verify signed messages(inband)

[tomholub]

When we receive a signed message, currently we only render it in gray border. We should also parse out information from the message about which key signed it, and do signature verification.

Before loading the message, we'd pull public keys from local contacts that are recorded for the email that we received the message from. Then offer these to the verification method as possible public keys it was signed with. If none of them match the signed message, we'd show signature not verified.

See FlowCrypt/flowcrypt-ios#278 (comment) and further discussion below for what to render in what situation (not verified, valid, invalid)

[tomholub]

Here, before loading the message, we'd pull public keys from local contacts that are recorded for the email that we received the message from. Then offer these to the verification method as possible public keys it was signed with. If none of them match the signed message, we'd show "could not verify message".

This should be done after issues in https://github.com/FlowCrypt/flowcrypt-android/milestone/90 so that we can pull more than one public key per email.

[tomholub]

Here a code snippet from iOS, regarding rendering various signature statuses

  private func renderPgpSignatureCheckResult(
    signature: VerifyRes?, 
    sender: RecipientWithOrderedPublicKeys
  ) -> ProcessedMessage.MessageSignature {
    if signature is nil then return .unsigned // render "not signed" in red
    if signature.error is not nil then return .error(signature.error) // render the "cannot verify signature: \(error)"
    if signature.signer is nil then return .unsigned // render "not signed" in red
    let signingPubKey = sender.pubkeys.find { $0.longids.contains(signature.signer) }
    if signingPubKey is nil or signature.match is nil then return .missingPubkey(longid: signature.signer) // render "cannot verify signature: no Public Key $longid" in red
    if signature.match is false then return .bad // render "bad signature" in red
    return .good
  }

[tomholub]

Final flow:

1. user taps a message
2. message gets downloaded from Gmail API
3. message gets processed / decrypted / verified with whatever public keys we have locally - for that sender email. Very important: we use the from: email address - the sender email address - for search in local recipientstable, and only attempt verifying with the keys we have saved for that recipient)
4. result gets rendered including signature verification, and if we are not missing any public keys, then this is the last step
5. if we are missing a public key, the verification "badge" will show gray 🕒 verifying signature..
6. at this point we fetch remote public keys by sender email (like explained in step 3), but user is no longer waiting for it
7. after remote public keys are fetched and local storage is updated, we check if any of the keys from local storage of that recipient/sender now contain the longid that signed the message. If they don't, now we render "missing pub key" badge
8. if one of the keys now contain the longid of the key that signed the message, we re-process the whole message with that public key - in background. The badge still says 🕒 verifying signature. Once we've done re-processing the message, we only look at the result of signature verification and re-render the badge with the final verification result, without re-rendering the rest of the message.

[tomholub]

Looks like this on iOS

[tomholub]

@DenBond7 I'd like you to start working in this tomorrow - please check if you have everything you need.