=UTF-8; )?name=Rakefile/ =~ decrypted.parts[0].content_type
+        assert_equal 'attachment; filename=Rakefile', decrypted.parts[0].content_disposition
+        assert_equal rakefile, decrypted.parts[0].body.decoded
+      end
+    end
+
+    context "cleartext body and encrypted attachment message" do
+      should "decrypt attachment" do
+        rakefile = File.open('Rakefile') { |file| file.read }
+        mail = Mail.new(@mail)
+        mail.content_type = 'multipart/mixed'
+        mail.part do |p|
+          p.content_type 'application/octet-stream; name=Rakefile.pgp'
+          p.content_transfer_encoding Mail::Encodings::Base64
+          p.content_disposition 'attachment; filename="Rakefile.pgp"'
+          p.body Mail::Encodings::Base64::encode(InlineDecryptedMessageTest.encrypt(mail, rakefile, false))
+        end
+
+        assert mail.multipart?
+        assert mail.encrypted?
+        assert decrypted = mail.decrypt(:password => 'abc')
+        assert !decrypted.encrypted?
+        check_headers(@mail, decrypted)
+        assert_equal 2, decrypted.parts.length
+        assert_equal @mail.body, decrypted.parts[0].body.to_s
+        assert /application\/octet-stream; (?:charset=UTF-8; )?name=Rakefile/ =~ decrypted.parts[1].content_type
+        assert_equal 'attachment; filename=Rakefile', decrypted.parts[1].content_disposition
+        assert_equal rakefile, decrypted.parts[1].body.decoded
+      end
+    end
+
+    context "encrypted body and attachment message" do
+      should "decrypt" do
+        rakefile = File.open('Rakefile') { |file| file.read }
+        mail = Mail.new(@mail)
+        mail.content_type = 'multipart/mixed'
+        mail.body = InlineDecryptedMessageTest.encrypt(mail, mail.body.to_s)
+        mail.part do |p|
+          p.content_type 'application/octet-stream; name=Rakefile.pgp'
+          p.content_transfer_encoding Mail::Encodings::Base64
+          p.content_disposition 'attachment; filename="Rakefile.pgp"'
+          p.body Mail::Encodings::Base64::encode(InlineDecryptedMessageTest.encrypt(mail, rakefile, false))
+        end
+
+        assert mail.multipart?
+        assert mail.encrypted?
+        assert decrypted = mail.decrypt(:password => 'abc')
+        assert !decrypted.encrypted?
+        check_headers(@mail, decrypted)
+        assert_equal 2, decrypted.parts.length
+        assert_equal @mail.body, decrypted.parts[0].body.to_s
+        assert /application\/octet-stream; (?:charset=UTF-8; )?name=Rakefile/ =~ decrypted.parts[1].content_type
+        assert_equal 'attachment; filename=Rakefile', decrypted.parts[1].content_disposition
+        assert_equal rakefile, decrypted.parts[1].body.decoded
+      end
+    end
+  end
+
+  def self.encrypt(mail, plain, armor = true)
+    GPGME::Crypto.new.encrypt(plain,
+      password: 'abc',
+      recipients: mail.to,
+      sign: true,
+      signers: mail.from,
+      armor: armor).to_s
+  end
+
+  def check_headers(expected, actual)
+    assert_equal expected.to, actual.to
+    assert_equal expected.cc, actual.cc
+    assert_equal expected.bcc, actual.bcc
+    assert_equal expected.subject, actual.subject
+    assert_equal expected.message_id, actual.message_id
+    assert_equal expected.date, actual.date
+  end
+end

data/test/message_test.rb

@@ -23,10 +23,46 @@ class MessageTest < Test::Unit::TestCase
         assert_equal 1, @mails.size
         assert m = @mails.first
         assert_equal 'test', m.subject
+        assert !m.encrypted?
         assert_equal 'i am unencrypted', m.body.to_s
       end
+
+      should "raise encoding error" do
+        assert_equal 1, @mails.size
+        assert m = @mails.first
+        assert_equal 'test', m.subject
+        assert_raises(EncodingError){
+          m.decrypt(:password => 'abc')
+        }
+      end
     end
 
+		context "with gpg signing only" do
+			setup do
+				@mail.gpg sign: true, password: 'abc'
+			end
+
+      context "" do
+        setup do
+          @mail.deliver
+        end
+
+        should "deliver signed mail" do
+          assert_equal 1, @mails.size
+          assert m = @mails.first
+          assert_equal 'test', m.subject
+          assert !m.encrypted?
+          assert m.multipart?
+          assert sign_part = m.parts.last
+          assert m = Mail::Message.new(m.parts.last)
+          assert !m.multipart?
+					GPGME::Crypto.new.verify(sign_part.body.to_s, signed_text: @mail.encoded) do |sig| 
+						assert true == sig.valid?
+					end
+        end
+      end
+		end
+
     context "with gpg turned on" do
       setup do
         @mail.gpg encrypt: true
@@ -60,12 +96,37 @@ class MessageTest < Test::Unit::TestCase
           assert m = @mails.first
           assert_equal 'test', m.subject
           assert m.multipart?
+          assert m.encrypted?
           assert enc_part = m.parts.last
           assert clear = GPGME::Crypto.new.decrypt(enc_part.body.to_s, password: 'abc').to_s
           assert m = Mail::Message.new(clear)
           assert !m.multipart?
           assert_equal 'i am unencrypted', m.body.to_s
         end
+
+        should "decrypt" do
+          assert_equal 1, @mails.size
+          assert m = @mails.first
+          assert_equal 'test', m.subject
+          assert m.multipart?
+          assert m.encrypted?
+          assert decrypted = m.decrypt(:password => 'abc')
+          assert decrypted == @mail
+        end
+
+        should "raise bad passphrase on decrypt" do
+          assert_equal 1, @mails.size
+          assert m = @mails.first
+          assert_equal 'test', m.subject
+          # incorrect passphrase
+          assert_raises(GPGME::Error::BadPassphrase){
+            m.decrypt(:password => 'incorrect')
+          }
+          # no passphrase
+          assert_raises(GPGME::Error::BadPassphrase){
+            m.decrypt
+          }
+        end
       end
     end
 

data/test/sign_part_test.rb

@@ -0,0 +1,15 @@
+require 'mail/gpg/sign_part'
+
+class SignPartTest < Test::Unit::TestCase
+	context 'SignPart' do
+		setup do
+			mail = Mail.new do
+				to 'jane@foo.bar'
+				from 'joe@foo.bar'
+				subject 'test'
+				body 'i am unsigned'
+			end
+			@part = Mail::Gpg::SignPart.new(mail)
+		end
+	end
+end

data/test/version_part_test.rb

@@ -0,0 +1,36 @@
+require 'test_helper'
+require 'mail/gpg/version_part'
+
+class VersionPartTest < Test::Unit::TestCase
+  context 'VersionPart' do
+
+    should 'roundtrip successfully' do
+      part = Mail::Gpg::VersionPart.new()
+      assert Mail::Gpg::VersionPart.isVersionPart?(part)
+    end
+    
+    should 'return false for non gpg mime type' do
+      part = Mail::Gpg::VersionPart.new()
+      part.content_type = 'text/plain'
+      assert !Mail::Gpg::VersionPart.isVersionPart?(part)
+    end
+    
+    should 'return false for empty body' do
+      part = Mail::Gpg::VersionPart.new()
+      part.body = nil
+      assert !Mail::Gpg::VersionPart.isVersionPart?(part)
+    end
+    
+    should 'return false for foul body' do
+      part = Mail::Gpg::VersionPart.new()
+      part.body = 'non gpg body'
+      assert !Mail::Gpg::VersionPart.isVersionPart?(part)
+    end
+    
+    should 'return true for body with extra content' do
+      part = Mail::Gpg::VersionPart.new()
+      part.body = "#{part.body} extra content"
+      assert Mail::Gpg::VersionPart.isVersionPart?(part)
+    end
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: mail-gpg
 version: !ruby/object:Gem::Version
-  version: 0.0.6
+  version: 0.1.0
   prerelease: 
 platform: ruby
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-08-27 00:00:00.000000000 Z
+date: 2013-11-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: mail
@@ -145,15 +145,20 @@ files:
 - lib/hkp.rb
 - lib/mail-gpg.rb
 - lib/mail/gpg.rb
+- lib/mail/gpg/decrypted_part.rb
 - lib/mail/gpg/delivery_handler.rb
 - lib/mail/gpg/encrypted_part.rb
+- lib/mail/gpg/gpgme_helper.rb
+- lib/mail/gpg/inline_decrypted_message.rb
 - lib/mail/gpg/message_patch.rb
 - lib/mail/gpg/rails.rb
 - lib/mail/gpg/rails/action_mailer_base_patch.rb
+- lib/mail/gpg/sign_part.rb
 - lib/mail/gpg/version.rb
 - lib/mail/gpg/version_part.rb
 - mail-gpg.gemspec
 - test/action_mailer_test.rb
+- test/decrypted_part_test.rb
 - test/encrypted_part_test.rb
 - test/gpg_test.rb
 - test/gpghome/pubring.gpg
@@ -161,8 +166,12 @@ files:
 - test/gpghome/random_seed
 - test/gpghome/secring.gpg
 - test/gpghome/trustdb.gpg
+- test/hkp_test.rb
+- test/inline_decrypted_message_test.rb
 - test/message_test.rb
+- test/sign_part_test.rb
 - test/test_helper.rb
+- test/version_part_test.rb
 homepage: https://github.com/jkraemer/mail-gpg
 licenses:
 - MIT
@@ -190,6 +199,7 @@ specification_version: 3
 summary: GPG/MIME encryption plugin for the Ruby Mail Library
 test_files:
 - test/action_mailer_test.rb
+- test/decrypted_part_test.rb
 - test/encrypted_part_test.rb
 - test/gpg_test.rb
 - test/gpghome/pubring.gpg
@@ -197,5 +207,9 @@ test_files:
 - test/gpghome/random_seed
 - test/gpghome/secring.gpg
 - test/gpghome/trustdb.gpg
+- test/hkp_test.rb
+- test/inline_decrypted_message_test.rb
 - test/message_test.rb
+- test/sign_part_test.rb
 - test/test_helper.rb
+- test/version_part_test.rb