Sorry to awaken an old story from 2019, but I would love to know what
frobs to tweak, to be able to decode PKCS7 S/MIME encoded payload.
MH-E is (I think) breaking out of the classic NMH path to do this,
with the payload. So, I don't "see" a clean path in mhnshow
definitions to do this.
Unfortunately, this is going to be a tough lift to make it truely
work how it should (also, there are unanswered questions). I've done it
"by hand" using the "security" command on MacOS X.
MH's MIME handling can't really handle the case where one MIME type gets
turned into another. E.g, application/pkcs7-mime. Although thinking about
it maybe makes me think that it should be considered a nested type
like multipart/mixed. But that's only a small part of the issue.
Unanswered questions are:
- How do we locate certificates/keys? What if the keys are on a smartcard?
I see that gpgsm can interface with a smartcard, KIND OF ... but it looks
like it has it's own smartcard driver. Really, in my experience, you want
to call out to a PKCS#11 library.
- Generally to unlock a key you need a password or PIN. How should this
prompting be handled in NMH? I see that gpgsm uses an agent to handle
that, and I suppose we could do something similar.
- The tools need some more smarts; like when should it decide that it
needs to decrypt a message? Do you want "pick" to decode the entire
message every time if it is just searching headers.
- We should probably create some kind of stream interface to make
pipelines work better, but that means writing our own ASN.1 decoder.
Sigh.
These are all SOLVABLE. They just require work. And I'd like to solve
them! But, time.
--Ken