multipar mail encryption and signature verification
182 views
Skip to first unread message
Curtis Newton
Jul 12, 2016, 11:37:16 AM7/12/16
to python-gnupg
Hello,
- as I receive the email I created in python, the signature is a separated file, but as I try to decrypt or verify the signature, the decryptor says "no data" although encrypted attachements are correctly decryptable
- first I encrytped the whole mail, but decrypted it did not show correctly in outlook, so I encrypt some attachements, is it not possible to encrypt the whole mail ?
can someone enlight me on this ?
thanks
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJXhP4dAA*************************************
************************************************************************
************************************************************************
************************************************************************
************************************************************************
************************************************************************
************************************************************************
************************************************************************
*************************************************************ammnUKk/I
=dQk4
-----END PGP SIGNATURE-----
def encrypt(self,text):
gpg = gnupg.GPG()
encrypted_data = gpg.encrypt(text, 'myemail@...')
encrypted_string = str(encrypted_data)
if encrypted_data.ok:
return encrypted_string
else:
print 'status: ', encrypted_data.status
print 'stderr: ', encrypted_data.stderr
return None
def createSignature(self,msg):
text = re.sub(r'\r?\n', '\r\n', msg.as_string())
gpg = gnupg.GPG()
signature = gpg.sign(text,detach=True,passphrase="***************")
sig = MIMEText('')
sig.set_type('application/pgp-signature')
sig.set_charset(None)
sig.set_param('name', 'signature.asc')
sig.add_header('Content-Description', 'OpenPGP digital signature')
sig.add_header('Content-Disposition','attachment', filename='signature.asc')
sig.set_payload(str(signature))
return sig
def send(self,destinations=[]):
payload = MIMEMultipart()
payload.set_param('protocol', 'application/pgp-signature')
payload.set_param('micalg', 'pgp-sha256') ####!!! GET THIS FROM KEY!
payload.preamble = 'This is an OpenPGP/MIME signed message.'
payload['From'] = "from@email"
payload['To'] = COMMASPACE.join(destinations)
payload['Date'] = formatdate(localtime = True)
payload['Subject'] = Header(self.subject, "utf-8")
mail_text=MIMEText(mail_text+"\n", 'html', "utf-8")
payload.attach(mail_text)
# signature
signature = self.createSignature(payload)
payload.attach(signature)
encrypted_mail=payload.as_string()
# send mail
smtp = smtplib.SMTP("localhost", 25)
smtp.set_debuglevel(True)
smtp.sendmail(payload['From'], destinations, encrypted_mail)
smtp.quit()
- as I receive the email I created in python, the signature is a separated file, but as I try to decrypt or verify the signature, the decryptor says "no data" although encrypted attachements are correctly decryptable
- first I encrytped the whole mail, but decrypted it did not show correctly in outlook, so I encrypt some attachements, is it not possible to encrypt the whole mail ?
can someone enlight me on this ?
thanks
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJXhP4dAA*************************************
************************************************************************
************************************************************************
************************************************************************
************************************************************************
************************************************************************
************************************************************************
************************************************************************
*************************************************************ammnUKk/I
=dQk4
-----END PGP SIGNATURE-----
def encrypt(self,text):
gpg = gnupg.GPG()
encrypted_data = gpg.encrypt(text, 'myemail@...')
encrypted_string = str(encrypted_data)
if encrypted_data.ok:
return encrypted_string
else:
print 'status: ', encrypted_data.status
print 'stderr: ', encrypted_data.stderr
return None
def createSignature(self,msg):
text = re.sub(r'\r?\n', '\r\n', msg.as_string())
gpg = gnupg.GPG()
signature = gpg.sign(text,detach=True,passphrase="***************")
sig = MIMEText('')
sig.set_type('application/pgp-signature')
sig.set_charset(None)
sig.set_param('name', 'signature.asc')
sig.add_header('Content-Description', 'OpenPGP digital signature')
sig.add_header('Content-Disposition','attachment', filename='signature.asc')
sig.set_payload(str(signature))
return sig
def send(self,destinations=[]):
payload = MIMEMultipart()
payload.set_param('protocol', 'application/pgp-signature')
payload.set_param('micalg', 'pgp-sha256') ####!!! GET THIS FROM KEY!
payload.preamble = 'This is an OpenPGP/MIME signed message.'
payload['From'] = "from@email"
payload['To'] = COMMASPACE.join(destinations)
payload['Date'] = formatdate(localtime = True)
payload['Subject'] = Header(self.subject, "utf-8")
mail_text=MIMEText(mail_text+"\n", 'html', "utf-8")
payload.attach(mail_text)
# signature
signature = self.createSignature(payload)
payload.attach(signature)
encrypted_mail=payload.as_string()
# send mail
smtp = smtplib.SMTP("localhost", 25)
smtp.set_debuglevel(True)
smtp.sendmail(payload['From'], destinations, encrypted_mail)
smtp.quit()
Curtis Newton
Jul 18, 2016, 5:28:33 AM7/18/16
to python-gnupg
anybody ?
Ian Denhardt
Jul 18, 2016, 10:30:39 AM7/18/16
to python...@googlegroups.com
Quoting Curtis Newton (2016-07-12 10:39:48)
> Hello,
> - as I receive the email I created in python, the signature is a
> separated file, but as I try to decrypt or verify the signature, the
> decryptor says "no data" although encrypted attachements are correctly
> decryptable
> - first I encrytped the whole mail, but decrypted it did not show
> correctly in outlook, so I encrypt some attachements, is it not
> possible to encrypt the whole mail ?
> can someone enlight me on this ?
> thanks
Could you provide a bit more context on what you're trying to achieve?
My reading is that you're trying to programmatically encrypt and sign an
email to yourself, then decrypt & verify it in outlook, but it's not
entirely clear to me.
I don't know what PGP integration without outlook looks like, can you
give us a bit more information about your mail client's setup?
Also, it's rather difficult to inspect your code the way it's
beenincluded in this email; somewhere between writing the code and
getting to my inbox something has mangled the formatting. Would be
easier to read if you paste-binned it or sent it as an attachment.
Finally, I wrote most of a library for doing this stuff a while
back; iirc I never got around to getting verification working and there
were some API changes I wanted to make, but it may be useful as a
starting point:
https://github.com/zenhack/python-gpgmime
-Ian
> Hello,
> - as I receive the email I created in python, the signature is a
> separated file, but as I try to decrypt or verify the signature, the
> decryptor says "no data" although encrypted attachements are correctly
> decryptable
> - first I encrytped the whole mail, but decrypted it did not show
> correctly in outlook, so I encrypt some attachements, is it not
> possible to encrypt the whole mail ?
> can someone enlight me on this ?
> thanks
My reading is that you're trying to programmatically encrypt and sign an
email to yourself, then decrypt & verify it in outlook, but it's not
entirely clear to me.
I don't know what PGP integration without outlook looks like, can you
give us a bit more information about your mail client's setup?
Also, it's rather difficult to inspect your code the way it's
beenincluded in this email; somewhere between writing the code and
getting to my inbox something has mangled the formatting. Would be
easier to read if you paste-binned it or sent it as an attachment.
Finally, I wrote most of a library for doing this stuff a while
back; iirc I never got around to getting verification working and there
were some API changes I wanted to make, but it may be useful as a
starting point:
https://github.com/zenhack/python-gpgmime
-Ian
Curtis Newton
Jul 19, 2016, 3:30:48 AM7/19/16
to python-gnupg
you can copy paste the code from here : https://groups.google.com/forum/#!topic/python-gnupg/snFjaOhTV1M
"My reading is that you're trying to programmatically encrypt and sign an
email to yourself, then decrypt & verify it in outlook,"
yeah that's what I want to do, I have the attached signature but the decrypter consider it as "no data" to decrypt
I use gnupg4win, wich adds a few options in outlook to decrypt the email
I use gnupg4win, wich adds a few options in outlook to decrypt the email
Curtis Newton
Jul 19, 2016, 3:36:29 AM7/19/16
to python-gnupg
I tried to decrypt your signature with gnupg4win but it also says "no OpenPGP valid data"
Curtis Newton
Jul 19, 2016, 3:41:18 AM7/19/16
to python-gnupg
I tried this on the command line, providing the same file for the data
>gpg -d signature.asc
Detached signature.
Please enter name of data file: signature.asc
gpg: Signature made 07/18/16 16:30:32 using RSA key ID D4CA3CB8
gpg: Can't check signature: public key not found
then I thought maybe the gpg4win client says "no data" cos the signature is detached
>gpg -d signature.asc
Detached signature.
Please enter name of data file: signature.asc
gpg: Signature made 07/18/16 16:30:32 using RSA key ID D4CA3CB8
gpg: Can't check signature: public key not found
then I thought maybe the gpg4win client says "no data" cos the signature is detached
Ian Denhardt
Jul 19, 2016, 2:16:41 PM7/19/16
to python...@googlegroups.com
Quoting Curtis Newton (2016-07-19 03:41:18)
my public key in your keyring.
The other thing that jumps out at me is that the signature file doesn't
actually contain the message (this is what it means by a "detached"
signature), so it's asking you for the name of the "data file," i.e. the
file that contains the thing that is being signed: the main text of the
email. It looks like you're trying to hand it the signature file again,
which isn't what it's looking for.
Outlook should be doing the necessary work to feed gpg the right things.
Have you successfully verified signed emails from other people?
Suggestion: download my public key (available from many keyservers) and
see what outlook says about my signatures then.
Just in case you haven't read it, rfc3156 details the way pgp-mime
emails are constructed:
https://tools.ietf.org/html/rfc3156
Curtis Newton
Jul 20, 2016, 1:46:34 AM7/20/16
to python-gnupg
yeah as I said I fed the signature back just to test the command line
but that least to that very problem
- I dont have the body of the email available (unless export it from outlook, dont know how to do this)
- I wanted more of some automated way, I'll check with gnupg4win forum
but that least to that very problem
- I dont have the body of the email available (unless export it from outlook, dont know how to do this)
- I wanted more of some automated way, I'll check with gnupg4win forum
Reply all
Reply to author
Forward
0 new messages