Comments (11)
AndreHeinecke
commented on June 26, 2024
Just to be clear. By the word "no-mime", do you mean RFC4880 Section 6 ASCII Armored Messages or Section 7 Cleartext Signatures?
There is currently ongoing work on an "upstream" python binding in GpgME which I suggest you use, not yet released but we will release it soonish. You can find example usage for signing here:
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=blob;f=lang/python/tests/t-sign.py
from intelmq-mailgen.
bernhardreiter
commented on June 26, 2024
@AndreHeinecke we are thinking section 7 -----BEGIN PGP SIGNED MESSAGE----- with no-mime, just as defined in https://wiki.gnupg.org/SignatureHandling. See certtools/intelmq#534 for the library selection rationale.
from intelmq-mailgen.
bernhardreiter
commented on June 26, 2024
With c69f478 there is a simple test file to run, if pygpgme for python3 is installed. See marked TODOs, e.g.
- use a test key (without a passphrase)
- and a test gnupg home
- add a real test framework to run the test
- add python3-gpgme to the requirements of intelmq-mailgen
- configuration for the private key for intelmq-mailgen
- instructions how to configure the privat key, including how to strip the passphrase off
from intelmq-mailgen.
bernhardreiter
commented on June 26, 2024
Another requirement is speed, we want to do do 1 million outgoing emails per day,
that is roughly translates into 1000000/(60_60_24) = ~11.6 mail per second. We want to stay faster
than this.
from intelmq-mailgen.
bernhardreiter
commented on June 26, 2024
6fc9f35 now has
- a test key
- a simple testframe work which
- sets its own gnupghome
from intelmq-mailgen.
bernhardreiter
commented on June 26, 2024
4ae9b3e has a speed test now.
For 500 iterations is shows that the raw signing power in my test is almost 20 sigs/second.
So there is good hope to stay within the requirements
model name : Intel(R) Core(TM)2 Duo CPU T9400 @ 2.53GHz
Linux version 3.16.0-4-amd64 (debian-kernel), Architecture: amd64
Package: python3 Version: 3.4.2-2
Package: gnupg2 Version: 2.1.11-99intevation2
Package: libgcrypt20 Version: 1.6.5-99intevation1
from intelmq-mailgen.
bernhardreiter
commented on June 26, 2024
1f83ff6 has openpgp signing support. Needs more testing.
from intelmq-mailgen.
bernhardreiter
commented on June 26, 2024
For Information: @bernhard-herzog reported that pygpgme with gpgme <1.6.0 does not work in a docker image.
A necessary test is to see if the emails can be read and verified in an email client.
from intelmq-mailgen.
bernhardreiter
commented on June 26, 2024
We should especially test how emails with other characters than 7bit in the body
will be accepted by email clients. I've started to gather some date how clients do this in the wild.
Kontact Mail e35 will create 7bit encoding which is somehow wrong.
I've seen enigmail, and a number of others on gnupg-de or gnupg-devel to use
encoding base64.
There is only one email that I've found on gnupg-devel with uses no-mine signature and
quoted-printable encoding. This one is not interpreted nicely from Kontact Mail e35 and mutt Version: 1.5.21-6.2+deb7u3. This may indicate that we should also use base64 in case of umlauts.
from intelmq-mailgen.
bernhardreiter
commented on June 26, 2024
Testing with dsmtpd and mutt Debian-Version: 1.5.23-3 shows that
the following email verifies fine.
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
From: [email protected]
To: [email protected]
Subject: Moin,
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
this is a template to try.
Ich bin =C3=BCberrascht!
Macht Spa=C3=9F!
Some umlauts in utf-8.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJXV9MAAAoJEJG4zX4VklZ4VD0P/077pFKp5vjRXtaaqFxDWDrj
pzkiMViiNtMvAJ/iR/M0rHG0Wo5s63suB7ru0/OKP3nj3wksXxBFxOv4KqUatXxJ
qYSCdbm5ns3F5rUffo/Fmzt3KyydBwfH6FxetkZfo1I0QkNp/4cS3Ou2T18lOK5k
5D4JlyGFy+eyCkV7hTRIi3sZVFA6glR3nZKwP14P49MCNMy6Ja/X1FvuI5oyz7SO
ETijfAGYM3ls7rxuN+te15142tawP7FEZDOlMSBqop1KYJnNoBfLr2pfTRFy7Fy1
7BMMH25PqtAhiY7pdrnsgORLZABqYKgWOeE6j8xr7fs/OVt2jwWMhikumvAxnt0V
b6///lmbvFNEEiRafJYR8NIThX/vUHKLm+PG5iJbq+hm1c+1inhcMnH6A1/hKxAx
DBUHp+It3rlU4Qb26wUD6Y2y7C55BJ9raV7FHw+uPzvJuMz2lDCLelCUmZQ+m+MX
q03LIpWFFvfaInAx0hvRe8M5Mplqe393qa2hv/l4XL+9w6bkdzDlSKC4BWVgjF5b
PHIQ6eIH5a8ndloWFQWhgSKd/+8ezvwd1x6XSUREWIQLbEhc1PxEAlel7445ydUM
kImWmrcFhxw8BFYOppzMs+FWiV4VKOMXmRFbrat2FmC24HgQ5kRnZUgjaKrJAcw5
gskXxq9g4o4JTl5jIu0I
=3DZFPT
-----END PGP SIGNATURE-----
from intelmq-mailgen.
bernhardreiter
commented on June 26, 2024
Also the corresponding
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
So this issue should be okay now
from intelmq-mailgen.
Related Issues (20)
- Packaging-Debian: Leave system configuration untouched HOT 2
- Add a way to send no notifications for selected recipients. HOT 3
- Allow parallel email creation to raise speed HOT 1
- save intelmq_ticket numers correctly if splitting sql groups HOT 2
- Create a unique ticket number per email usable for help desks HOT 6
- Deb package build process no longer runs unit tests HOT 1
- Make ticket number unguessable
- Modifie CSV output format HOT 2
- non-interactive installation for apache password HOT 3
- logging: move cb.basicConfig() to a better place
- logging: prepare for python standard configuration methods
- Logging: Add a readable log message if the smtp-server is not available
- Add Sphinx documentation generation HOT 2
- OpenPGP/MIME signatures HOT 4
- fast way to notice that a "load of events" has been processed (as indicator for sending)
- 'source_directives' JSON object not added to column "extra" from table "events" HOT 1
- prevent csv injections
- Support python3-gpg (for Ubuntu 20.04 LTS) HOT 5
- package not installable because of missing pyxarf package
- Dry run: Ticket number generation is not simulated HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from intelmq-mailgen.