Bug 188931 - kmail fails to verify signature with RFC 3156 encrypted+signed mails
Summary: kmail fails to verify signature with RFC 3156 encrypted+signed mails
Status: RESOLVED DUPLICATE of bug 286035
Alias: None
Product: kmail
Classification: Applications
Component: general (show other bugs)
Version: unspecified
Platform: Gentoo Packages Linux
: NOR normal
Target Milestone: ---
Assignee: kdepim bugs
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-04-06 00:49 UTC by Raimar Sandner
Modified: 2011-11-08 06:01 UTC (History)
1 user (show)

See Also:
Latest Commit:
Version Fixed In:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Raimar Sandner 2009-04-06 00:49:13 UTC 
Version:            (using KDE 4.2.1)
Compiler:          gcc-4.3.3 
OS:                Linux
Installed from:    Gentoo Packages

According to http://www.ietf.org/rfc/rfc3156.txt there are two ways to both sign and encrypt an OpenPGP/MIME message. Kmail uses the method described in 6.1 of RFC 3156 (called RFC 1847 Encapsulation), other mail clients like thunderbird/enigmail or mutt use 6.2 (Combined method).

Kmail fails to verify the signature, if the message was composed with the combined method 6.2. The error message is

Message was signed with unknown key.
The validity of the signature cannot be verified.
Status: Error: Signature not verified

On the other hand, verification on the commandline with gpg --verify works.

To reproduce, compose an encrypted and signed message with thunderbird (I use enigmail 0.95.7) or mutt (1.5.19) and view it with kmail.
Comment 1 Raimar Sandner 2009-04-06 00:59:18 UTC 
That should of course be 'gpg --decrypt' to verify the signature on the commandline...
Comment 2 Raimar Sandner 2009-04-16 01:09:44 UTC 
Seems to be fixed in kde-4.2.2
Comment 3 Thomas Zell 2010-08-05 23:50:10 UTC 
I use Enigmail 0.96 and KDE 4.4.4.

It's definitely _not_ working here ("unknown key").

Verifying on the command line with 'gpg --decrypt' works. If I send the same message unencrypted or as an in-line message, the signature is also verified correctly by kmail.
Comment 4 Thomas Zell 2010-08-08 16:53:51 UTC 
Usually, if the verification fails because there really is no key, kmail displays "message was signed with unknown key 0x...", where 0x... is the key ID.

Here, it says key 0x... and displays the hex value of the _fingerprint_ of the key (and not the ID).

Could this bug be reopened, please?
Comment 5 Thomas Zell 2010-08-13 15:32:46 UTC 
Updated to KMail 4.4.5 on KDE 4.5 and it's not working.
Comment 6 Raimar Sandner 2010-08-13 15:56:57 UTC 
Not working with messages created by mutt-1.5.20 and kmail version 1.13.5 (using kde 4.5.0)
Comment 7 kdebug 2010-10-17 01:44:05 UTC 
I can confirm this for kmail 1.13.5.
Comment 8 Thomas Zell 2011-11-06 14:29:38 UTC 
Updated to KMail 4.7.3 and this is still not working.
Comment 9 Thomas Zell 2011-11-06 14:30:06 UTC 
Shall I open a new bug for KMail2 or can this be reassigned?
Comment 10 Raimar Sandner 2011-11-06 14:45:10 UTC 
This bug has never received any attention, and because it was reported against KDE version 4.2.1 I guess it never will.

Probably it is best to report a new bug for kmail2, Thomas could you do this? Hopefully the developers will look into this problem, in my opinion it is quite a limitation for people using gpg. 

What is the official policy, should I mark this as a duplicate of the new bug, or resolve as wontfix?
Comment 11 Thomas Zell 2011-11-07 19:55:27 UTC 
reported again as bug 286035
Comment 12 Raimar Sandner 2011-11-08 06:01:00 UTC 

*** This bug has been marked as a duplicate of bug 286035 ***