2 * Copyright notice from original mutt:
3 * Copyright (C) 1996,1997 Michael R. Elkins <me@mutt.org>
4 * Copyright (C) 1998,1999 Thomas Roessler <roessler@does-not-exist.org>
5 * Copyright (C) 2004 g10 Code GmbH
7 * This file is part of mutt-ng, see http://www.muttng.org/.
8 * It's licensed under the GNU General Public License,
9 * please see the file GPL in the top level source directory.
13 * This file contains all of the PGP routines necessary to sign, encrypt,
14 * verify and decrypt PGP messages in either the new PGP/MIME format, or
15 * in the older Application/Pgp format. It also contains some code to
16 * cache the user's passphrase for repeat use when decrypting or signing
25 #include "mutt_curses.h"
42 #ifdef HAVE_SYS_TIME_H
43 # include <sys/time.h>
46 #ifdef HAVE_SYS_RESOURCE_H
47 # include <sys/resource.h>
50 #ifdef CRYPT_BACKEND_CLASSIC_PGP
52 #include "mutt_crypt.h"
53 #include "mutt_menu.h"
57 time_t PgpExptime = 0; /* when does the cached passphrase expire? */
59 void pgp_void_passphrase (void)
61 memset (PgpPass, 0, sizeof (PgpPass));
65 int pgp_valid_passphrase (void)
67 time_t now = time (NULL);
69 if (pgp_use_gpg_agent ()) {
71 return 1; /* handled by gpg-agent */
75 /* Use cached copy. */
78 pgp_void_passphrase ();
81 (_("Enter PGP passphrase:"), PgpPass, sizeof (PgpPass)) == 0) {
82 PgpExptime = time (NULL) + PgpTimeout;
91 void pgp_forget_passphrase (void)
93 pgp_void_passphrase ();
94 mutt_message _("PGP passphrase forgotten.");
97 int pgp_use_gpg_agent (void)
99 return option (OPTUSEGPGAGENT) && getenv ("GPG_TTY")
100 && getenv ("GPG_AGENT_INFO");
103 char *pgp_keyid (pgp_key_t k)
105 if ((k->flags & KEYFLAG_SUBKEY) && k->parent && option (OPTPGPIGNORESUB))
108 return _pgp_keyid (k);
111 char *_pgp_keyid (pgp_key_t k)
113 if (option (OPTPGPLONGIDS))
116 return (k->keyid + 8);
119 /* ----------------------------------------------------------------------------
120 * Routines for handing PGP input.
125 /* Copy PGP output messages and look for signs of a good signature */
127 static int pgp_copy_checksig (FILE * fpin, FILE * fpout)
131 if (PgpGoodSign.pattern) {
136 while ((line = mutt_read_line (line, &linelen, fpin, &lineno)) != NULL) {
137 if (regexec (PgpGoodSign.rx, line, 0, NULL, 0) == 0) {
138 dprint (2, (debugfile, "pgp_copy_checksig: \"%s\" matches regexp.\n",
145 "pgp_copy_checksig: \"%s\" doesn't match regexp.\n", line));
147 if (strncmp (line, "[GNUPG:] ", 9) == 0)
155 dprint (2, (debugfile, "pgp_copy_checksig: No pattern.\n"));
156 mutt_copy_stream (fpin, fpout);
164 * Copy a clearsigned message, and strip the signature and PGP's
167 * XXX - charset handling: We assume that it is safe to do
168 * character set decoding first, dash decoding second here, while
169 * we do it the other way around in the main handler.
171 * (Note that we aren't worse than Outlook &c in this, and also
172 * note that we can successfully handle anything produced by any
173 * existing versions of mutt.)
176 static void pgp_copy_clearsigned (FILE * fpin, STATE * s, char *charset)
178 char buf[HUGE_STRING];
179 short complete, armor_header;
185 fc = fgetconv_open (fpin, charset, Charset, M_ICONV_HOOK_FROM);
187 for (complete = 1, armor_header = 1;
188 fgetconvs (buf, sizeof (buf), fc) != NULL;
189 complete = strchr (buf, '\n') != NULL) {
196 if (mutt_strcmp (buf, "-----BEGIN PGP SIGNATURE-----\n") == 0)
200 char *p = mutt_skip_whitespace (buf);
208 state_puts (s->prefix, s);
210 if (buf[0] == '-' && buf[1] == ' ')
211 state_puts (buf + 2, s);
216 fgetconv_close (&fc);
220 /* Support for the Application/PGP Content Type. */
222 void pgp_application_pgp_handler (BODY * m, STATE * s)
224 int needpass = -1, pgp_keyblock = 0;
225 int clearsign = 0, rv, rc;
227 long bytes, last_pos, offset;
228 char buf[HUGE_STRING];
229 char outfile[_POSIX_PATH_MAX];
230 char tmpfname[_POSIX_PATH_MAX];
231 FILE *pgpout = NULL, *pgpin = NULL, *pgperr = NULL;
235 short maybe_goodsig = 1;
236 short have_any_sigs = 0;
238 char body_charset[STRING];
240 mutt_get_body_charset (body_charset, sizeof (body_charset), m);
242 rc = 0; /* silence false compiler warning if (s->flags & M_DISPLAY) */
244 fseek (s->fpin, m->offset, 0);
245 last_pos = m->offset;
247 for (bytes = m->length; bytes > 0;) {
248 if (fgets (buf, sizeof (buf), s->fpin) == NULL)
251 offset = ftell (s->fpin);
252 bytes -= (offset - last_pos); /* don't rely on mutt_strlen(buf) */
255 if (mutt_strncmp ("-----BEGIN PGP ", buf, 15) == 0) {
257 start_pos = last_pos;
259 if (mutt_strcmp ("MESSAGE-----\n", buf + 15) == 0)
261 else if (mutt_strcmp ("SIGNED MESSAGE-----\n", buf + 15) == 0) {
265 else if (!option (OPTDONTHANDLEPGPKEYS) &&
266 mutt_strcmp ("PUBLIC KEY BLOCK-----\n", buf + 15) == 0) {
271 /* XXX - we may wish to recode here */
273 state_puts (s->prefix, s);
278 have_any_sigs = have_any_sigs || (clearsign && (s->flags & M_VERIFY));
280 /* Copy PGP material to temporary file */
281 mutt_mktemp (tmpfname);
282 if ((tmpfp = safe_fopen (tmpfname, "w+")) == NULL) {
283 mutt_perror (tmpfname);
288 while (bytes > 0 && fgets (buf, sizeof (buf) - 1, s->fpin) != NULL) {
289 offset = ftell (s->fpin);
290 bytes -= (offset - last_pos); /* don't rely on mutt_strlen(buf) */
296 && mutt_strcmp ("-----END PGP MESSAGE-----\n", buf) == 0)
298 && (mutt_strcmp ("-----END PGP SIGNATURE-----\n", buf) == 0
299 || mutt_strcmp ("-----END PGP PUBLIC KEY BLOCK-----\n",
304 /* leave tmpfp open in case we still need it - but flush it! */
308 /* Invoke PGP if needed */
309 if (!clearsign || (s->flags & M_VERIFY)) {
310 mutt_mktemp (outfile);
311 if ((pgpout = safe_fopen (outfile, "w+")) == NULL) {
312 mutt_perror (tmpfname);
316 if ((thepid = pgp_invoke_decode (&pgpin, NULL, &pgperr, -1,
317 fileno (pgpout), -1, tmpfname,
319 safe_fclose (&pgpout);
324 ("[-- Error: unable to create PGP subprocess! --]\n"),
327 else { /* PGP started successfully */
330 if (!pgp_valid_passphrase ())
331 pgp_void_passphrase ();
332 if (pgp_use_gpg_agent ())
334 fprintf (pgpin, "%s\n", PgpPass);
337 safe_fclose (&pgpin);
339 if (s->flags & M_DISPLAY) {
340 crypt_current_time (s, "PGP");
341 rc = pgp_copy_checksig (pgperr, s->fpout);
344 safe_fclose (&pgperr);
345 rv = mutt_wait_filter (thepid);
347 if (s->flags & M_DISPLAY) {
352 * gpg_good_sign-pattern did not match || pgp_decode_command returned not 0
353 * Sig _is_ correct if
354 * gpg_good_sign="" && pgp_decode_command returned 0
359 state_putc ('\n', s);
360 state_attach_puts (_("[-- End of PGP output --]\n\n"), s);
367 * Now, copy cleartext to the screen. NOTE - we expect that PGP
368 * outputs utf-8 cleartext. This may not always be true, but it
369 * seems to be a reasonable guess.
372 if (s->flags & M_DISPLAY) {
374 state_attach_puts (_("[-- BEGIN PGP MESSAGE --]\n\n"), s);
375 else if (pgp_keyblock)
376 state_attach_puts (_("[-- BEGIN PGP PUBLIC KEY BLOCK --]\n"), s);
378 state_attach_puts (_("[-- BEGIN PGP SIGNED MESSAGE --]\n\n"), s);
384 pgp_copy_clearsigned (tmpfp, s, body_charset);
391 state_set_prefix (s);
392 fc = fgetconv_open (pgpout, "utf-8", Charset, 0);
393 while ((c = fgetconv (fc)) != EOF)
394 state_prefix_putc (c, s);
395 fgetconv_close (&fc);
398 if (s->flags & M_DISPLAY) {
399 state_putc ('\n', s);
401 state_attach_puts (_("[-- END PGP MESSAGE --]\n"), s);
402 else if (pgp_keyblock)
403 state_attach_puts (_("[-- END PGP PUBLIC KEY BLOCK --]\n"), s);
405 state_attach_puts (_("[-- END PGP SIGNED MESSAGE --]\n"), s);
409 safe_fclose (&tmpfp);
410 mutt_unlink (tmpfname);
413 safe_fclose (&pgpout);
414 mutt_unlink (outfile);
418 /* XXX - we may wish to recode here */
420 state_puts (s->prefix, s);
425 m->goodsig = (maybe_goodsig && have_any_sigs);
427 if (needpass == -1) {
429 ("[-- Error: could not find beginning of PGP message! --]\n\n"),
435 static int pgp_check_traditional_one_body (FILE * fp, BODY * b,
438 char tempfile[_POSIX_PATH_MAX];
439 char buf[HUGE_STRING];
446 if (b->type != TYPETEXT)
449 if (tagged_only && !b->tagged)
452 mutt_mktemp (tempfile);
453 if (mutt_decode_save_attachment (fp, b, tempfile, 0, 0) != 0) {
458 if ((tfp = fopen (tempfile, "r")) == NULL) {
463 while (fgets (buf, sizeof (buf), tfp)) {
464 if (mutt_strncmp ("-----BEGIN PGP ", buf, 15) == 0) {
465 if (mutt_strcmp ("MESSAGE-----\n", buf + 15) == 0)
467 else if (mutt_strcmp ("SIGNED MESSAGE-----\n", buf + 15) == 0)
469 else if (mutt_strcmp ("PUBLIC KEY BLOCK-----\n", buf + 15) == 0)
476 if (!enc && !sgn && !key)
479 /* fix the content type */
481 mutt_set_parameter ("format", "fixed", &b->parameter);
483 mutt_set_parameter ("x-action", "pgp-encrypted", &b->parameter);
485 mutt_set_parameter ("x-action", "pgp-signed", &b->parameter);
487 mutt_set_parameter ("x-action", "pgp-keys", &b->parameter);
492 int pgp_check_traditional (FILE * fp, BODY * b, int tagged_only)
497 for (; b; b = b->next) {
498 if (is_multipart (b))
499 rv = pgp_check_traditional (fp, b->parts, tagged_only) || rv;
500 else if (b->type == TYPETEXT) {
501 if ((r = mutt_is_application_pgp (b)))
504 rv = pgp_check_traditional_one_body (fp, b, tagged_only) || rv;
515 int pgp_verify_one (BODY * sigbdy, STATE * s, const char *tempfile)
517 char sigfile[_POSIX_PATH_MAX], pgperrfile[_POSIX_PATH_MAX];
518 FILE *fp, *pgpout, *pgperr;
523 snprintf (sigfile, sizeof (sigfile), "%s.asc", tempfile);
525 if (!(fp = safe_fopen (sigfile, "w"))) {
526 mutt_perror (sigfile);
530 fseek (s->fpin, sigbdy->offset, 0);
531 mutt_copy_bytes (s->fpin, fp, sigbdy->length);
534 mutt_mktemp (pgperrfile);
535 if (!(pgperr = safe_fopen (pgperrfile, "w+"))) {
536 mutt_perror (pgperrfile);
541 crypt_current_time (s, "PGP");
543 if ((thepid = pgp_invoke_verify (NULL, &pgpout, NULL,
544 -1, -1, fileno (pgperr),
545 tempfile, sigfile)) != -1) {
546 if (pgp_copy_checksig (pgpout, s->fpout) >= 0)
550 safe_fclose (&pgpout);
554 if (pgp_copy_checksig (pgperr, s->fpout) >= 0)
557 if ((rv = mutt_wait_filter (thepid)))
561 (debugfile, "pgp_verify_one: mutt_wait_filter returned %d.\n",
565 safe_fclose (&pgperr);
567 state_attach_puts (_("[-- End of PGP output --]\n\n"), s);
569 mutt_unlink (sigfile);
570 mutt_unlink (pgperrfile);
572 dprint (1, (debugfile, "pgp_verify_one: returning %d.\n", badsig));
578 /* Extract pgp public keys from messages or attachments */
580 void pgp_extract_keys_from_messages (HEADER * h)
583 char tempfname[_POSIX_PATH_MAX];
587 mutt_parse_mime_message (Context, h);
588 if (h->security & PGPENCRYPT && !pgp_valid_passphrase ())
592 mutt_mktemp (tempfname);
593 if (!(fpout = safe_fopen (tempfname, "w"))) {
594 mutt_perror (tempfname);
598 set_option (OPTDONTHANDLEPGPKEYS);
601 for (i = 0; i < Context->vcount; i++) {
602 if (Context->hdrs[Context->v2r[i]]->tagged) {
603 mutt_parse_mime_message (Context, Context->hdrs[Context->v2r[i]]);
604 if (Context->hdrs[Context->v2r[i]]->security & PGPENCRYPT
605 && !pgp_valid_passphrase ()) {
609 mutt_copy_message (fpout, Context, Context->hdrs[Context->v2r[i]],
610 M_CM_DECODE | M_CM_CHARCONV, 0);
615 mutt_parse_mime_message (Context, h);
616 if (h->security & PGPENCRYPT && !pgp_valid_passphrase ()) {
620 mutt_copy_message (fpout, Context, h, M_CM_DECODE | M_CM_CHARCONV, 0);
625 pgp_invoke_import (tempfname);
626 mutt_any_key_to_continue (NULL);
630 mutt_unlink (tempfname);
631 unset_option (OPTDONTHANDLEPGPKEYS);
635 static void pgp_extract_keys_from_attachment (FILE * fp, BODY * top)
639 char tempfname[_POSIX_PATH_MAX];
641 mutt_mktemp (tempfname);
642 if (!(tempfp = safe_fopen (tempfname, "w"))) {
643 mutt_perror (tempfname);
647 memset (&s, 0, sizeof (STATE));
652 mutt_body_handler (top, &s);
656 pgp_invoke_import (tempfname);
657 mutt_any_key_to_continue (NULL);
659 mutt_unlink (tempfname);
662 void pgp_extract_keys_from_attachment_list (FILE * fp, int tag, BODY * top)
665 mutt_error _("Internal error. Inform <roessler@does-not-exist.org>.");
671 set_option (OPTDONTHANDLEPGPKEYS);
673 for (; top; top = top->next) {
674 if (!tag || top->tagged)
675 pgp_extract_keys_from_attachment (fp, top);
681 unset_option (OPTDONTHANDLEPGPKEYS);
684 BODY *pgp_decrypt_part (BODY * a, STATE * s, FILE * fpout, BODY * p)
686 char buf[LONG_STRING];
687 FILE *pgpin, *pgpout, *pgperr, *pgptmp;
691 char pgperrfile[_POSIX_PATH_MAX];
692 char pgptmpfile[_POSIX_PATH_MAX];
695 mutt_mktemp (pgperrfile);
696 if ((pgperr = safe_fopen (pgperrfile, "w+")) == NULL) {
697 mutt_perror (pgperrfile);
702 mutt_mktemp (pgptmpfile);
703 if ((pgptmp = safe_fopen (pgptmpfile, "w")) == NULL) {
704 mutt_perror (pgptmpfile);
709 /* Position the stream at the beginning of the body, and send the data to
710 * the temporary file.
713 fseek (s->fpin, a->offset, 0);
714 mutt_copy_bytes (s->fpin, pgptmp, a->length);
717 if ((thepid = pgp_invoke_decrypt (&pgpin, &pgpout, NULL, -1, -1,
718 fileno (pgperr), pgptmpfile)) == -1) {
721 if (s->flags & M_DISPLAY)
723 ("[-- Error: could not create a PGP subprocess! --]\n\n"),
728 /* send the PGP passphrase to the subprocess. Never do this if the
729 agent is active, because this might lead to a passphrase send as
731 if (!pgp_use_gpg_agent ())
732 fputs (PgpPass, pgpin);
736 /* Read the output from PGP, and make sure to change CRLF to LF, otherwise
737 * read_mime_header has a hard time parsing the message.
739 while (fgets (buf, sizeof (buf) - 1, pgpout) != NULL) {
740 len = mutt_strlen (buf);
741 if (len > 1 && buf[len - 2] == '\r')
742 strcpy (buf + len - 2, "\n"); /* __STRCPY_CHECKED__ */
747 mutt_wait_filter (thepid);
748 mutt_unlink (pgptmpfile);
750 if (s->flags & M_DISPLAY) {
753 if (pgp_copy_checksig (pgperr, s->fpout) == 0 && p)
755 state_attach_puts (_("[-- End of PGP output --]\n\n"), s);
762 if (fgetc (fpout) == EOF)
767 if ((tattach = mutt_read_mime_header (fpout, 0)) != NULL) {
769 * Need to set the length of this body part.
771 fstat (fileno (fpout), &info);
772 tattach->length = info.st_size - tattach->offset;
774 /* See if we need to recurse on this MIME part. */
776 mutt_parse_part (fpout, tattach);
782 int pgp_decrypt_mime (FILE * fpin, FILE ** fpout, BODY * b, BODY ** cur)
784 char tempfile[_POSIX_PATH_MAX];
788 if (!mutt_is_multipart_encrypted (b))
791 if (!b->parts || !b->parts->next)
796 memset (&s, 0, sizeof (s));
798 mutt_mktemp (tempfile);
799 if ((*fpout = safe_fopen (tempfile, "w+")) == NULL) {
800 mutt_perror (tempfile);
805 *cur = pgp_decrypt_part (b, &s, *fpout, p);
815 void pgp_encrypted_handler (BODY * a, STATE * s)
817 char tempfile[_POSIX_PATH_MAX];
823 if (!a || a->type != TYPEAPPLICATION || !a->subtype ||
824 ascii_strcasecmp ("pgp-encrypted", a->subtype) != 0 ||
825 !a->next || a->next->type != TYPEAPPLICATION || !a->next->subtype ||
826 ascii_strcasecmp ("octet-stream", a->next->subtype) != 0) {
827 if (s->flags & M_DISPLAY)
828 state_attach_puts (_("[-- Error: malformed PGP/MIME message! --]\n\n"),
834 * Move forward to the application/pgp-encrypted body.
838 mutt_mktemp (tempfile);
839 if ((fpout = safe_fopen (tempfile, "w+")) == NULL) {
840 if (s->flags & M_DISPLAY)
842 ("[-- Error: could not create temporary file! --]\n"),
847 if (s->flags & M_DISPLAY)
848 crypt_current_time (s, "PGP");
850 if ((tattach = pgp_decrypt_part (a, s, fpout, p)) != NULL) {
851 if (s->flags & M_DISPLAY)
853 ("[-- The following data is PGP/MIME encrypted --]\n\n"),
858 mutt_body_handler (tattach, s);
862 * if a multipart/signed is the _only_ sub-part of a
863 * multipart/encrypted, cache signature verification
868 if (mutt_is_multipart_signed (tattach) && !tattach->next)
869 p->goodsig |= tattach->goodsig;
871 if (s->flags & M_DISPLAY) {
872 state_puts ("\n", s);
873 state_attach_puts (_("[-- End of PGP/MIME encrypted data --]\n"), s);
876 mutt_free_body (&tattach);
880 mutt_unlink (tempfile);
883 /* ----------------------------------------------------------------------------
884 * Routines for sending PGP/MIME messages.
888 BODY *pgp_sign_message (BODY * a)
891 char buffer[LONG_STRING];
892 char sigfile[_POSIX_PATH_MAX], signedfile[_POSIX_PATH_MAX];
893 FILE *pgpin, *pgpout, *pgperr, *fp, *sfp;
898 convert_to_7bit (a); /* Signed data _must_ be in 7-bit format. */
900 mutt_mktemp (sigfile);
901 if ((fp = safe_fopen (sigfile, "w")) == NULL) {
905 mutt_mktemp (signedfile);
906 if ((sfp = safe_fopen (signedfile, "w")) == NULL) {
907 mutt_perror (signedfile);
913 mutt_write_mime_header (a, sfp);
915 mutt_write_mime_body (a, sfp);
918 if ((thepid = pgp_invoke_sign (&pgpin, &pgpout, &pgperr,
919 -1, -1, -1, signedfile)) == -1) {
920 mutt_perror _("Can't open PGP subprocess!");
928 if (!pgp_use_gpg_agent ())
929 fputs (PgpPass, pgpin);
934 * Read back the PGP signature. Also, change MESSAGE=>SIGNATURE as
935 * recommended for future releases of PGP.
937 while (fgets (buffer, sizeof (buffer) - 1, pgpout) != NULL) {
938 if (mutt_strcmp ("-----BEGIN PGP MESSAGE-----\n", buffer) == 0)
939 fputs ("-----BEGIN PGP SIGNATURE-----\n", fp);
940 else if (mutt_strcmp ("-----END PGP MESSAGE-----\n", buffer) == 0)
941 fputs ("-----END PGP SIGNATURE-----\n", fp);
944 empty = 0; /* got some output, so we're ok */
947 /* check for errors from PGP */
949 while (fgets (buffer, sizeof (buffer) - 1, pgperr) != NULL) {
951 fputs (buffer, stdout);
954 if (mutt_wait_filter (thepid) && option (OPTPGPCHECKEXIT))
961 if (fclose (fp) != 0) {
962 mutt_perror ("fclose");
968 pgp_void_passphrase ();
969 mutt_any_key_to_continue (NULL);
974 return (NULL); /* fatal error while signing */
977 t = mutt_new_body ();
978 t->type = TYPEMULTIPART;
979 t->subtype = safe_strdup ("signed");
980 t->encoding = ENC7BIT;
982 t->disposition = DISPINLINE;
984 mutt_generate_boundary (&t->parameter);
985 mutt_set_parameter ("protocol", "application/pgp-signature", &t->parameter);
986 mutt_set_parameter ("micalg", pgp_micalg (sigfile), &t->parameter);
991 t->parts->next = mutt_new_body ();
993 t->type = TYPEAPPLICATION;
994 t->subtype = safe_strdup ("pgp-signature");
995 t->filename = safe_strdup (sigfile);
997 t->disposition = DISPINLINE;
998 t->encoding = ENC7BIT;
999 t->unlink = 1; /* ok to remove this file after sending. */
1004 static short is_numerical_keyid (const char *s)
1006 /* or should we require the "0x"? */
1007 if (strncmp (s, "0x", 2) == 0)
1009 if (mutt_strlen (s) % 8)
1012 if (strchr ("0123456789ABCDEFabcdef", *s++) == NULL)
1018 /* This routine attempts to find the keyids of the recipients of a message.
1019 * It returns NULL if any of the keys can not be found.
1021 char *pgp_findKeys (ADDRESS * to, ADDRESS * cc, ADDRESS * bcc)
1023 char *keyID, *keylist = NULL, *t;
1024 size_t keylist_size = 0;
1025 size_t keylist_used = 0;
1026 ADDRESS *tmp = NULL, *addr = NULL;
1027 ADDRESS **last = &tmp;
1030 pgp_key_t k_info = NULL, key = NULL;
1032 const char *fqdn = mutt_fqdn (1);
1034 for (i = 0; i < 3; i++) {
1049 *last = rfc822_cpy_adr (p);
1051 last = &((*last)->next);
1055 rfc822_qualify (tmp, fqdn);
1057 tmp = mutt_remove_duplicates (tmp);
1059 for (p = tmp; p; p = p->next) {
1060 char buf[LONG_STRING];
1065 if ((keyID = mutt_crypt_hook (p)) != NULL) {
1068 snprintf (buf, sizeof (buf), _("Use keyID = \"%s\" for %s?"), keyID,
1070 if ((r = mutt_yesorno (buf, M_YES)) == M_YES) {
1071 if (is_numerical_keyid (keyID)) {
1072 if (strncmp (keyID, "0x", 2) == 0)
1074 goto bypass_selection; /* you don't see this. */
1077 /* check for e-mail address */
1078 if ((t = strchr (keyID, '@')) &&
1079 (addr = rfc822_parse_adrlist (NULL, keyID))) {
1081 rfc822_qualify (addr, fqdn);
1085 k_info = pgp_getkeybystr (keyID, KEYFLAG_CANENCRYPT, PGP_PUBRING);
1089 rfc822_free_address (&tmp);
1090 rfc822_free_address (&addr);
1096 pgp_invoke_getkeys (q);
1100 pgp_getkeybyaddr (q, KEYFLAG_CANENCRYPT, PGP_PUBRING)) == NULL) {
1101 snprintf (buf, sizeof (buf), _("Enter keyID for %s: "), q->mailbox);
1103 if ((key = pgp_ask_for_key (buf, q->mailbox,
1104 KEYFLAG_CANENCRYPT, PGP_PUBRING)) == NULL) {
1106 rfc822_free_address (&tmp);
1107 rfc822_free_address (&addr);
1114 keyID = pgp_keyid (key);
1117 keylist_size += mutt_strlen (keyID) + 4;
1118 safe_realloc (&keylist, keylist_size);
1119 sprintf (keylist + keylist_used, "%s0x%s", keylist_used ? " " : "", /* __SPRINTF_CHECKED__ */
1121 keylist_used = mutt_strlen (keylist);
1123 pgp_free_key (&key);
1124 rfc822_free_address (&addr);
1127 rfc822_free_address (&tmp);
1131 /* Warning: "a" is no longer freed in this routine, you need
1132 * to free it later. This is necessary for $fcc_attach. */
1134 BODY *pgp_encrypt_message (BODY * a, char *keylist, int sign)
1136 char buf[LONG_STRING];
1137 char tempfile[_POSIX_PATH_MAX], pgperrfile[_POSIX_PATH_MAX];
1138 char pgpinfile[_POSIX_PATH_MAX];
1139 FILE *pgpin, *pgperr, *fpout, *fptmp;
1145 mutt_mktemp (tempfile);
1146 if ((fpout = safe_fopen (tempfile, "w+")) == NULL) {
1147 mutt_perror (tempfile);
1151 mutt_mktemp (pgperrfile);
1152 if ((pgperr = safe_fopen (pgperrfile, "w+")) == NULL) {
1153 mutt_perror (pgperrfile);
1158 unlink (pgperrfile);
1160 mutt_mktemp (pgpinfile);
1161 if ((fptmp = safe_fopen (pgpinfile, "w")) == NULL) {
1162 mutt_perror (pgpinfile);
1170 convert_to_7bit (a);
1172 mutt_write_mime_header (a, fptmp);
1173 fputc ('\n', fptmp);
1174 mutt_write_mime_body (a, fptmp);
1177 if ((thepid = pgp_invoke_encrypt (&pgpin, NULL, NULL, -1,
1178 fileno (fpout), fileno (pgperr),
1179 pgpinfile, keylist, sign)) == -1) {
1186 if (!pgp_use_gpg_agent ())
1187 fputs (PgpPass, pgpin);
1188 fputc ('\n', pgpin);
1192 if (mutt_wait_filter (thepid) && option (OPTPGPCHECKEXIT))
1200 empty = (fgetc (fpout) == EOF);
1205 while (fgets (buf, sizeof (buf) - 1, pgperr) != NULL) {
1207 fputs (buf, stdout);
1211 /* pause if there is any error output from PGP */
1213 mutt_any_key_to_continue (NULL);
1216 /* fatal error while trying to encrypt message */
1221 t = mutt_new_body ();
1222 t->type = TYPEMULTIPART;
1223 t->subtype = safe_strdup ("encrypted");
1224 t->encoding = ENC7BIT;
1226 t->disposition = DISPINLINE;
1228 mutt_generate_boundary (&t->parameter);
1229 mutt_set_parameter ("protocol", "application/pgp-encrypted", &t->parameter);
1231 t->parts = mutt_new_body ();
1232 t->parts->type = TYPEAPPLICATION;
1233 t->parts->subtype = safe_strdup ("pgp-encrypted");
1234 t->parts->encoding = ENC7BIT;
1236 t->parts->next = mutt_new_body ();
1237 t->parts->next->type = TYPEAPPLICATION;
1238 t->parts->next->subtype = safe_strdup ("octet-stream");
1239 t->parts->next->encoding = ENC7BIT;
1240 t->parts->next->filename = safe_strdup (tempfile);
1241 t->parts->next->use_disp = 1;
1242 t->parts->next->disposition = DISPINLINE;
1243 t->parts->next->unlink = 1; /* delete after sending the message */
1244 t->parts->next->d_filename = safe_strdup ("msg.asc"); /* non pgp/mime can save */
1249 BODY *pgp_traditional_encryptsign (BODY * a, int flags, char *keylist)
1253 char pgpoutfile[_POSIX_PATH_MAX];
1254 char pgperrfile[_POSIX_PATH_MAX];
1255 char pgpinfile[_POSIX_PATH_MAX];
1257 char body_charset[STRING];
1259 const char *send_charset;
1261 FILE *pgpout = NULL, *pgperr = NULL, *pgpin = NULL;
1271 if (a->type != TYPETEXT)
1273 if (ascii_strcasecmp (a->subtype, "plain"))
1276 if ((fp = fopen (a->filename, "r")) == NULL) {
1277 mutt_perror (a->filename);
1281 mutt_mktemp (pgpinfile);
1282 if ((pgpin = safe_fopen (pgpinfile, "w")) == NULL) {
1283 mutt_perror (pgpinfile);
1288 /* The following code is really correct: If noconv is set,
1289 * a's charset parameter contains the on-disk character set, and
1290 * we have to convert from that to utf-8. If noconv is not set,
1291 * we have to convert from $charset to utf-8.
1294 mutt_get_body_charset (body_charset, sizeof (body_charset), a);
1296 from_charset = body_charset;
1298 from_charset = Charset;
1300 if (!mutt_is_us_ascii (body_charset)) {
1304 if (flags & ENCRYPT)
1305 send_charset = "us-ascii";
1307 send_charset = "utf-8";
1309 fc = fgetconv_open (fp, from_charset, "utf-8", M_ICONV_HOOK_FROM);
1310 while ((c = fgetconv (fc)) != EOF)
1313 fgetconv_close (&fc);
1316 send_charset = "us-ascii";
1317 mutt_copy_stream (fp, pgpin);
1322 mutt_mktemp (pgpoutfile);
1323 mutt_mktemp (pgperrfile);
1324 if ((pgpout = safe_fopen (pgpoutfile, "w+")) == NULL ||
1325 (pgperr = safe_fopen (pgperrfile, "w+")) == NULL) {
1326 mutt_perror (pgpout ? pgperrfile : pgpoutfile);
1330 unlink (pgpoutfile);
1335 unlink (pgperrfile);
1337 if ((thepid = pgp_invoke_traditional (&pgpin, NULL, NULL,
1338 -1, fileno (pgpout), fileno (pgperr),
1339 pgpinfile, keylist, flags)) == -1) {
1340 mutt_perror _("Can't invoke PGP");
1344 mutt_unlink (pgpinfile);
1345 unlink (pgpoutfile);
1349 if (pgp_use_gpg_agent ())
1352 fprintf (pgpin, "%s\n", PgpPass);
1355 if (mutt_wait_filter (thepid) && option (OPTPGPCHECKEXIT))
1358 mutt_unlink (pgpinfile);
1367 empty = (fgetc (pgpout) == EOF);
1372 while (fgets (buff, sizeof (buff), pgperr)) {
1374 fputs (buff, stdout);
1380 mutt_any_key_to_continue (NULL);
1383 unlink (pgpoutfile);
1387 b = mutt_new_body ();
1389 b->encoding = ENC7BIT;
1392 b->subtype = safe_strdup ("plain");
1394 mutt_set_parameter ("x-action",
1395 flags & ENCRYPT ? "pgp-encrypted" : "pgp-signed",
1397 mutt_set_parameter ("charset", send_charset, &b->parameter);
1399 b->filename = safe_strdup (pgpoutfile);
1402 /* The following is intended to give a clue to some completely brain-dead
1403 * "mail environments" which are typically used by large corporations.
1406 b->d_filename = safe_strdup ("msg.pgp");
1411 b->disposition = DISPINLINE;
1417 if (!(flags & ENCRYPT))
1418 b->encoding = a->encoding;
1423 int pgp_send_menu (HEADER * msg, int *redraw)
1426 char input_signas[SHORT_STRING];
1428 char prompt[LONG_STRING];
1430 if (!(WithCrypto & APPLICATION_PGP))
1431 return msg->security;
1433 /* If autoinline and no crypto options set, then set inline. */
1434 if (option (OPTPGPAUTOINLINE) && !((msg->security & APPLICATION_PGP)
1435 && (msg->security & (SIGN | ENCRYPT))))
1436 msg->security |= INLINE;
1438 snprintf (prompt, sizeof (prompt),
1439 _("PGP (e)ncrypt, (s)ign, sign (a)s, (b)oth, %s, or (c)lear? "),
1440 (msg->security & INLINE) ? _("PGP/M(i)ME") : _("(i)nline"));
1442 switch (mutt_multi_choice (prompt, _("esabifc"))) {
1443 case 1: /* (e)ncrypt */
1444 msg->security |= ENCRYPT;
1445 msg->security &= ~SIGN;
1448 case 2: /* (s)ign */
1449 msg->security |= SIGN;
1450 msg->security &= ~ENCRYPT;
1453 case 3: /* sign (a)s */
1454 unset_option (OPTPGPCHECKTRUST);
1457 pgp_ask_for_key (_("Sign as: "), NULL, KEYFLAG_CANSIGN,
1459 snprintf (input_signas, sizeof (input_signas), "0x%s", pgp_keyid (p));
1460 mutt_str_replace (&PgpSignAs, input_signas);
1463 msg->security |= SIGN;
1465 crypt_pgp_void_passphrase (); /* probably need a different passphrase */
1469 msg->security &= ~SIGN;
1473 *redraw = REDRAW_FULL;
1476 case 4: /* (b)oth */
1477 msg->security |= (ENCRYPT | SIGN);
1480 case 5: /* (i)nline */
1481 if ((msg->security & (ENCRYPT | SIGN)))
1482 msg->security ^= INLINE;
1484 msg->security &= ~INLINE;
1487 case 6: /* (f)orget it */
1488 case 7: /* (c)lear */
1493 if (msg->security) {
1494 if (!(msg->security & (ENCRYPT | SIGN)))
1497 msg->security |= APPLICATION_PGP;
1500 return (msg->security);
1504 #endif /* CRYPT_BACKEND_CLASSIC_PGP */