verify signed messages(inband)

[DenBond7]

This PR added verification for signed messages(inband). It means we added support for the following cases:

-----BEGIN PGP MESSAGE-----
Version: PGPainless

owGbwMvMwCXWaL/vvdiErcGMpxWSGEAgODM9LzVFoTyzJEOhJCNVoTg1OT8vRSE7
tbKjlIVBjIuBjZUpcevzDwyKnAIwzWKKLHfMHwmFMAmaprieNocJp/Uy/A/MjTzK
N9UkpXLTg0dXFFasM5wQxT93ufHj+o9hhzuO97YxMlwwsG+6lNHn4xkilcwbmmhx
/ernRzJH7rFaPLM7d/zlHj4A
=Yz2p
-----END PGP MESSAGE-----

and

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[...]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v0.9.7 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjdYCQoACgkQJ9S6ULt1dqz6IwCfQ7wP6i/i8HhbcOSKF4ELyQB1
oCoAoOuqpRqEzr4kOkQqHRLE/b8/Rw2k
=y6kj
-----END PGP SIGNATURE-----

close #1097

---

Tests (delete all except exactly one):

• Tests added or updated

---

To be filled by reviewers

I have reviewed that this PR... (tick whichever items you personally focused on during this review):

• addresses the issue it closes (if any)
• code is readable and understandable
• is accompanied with tests, or tests are not needed
• is free of vulnerabilities

[DenBond7]

@tomholub it's ready for review

[tomholub]

looks good - a few details + you also checked in some docker .log and .cache files by accident - should be gitignored. There is many of them

[tomholub]

Ignoring MDC errors should only happen after user confirmed that they want to take the risk. Or do you pre-decrypt it while ignoring MDC but don't render first?

Should add a comment as this is security sensitive.

[DenBond7]

@tomholub
Please look at these screenshots

Or do you pre-decrypt it while ignoring MDC but don't render first?

It was simpler to do

Ignoring MDC errors should only happen after user confirmed that they want to take the risk.

Should I change the logic to use this way?

[DenBond7]

ref #1363

[DenBond7]

@tomholub What about this one? It seems it's the last one for the current PR.

[tomholub]

And here also comment

[DenBond7]

@tomholub

you also checked in some docker .log and .cache files by accident - should be gitignored. There is many of them

Do you mean docker-mailserver directory? I can't skip any files in this directory. All of them should be added to the index(git). As a solution, we can move it to a separate repo

[tomholub]

@tomholub

you also checked in some docker .log and .cache files by accident - should be gitignored. There is many of them

Do you mean docker-mailserver directory? I can't skip any files in this directory. All of them should be added to the index(git). As a solution, we can move it to a separate repo

You can definitely gitignore .log files in that dir - why not?

[DenBond7]

You can definitely gitignore .log files in that dir - why not?

It seems dovecot uses it. After moving to a new mailbox format manual changing any things in flowcrypt-android/docker-mailserver/maildata_source/flowcrypt.test can cause errors. I wouldn't like to investigate that issues :) (I had that experience). For me leaving all things as-is is a simpler way in this case.

https://doc.dovecot.org/developer_manual/design/indexes/mail_index_api/#view-syncing

[tomholub]

I think log files could definitely be gitignored, it's logs after all. Won't break anything. But I'll merge it.