-
-
Notifications
You must be signed in to change notification settings - Fork 56
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Getting the raw part from a multipart/signed email #47
Comments
Hi Martijn, you can do the following (copied out of my own code):
That should do the trick (at least it works for me) Kind regards |
I'm trying to do the reverse, I get something that looks right now with: $contents = $parsed->getSignableBody();
$signature = $parsed->getSignaturePart()->getContent();
$valid = $this->verifyPGP($contents, $signature); But I get a bad signature from |
Ah, sorry didn't read that right. What you could do is get all attachment parts with getAllAttachmentParts(), loop through the collection of attachment parts and get the content-type header of each content part until you find the attachment part with the header that matches with application/pgp-signature or application/pgp-encrypted and then extract that mime part. There are couple of examples in the closed issues that will give you the basic code for getting the attachments and looping through them. |
There is a getSignaturePart it seems /**
* Returns the signed part or null if not set.
*
* @return \ZBateson\MailMimeParser\Message\MimePart
*/
public function getSignaturePart()
{
return $this->getChild(0, new PartFilter([ 'signedpart' => PartFilter::FILTER_INCLUDE ]));
} The result I get from my function calls above is: array(2) {
["text"]=>
string(434) "Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
[removed text]"
["signature"]=>
string(199) "-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
[the signature]
-----END PGP SIGNATURE-----
"
} For some reason it's still not working when I decode it with |
Hey that's news to me :-) Is the email that contains the signature quoted-printable encoded? If so is the test.txt file you're using also in quoted-printable? In other words are email source and verification source exactly the same? Other issue might be newlines when getting the signature part, perhaps trim the result of getSignaturePart? |
Hi @MartijnBraam -- Unfortunately 'getSignableBody' is to retrieve the content part of the body assuming you 'want to sign' the email, rather than 'you want to verify'. The difference being that it uses the same 'write' functions used to write out the email (to guarantee the results are the same after being signed). The write functions however don't guarantee the results to be the same as what was /read/ in the email -- so it may trim extra whitespace or change the email from using "\n" to "\r\n" for instance. More destructively, it reads encoded data and re-encodes it as it writes -- so the resulting quoted-printable may look completely different from what the email originally contained. So unfortunately as it is, you can't get the results you'd like directly using MMP. Thinking about this, it should be relatively easy to add though -- I'm already looking at boundaries and using them to create 'part streams' derived from the original stream and attaching decoder streams, etc... I think without too much difficulty I should be able to include a stream containing 'original part contents' for that very purpose. I'll give it some thought -- I'm hoping to have a release for a few fixes (latest HHVM breaking) early-to-mid July. In the meantime unfortunately you'd have to find the content part yourself to verify it using the original stream. All the best, |
Thanks for the explanation. For now my clearsign verification works so I'll focus on writing encrypted / signed email first. |
Hi @MartijnBraam -- I released a solution for this. In 0.4.4 there's a new Message::getOriginalMessageStringForSignatureVerification that returns the 'signed' part of the original message that you should be able to use to verify the signature part returned in getSignaturePart. All the best, |
I'm trying to build a webmail client using this library that supports PGP messages. The clearsigned emails are easily implemented but I'm having a problem with multipart/signed messages.
To verify the signature I need to get the signature part and the raw first part of the message (including child parts and headers) as a string. I cannot find a method to do this in the library or am I missing something?
The text was updated successfully, but these errors were encountered: