[usmt dev] usmt progress

Mike Schiraldi dev@smime.pyerotechnics.com
Mon, 26 Feb 2001 15:50:45 -0500 (EST) 

Things have really been rolling with usmt. I've got the following
working:

- Key management:
      - storage
      - retrieval
      - LDAP lookup
- Encryption
- Decryption

All that's left are Signing and Validation.

Here are some "screenshots" of the protocol. This is -actual- real input
and output. We start with an empty local cache.

> Command: Find-Recs
> Sources: cache
> 

| Version: 0.4
|
|

Fig. 1: We want to find records, and we want to look for them only in the
local cache. No other parameters are specified. Note the blank line at the
end of input; it signifies "Go!" The output is a bunch of headers (in this
case, one) followed by a blank line, followed by a list of records (in
this case, none), followed by another blank line. If you're confused about
all the blank lines, it'll make more sense ahead when there are actual
records to look at.





> Command: Find-Recs
> Sources: LDAP
> LDAP-BaseDN: dc=thecobblershoppe, dc=com
> LDAP-RootURL: ldap://ldap.research.netsol.com
>

| Version: 0.4
|
| Unique-ID: marilyn@thecobblershoppe.com/83c31126ebb4aa5f2f6ef3f87d678082
| Source: LDAP
| Source-Orig: LDAP
| Addr: marilyn@thecobblershoppe.com
| Type: smime-private
| Format: x509
| StartDate: Aug 30 00:00:00 2000 GMT
| EndDate: Aug 30 23:59:59 2001 GMT
| Encoding: Base64
| Data: MIID [snip] IoWM=
| 
| Unique-ID: forrest@thecobblershoppe.com/e2b390c321dec3b9b2df1fc56851d972
| Source: LDAP
| Source-Orig: LDAP
| Addr: forrest@thecobblershoppe.com
| Type: smime-private
| Format: x509
| StartDate: Aug 30 00:00:00 2000 GMT
| EndDate: Aug 30 23:59:59 2001 GMT
| Encoding: Base64
| Data: MIID [snip] aP+k=
| 
| Unique-ID: bill@thecobblershoppe.com/233f18ebe856f9d73aa4c01ef6fac3f9
| Source: LDAP
| Source-Orig: LDAP
| Addr: bill@thecobblershoppe.com
| Type: smime-private
| Format: x509
| StartDate: Aug 30 00:00:00 2000 GMT
| EndDate: Aug 30 23:59:59 2001 GMT
| Encoding: Base64
| Data: MIID [snip] Pw2U=
|
|

Fig. 2: Again we use the Find-Recs command. This time, we're not
looking in the local cache. The Source is now LDAP. (You can list
multiple sources, seperated by whitespace) We also specify two
optional LDAP parameters, the Base DN and the Root URL. If the RootURL
was left out, a hard-coded one would be used. If the Base DN was left
out, usmt would do its best to make a guess. In this case, it wouldn't
have anything to base its guess on, so it's needed. The output syntax
is, of course, the same as before. Now, however, there are actual
records to return. The records are separated by blank lines, and are
terminated by another blank line (or, if you prefer to think of it
this way, a null record). The unique ID is the address followed by a
slash followed by the MD5 sum of the data (after putting the data in
binary form, not base64). Source is the immediate source, Source-Orig
is the original one. The distinction will be illustrated in a
moment. Type is of the form <protocol>-<(public|private|something else
along those lines)>. Format is the format. StartDate and EndDate are
extracted from the certificate. Encoding explains how the Data is
encoded - base64 and raw (binary) are currently supported. Data is the
actual stuff we're going through all this trouble to keep track of.






> Command: Find-Recs
> Addrs: *@thecobblershoppe.com
>

| [same thing]

Fig. 3: This output is the same as in Fig. 2. However, in Fig. 2 the
client program had to know stuff like "LDAP-BaseDN", which is not
something the MUA would likely know. This time, though, an address is
specified. That's all usmt needs to determine the LDAP parameters and
execute the query. Also, since no Sources were listed, usmt checks ALL
of its known sources. (currently just LDAP and the local cache)





> Command: Find-Recs
> Sources: LDAP
> Addrs: bill@thecobblershoppe.com
> Save: Yes
> 

| Version: 0.4
|
| Unique-ID: bill@thecobblershoppe.com/233f18ebe856f9d73aa4c01ef6fac3f9
| Source: LDAP
| Source-Orig: LDAP
| Addr: bill@thecobblershoppe.com
| Type: smime-private
| Format: x509
| StartDate: Aug 30 00:00:00 2000 GMT
| EndDate: Aug 30 23:59:59 2001 GMT
| Encoding: Base64
| Data: MIID [snip] Pw2U=
|
|

Fig. 4: This time, we look up one particular record and save it to the
local cache with the Save directive.





> Command: Find-Recs
> Sources: cache
>

| Version: 0.4
|
| Unique-ID: bill@thecobblershoppe.com/233f18ebe856f9d73aa4c01ef6fac3f9
| Source: cache
| Source-Orig: LDAP
| Addr: bill@thecobblershoppe.com
| Type: smime-private
| Format: x509
| StartDate: Aug 30 00:00:00 2000 GMT
| EndDate: Aug 30 23:59:59 2001 GMT
| Encoding: Base64
| Data: MIID [snip] Pw2U=
|
|

Fig. 5: We repeat the command from Fig. 1. This time, there's
output. Note that the Source-Orig is the same as in Fig. 4, but the
Source has changed. The record originally came from LDAP, but most
recently it came from the cache.





> Command: Add-Recs
>
> Addr: foo@bar.com
> Type: pgp-public
> Format: some-kind-of-pgp-format
> Encoding: Base64
> Data: ABCD
>
>

| Version: 0.4
|

Fig. 6: This is how to manually add a record. Or a bunch of records --
note the null record at the end of input.





> Command: Find-Recs
> Sources: cache
>

| Version: 0.4
|
| Unique-ID: foo@bar.com/213660a204be1a25e079d22791c8748c
| Source: cache
| Source-Orig: Add-Recs
| Addr: foo@bar.com
| Type: pgp-public
| Format: some-kind-of-pgp-format
| Encoding: Base64
| Data: ABCD
| 
| Unique-ID: bill@thecobblershoppe.com/233f18ebe856f9d73aa4c01ef6fac3f9
| Source: cache
| Source-Orig: LDAP
| Addr: bill@thecobblershoppe.com
| Type: smime-private
| Format: x509
| StartDate: Aug 30 00:00:00 2000 GMT
| EndDate: Aug 30 23:59:59 2001 GMT
| Encoding: Base64
| Data: MIID [snip] Pw2U=
|
|

Fig. 7: And we repeat the Find-Recs command again. Note that some
fields were added to the new record before it was put into the local
cache.





> Command: Crypto
> Task: Encrypt
> Public-ID: bill@thecobblershoppe.com/233f18ebe856f9d73aa4c01ef6fac3f9
>
> From: me
> To: bill
> Subject: Foo
> 
> hello

| Version: 0.4
| 
| MIME-Version: 1.0
| Content-Disposition: attachment; filename="smime.p7m"
| Content-Type: application/x-pkcs7-mime; name="smime.p7m"
| Content-Transfer-Encoding: base64
| 
| MIAGCSqGSIb3DQEHA6CAMIIBngIBADGCATwwggE4AgEAMIHhMIHMMRcwFQYDVQQK
| Ew5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29y
| azFGMEQGA1UECxM9d3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L1JQQSBJbmNv
| cnAuIEJ5IFJlZi4sTElBQi5MVEQoYyk5ODFIMEYGA1UEAxM/VmVyaVNpZ24gQ2xh
| c3MgMSBDQSBJbmRpdmlkdWFsIFN1YnNjcmliZXItUGVyc29uYSBOb3QgVmFsaWRh
| dGVkAhBg04S/+zOcqx/j4SoQ+KO5MA0GCSqGSIb3DQEBAQUABEBYgXtGUqIyptoL
| rI7ESv8HIGqrGX7i1fp9gixyF/Xv6lbtWnY5LQwmms9KdEmkSZ1EH/oi050f8MT5
| vpkurXyRMFkGCSqGSIb3DQEHATAaBggqhkiG9w0DAjAOAgIAoAQIzv6A3covS+WA
| MAHy6rIHAuj3DLOh7cWJTc0OgZXF3hckzBi1450YkjvJH/H9d25tFQUL7ZYqdnEe
| 6gAAAAA=

Finally, we encrypt a message. This is the first time the input must be
terminated with EOF.



Thomas, does this look like what you had in mind? If so, do you have
any recommendations for integration into mutt?