mail-gpg 0.3.1 → 0.3.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 5372354dbe32dbf5c05196f257b8172582e5ffcc
-  data.tar.gz: 983703ee19cac1078e36c37bfde1b13906fd0ffa
+  metadata.gz: 0fa28ac570f95bf31e58025d3e29c4d8fe15c43a
+  data.tar.gz: 3a4afd5b7c7847333c364135aba9acb20fc9762d
 SHA512:
-  metadata.gz: aeb9b25b2c04e4c0a71b1eea09631e399a82dbcef6b707b75a4053bca637e66dbdd1d3eabf88673c16a75b8ffd623fabdbdc1e9fe906c10b0ceee4debe452c75
-  data.tar.gz: 241a812c8341db86deae1bf48927e5a1c5e92491c505ab67706a9c3e83768c341207dc4d00dcc434d4fbff29252c6625ea5a55110a91a9d033bfb2a534701de6
+  metadata.gz: d96da3558cb0b0ed814dce389d0e969e19edf718712adcecc0dc5bad04c6d1a35ed8da20acbf9427212072daf1c462e48a9391d5fc0c6d5b63c4e6a9e3593052
+  data.tar.gz: 3a8e23f13198857aa5fe9f533a08d7209d55ee0ba9839d913b977fbea59841315c211c1f87f3440e0c7a1d3a239419ed84dcb0b593efa6590aa85aadfce129cd

data/History.txt

@@ -1,3 +1,11 @@
+== 0.3.2 2018-03-30
+
+* do not attempt to decrypt inline-encrypted HTML parts #52
+* fixes possible double decoding of quoted printable bodies #57
+* fixes a bug which occured in some environments that led to encryption with
+  all available public keys (#31, #55)
+
+
 == 0.3.1 2017-04-13
 
 * fixes a bug with signature verification that only surfaced in environments

data/README.md

@@ -14,7 +14,9 @@ wild as described in this [Know your PGP implementation](http://binblog.info/200
 
 Add this line to your application's Gemfile:
 
-    gem 'mail-gpg'
+```ruby
+gem 'mail-gpg'
+```
 
 And then execute:
 
@@ -31,48 +33,51 @@ Or install it yourself as:
 Construct your Mail object as usual and specify you want it to be encrypted
 with the gpg method:
 
-    Mail.new do
-      to 'jane@doe.net'
-      from 'john@doe.net'
-      subject 'gpg test'
-      body "encrypt me!"
-      add_file "some_attachment.zip"
-
-      # encrypt message, no signing
-      gpg encrypt: true
+```ruby
+Mail.new do
+  to 'jane@doe.net'
+  from 'john@doe.net'
+  subject 'gpg test'
+  body "encrypt me!"
+  add_file "some_attachment.zip"
 
-      # encrypt and sign message with sender's private key, using the given
-      # passphrase to decrypt the key
-      gpg encrypt: true, sign: true, password: 'secret'
+  # encrypt message, no signing
+  gpg encrypt: true
 
-      # encrypt and sign message using a different key
-      gpg encrypt: true, sign_as: 'joe@otherdomain.com', password: 'secret'
+  # encrypt and sign message with sender's private key, using the given
+  # passphrase to decrypt the key
+  gpg encrypt: true, sign: true, password: 'secret'
 
+  # encrypt and sign message using a different key
+  gpg encrypt: true, sign_as: 'joe@otherdomain.com', password: 'secret'
 
-      # encrypt and sign message and use a callback function to provide the
-      # passphrase.
-      gpg encrypt: true, sign_as: 'joe@otherdomain.com',
-          passphrase_callback: ->(obj, uid_hint, passphrase_info, prev_was_bad, fd){puts "Enter passphrase for #{passphrase_info}: "; (IO.for_fd(fd, 'w') << readline.chomp).flush }
-    end.deliver
 
+  # encrypt and sign message and use a callback function to provide the
+  # passphrase.
+  gpg encrypt: true, sign_as: 'joe@otherdomain.com',
+      passphrase_callback: ->(obj, uid_hint, passphrase_info, prev_was_bad, fd){puts "Enter passphrase for #{passphrase_info}: "; (IO.for_fd(fd, 'w') << readline.chomp).flush }
+end.deliver
+```
 
 Make sure all recipients' public keys are present in your local gpg keychain.
 You will get errors in case encryption is not possible due to missing keys.
 If you collect public key data from your users, you can specify the ascii
 armored key data for recipients using the `:keys` option like this:
 
-    johns_key = <<-END
-    -----BEGIN PGP PUBLIC KEY BLOCK-----
-    Version: GnuPG v1.4.12 (GNU/Linux)
+```ruby
+johns_key = <<-END
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1.4.12 (GNU/Linux)
 
-    mQGiBEk39msRBADw1ExmrLD1OUMdfvA7cnVVYTC7CyqfNvHUVuuBDhV7azs
-    ....
-    END
+mQGiBEk39msRBADw1ExmrLD1OUMdfvA7cnVVYTC7CyqfNvHUVuuBDhV7azs
+....
+END
 
-    Mail.new do
-      to 'john@foo.bar'
-      gpg encrypt: true, keys: { 'john@foo.bar' => johns_key }
-    end
+Mail.new do
+  to 'john@foo.bar'
+  gpg encrypt: true, keys: { 'john@foo.bar' => johns_key }
+end
+```
 
 The key will then be imported before actually trying to encrypt/send the mail.
 In theory you only need to specify the key once like that, however doing it
@@ -101,16 +106,18 @@ Set the `:verify` option to `true` when calling `decrypt` to decrypt *and* verif
 A `GPGME::Error::BadPassphrase` will be raised if the password for the private key is incorrect.
 A `EncodingError` will be raised if the encrypted mails is not encoded correctly as a [RFC 3156](http://www.ietf.org/rfc/rfc3156.txt) message.
 
+Please note that in case of a multipart/alternative-message where both parts are inline-encrypted, the HTML-part will be dropped during decryption. Handling the HTML-part would require parsing HTML and guessing about the decrypted contents, which is brittle and out of the scope of this library. If you need the HTML-part of multipart/alternative-messages, use pgp/mime-encryption.
 
 ### Signing only
 
 Just leave the `:encrypt` option out or pass `encrypt: false`, i.e.
 
-
-    Mail.new do
-      to 'jane@doe.net'
-      gpg sign: true
-    end.deliver 
+```ruby
+Mail.new do
+  to 'jane@doe.net'
+  gpg sign: true
+end.deliver
+```
 
 ### Verify signature(s)
 
@@ -147,14 +154,14 @@ signature with the key id of the expected sender.
 The Hkp class can be used to lookup and import public keys from public key servers.
 You can specify the keyserver url when initializing the class:
 
-```
+```ruby
 hkp = Hkp.new("hkp://my-key-server.de")
 ```
 
 Or, if you want to override how ssl certificates should be treated in case of
 TLS-secured keyservers (the default is `VERIFY_PEER`):
 
-```
+```ruby
 hkp = Hkp.new(keyserver: "hkps://another.key-server.com",
               ssl_verify_mode: OpenSSL::SSL::VERIFY_NONE)
 ```
@@ -170,13 +177,13 @@ parsing the `gpg.conf` file). As a last resort, the server-pool at
 
 Lookup key ids by searching the keyserver for an email address
 
-```
+```ruby
 hkp.search('jane@doe.net')
 ```
 
 You can lookup (and import) a specific key by its id:
 
-```
+```ruby
 key = hkp.fetch(id)
 GPGME::Key.import(key)
 
@@ -186,12 +193,14 @@ hkp.fetch_and_import(id)
 
 ## Rails / ActionMailer integration
 
-    class MyMailer < ActionMailer::Base
-      default from: 'baz@bar.com'
-      def some_mail
-        mail to: 'foo@bar.com', subject: 'subject!', gpg: { encrypt: true }
-      end
-    end
+```ruby
+class MyMailer < ActionMailer::Base
+  default from: 'baz@bar.com'
+  def some_mail
+    mail to: 'foo@bar.com', subject: 'subject!', gpg: { encrypt: true }
+  end
+end
+```
 
 The gpg option takes the same arguments as outlined above for the
 Mail::Message#gpg method.
@@ -228,7 +237,6 @@ Open3.popen3(gppbin, '--preset', fpr) do |stdin, stdout, stderr|
 end
 # Hook to kill our gpg-agent when script finishes.
 Signal.trap(0, proc {  Process.kill('TERM', ENV['GPG_AGENT_INFO'].split(':')[1]) })
-
 ```
 
 

data/lib/mail/gpg/gpgme_helper.rb

@@ -23,7 +23,7 @@ module Mail
         GPGME::Ctx.new(options) do |ctx|
           begin
             if options[:sign]
-              if options[:signers]
+              if options[:signers] && options[:signers].size > 0
                 signers = GPGME::Key.find(:secret, options[:signers], :sign)
                 ctx.add_signer(*signers)
               end
@@ -122,12 +122,19 @@ module Mail
             k = key_data[r]
             if k and k =~ /-----BEGIN PGP/
               k = GPGME::Key.import(k).imports.map(&:fpr)
+              k = nil if k.size == 0
+            end
+            key_id = k || r
+            unless key_id.nil? || key_id.empty?
+              GPGME::Key.find(:public, key_id, :encrypt)
             end
-            GPGME::Key.find(:public, k || r, :encrypt)
           end.flatten
-        else
+        elsif emails_or_shas_or_keys.size > 0
           # key lookup in keychain for all receivers
           GPGME::Key.find :public, emails_or_shas_or_keys, :encrypt
+        else
+          # empty array given
+          []
         end
       end
     end

data/lib/mail/gpg/inline_decrypted_message.rb

@@ -16,6 +16,28 @@ module Mail
         if cipher_mail.multipart?
           self.new do
             Mail::Gpg.copy_headers cipher_mail, self
+
+            # Drop the HTML-part of a multipart/alternative-message if it is
+            # inline-encrypted: that ciphertext is probably wrapped in HTML,
+            # which GnuPG chokes upon, so we would have to parse the HTML to
+            # handle the message-part properly.
+            # Also it's not clear how to handle the resulting plain-text: is
+            # it HTML or simple text?  That depends on the sending MUA and
+            # the original input.
+            # In summary, that's too much complications.
+            if cipher_mail.mime_type == 'multipart/alternative' &&
+                cipher_mail.html_part.present? &&
+                cipher_mail.html_part.body.decoded.include?('-----BEGIN PGP MESSAGE-----')
+              cipher_mail.parts.delete_if do |part|
+                part[:content_type].content_type == 'text/html'
+              end
+              # Set the content-type of the newly generated message to
+              # something less confusing.
+              content_type 'multipart/mixed'
+              # Leave a marker for other code.
+              header['X-MailGpg-Deleted-Html-Part'] = 'true'
+            end
+
             cipher_mail.parts.each do |part|
               p = VerifiedPart.new do |p|
                 if part.has_content_type? && /application\/(?:octet-stream|pgp-encrypted)/ =~ part.mime_type

data/lib/mail/gpg/mime_signed_message.rb

@@ -18,7 +18,7 @@ module Mail
           if content_part.multipart?
             content_part.parts.each{|part| add_part part}
           else
-            body content_part.body.to_s
+            body content_part.body.raw_source
           end
         end
       end
@@ -26,5 +26,3 @@ module Mail
   end
 end
 
-
-

data/lib/mail/gpg/sign_part.rb

@@ -25,7 +25,7 @@ module Mail
         end
 
         # Work around the problem that plain_part.raw_source prefixes an
-        # erronous CRLF, <https://github.com/mikel/mail/issues/702>.
+        # erroneous CRLF, <https://github.com/mikel/mail/issues/702>.
         if ! plain_part.raw_source.empty?
           plaintext = [ plain_part.header.raw_source,
                         "\r\n\r\n",

data/lib/mail/gpg/version.rb

@@ -1,5 +1,5 @@
 module Mail
   module Gpg
-    VERSION = "0.3.1"
+    VERSION = "0.3.2"
   end
 end

data/test/inline_decrypted_message_test.rb

@@ -33,6 +33,25 @@ class InlineDecryptedMessageTest < Test::Unit::TestCase
       end
     end
 
+    context "multipart/alternative message" do
+      should "have dropped HTML-part" do
+        mail = Mail.new(@mail)
+        mail.body = InlineDecryptedMessageTest.encrypt(mail, mail.body.to_s)
+        mail.html_part do |p|
+          p.body "<pre>#{InlineDecryptedMessageTest.encrypt(mail, mail.body.to_s)}</pre>"
+        end
+
+        assert mail.multipart?
+        assert mail.encrypted?
+        assert decrypted = mail.decrypt(:password => 'abc', verify: true)
+        assert !decrypted.encrypted?
+        assert decrypted.mime_type == 'multipart/mixed'
+        assert decrypted.parts.size == 1
+        assert decrypted.parts.first.mime_type == 'text/plain'
+        assert decrypted.header['X-MailGpg-Deleted-Html-Part'].value == 'true'
+      end
+    end
+
     context "attachment message" do
       should "decrypt attachment" do
         rakefile = File.open('Rakefile') { |file| file.read }

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: mail-gpg
 version: !ruby/object:Gem::Version
-  version: 0.3.1
+  version: 0.3.2
 platform: ruby
 authors:
 - Jens Kraemer
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-04-13 00:00:00.000000000 Z
+date: 2018-03-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: mail