|Summary:||gpg signature incorrectly reported as bad|
|Product:||[Applications] kmail||Reporter:||David Woodhouse <dwmw2>|
|Component:||encryption||Assignee:||kdepim bugs <kdepim-bugs>|
|Latest Commit:||Version Fixed In:|
Raw copy of offending mail
Screenshot of kmail and evo side-by-side on the same mail, disagreeing about the signature.
Description David Woodhouse 2006-03-08 15:56:43 UTC
Version: 1.9.1 (using KDE KDE 3.5.1) Installed from: Fedora RPMs OS: Linux The mail I'm about to attach seems to have a valid signature according to Evolution. Kmail reports it as bad, however.
Comment 1 David Woodhouse 2006-03-08 15:57:32 UTC
Created attachment 15011 [details] Raw copy of offending mail
Comment 2 David Woodhouse 2006-03-08 15:58:38 UTC
Created attachment 15012 [details] Screenshot of kmail and evo side-by-side on the same mail, disagreeing about the signature.
Comment 4 David Woodhouse 2006-03-08 19:31:46 UTC
As first glance I'd guess it's probably not related. This is only about the signature, and there's far less scope for screwing up the choice of key to use for verifying the signature.
Comment 5 Ingo Klöcker 2006-03-10 16:11:42 UTC
When I open the message you've attached with KMail 1.9.1 (with File->Open...) then the signature is reported as valid. Do you get a bad signature if you do this? Is the message contained in an IMAP folder? Do you get a valid signature after copying the message to a local folder? If you still get a bad signature when opening the message via File->Open... then it's probably a distribution-specific problem since I can't reproduce it with my KDE 3.5.1 RPMs from SUSE.
Comment 6 David Woodhouse 2006-03-10 16:13:43 UTC
Yes, it's still bad when I open it with File->Open.
Comment 7 Thiago Macieira 2006-03-11 10:45:12 UTC
Signatures are very fragile things. When you said you tested it with KMail and Evolution, did you check the same message using an IMAP server? Or did you receive it from two different paths?
Comment 8 David Woodhouse 2006-03-12 00:23:49 UTC
Same message, using an IMAP server (dovecot).
Comment 9 Ingo Klöcker 2006-03-13 18:02:45 UTC
Since the bad signature is also present when you open the message with File->Open this problem doesn't seem to be IMAP-specific. You didn't answer my question regarding a local copy of this message. Is only this message affected or does your KMail report all (detached) signatures as bad?
Comment 10 David Woodhouse 2006-03-13 22:40:52 UTC
Sorry, I thought those questions weren't relevant if it also happened with 'File->Open'. The offending mail is on IMAP, and the signature still fails if I copy it to a local folder. However, if I then copy the file from kmail's local folder back to the IMAP server, Evolution is still happy with it. So kmail doesn't seem to have corrupted it in transit. Other messages with a detached signature are fine -- including other UTF-8 messages with non-ASCII characters in them. Only this message and a few other messages from the same user seem to be affected so far.
Comment 11 David Woodhouse 2006-03-14 11:53:10 UTC
I tried searching for other multipart/signed messages to test with. Bug #123605 is the result :)
Comment 12 Ingo Klöcker 2006-03-14 14:33:57 UTC
I think the problem might be caused by the fact that your copy of this key has expired. Please update the key 0x3B29F20D by reloading it from a keyserver. You can use 'gpg --refresh-keys' to update all keys in your keyring.
Comment 13 David Woodhouse 2006-03-14 14:38:57 UTC
Refreshing the keys seems to have done the trick; thanks. I didn't realise a GPG key could expire and then be 'updated' rather than having to be completely replaced with a new key -- how does that work? kmail should have made it clear that this was the problem, and even given me a button to press to update the key. If it takes even kmail hackers a week to figure out what's up, the interface isn't user-friendly enough :)
Comment 14 Ingo Klöcker 2006-03-14 15:23:19 UTC
I fully agree that the error message should be much better, but there's already a bug report for this. Regarding your question how extending the expiration date works: Practically you do 'gpg --edit-key <keyid>' and then 'expire'. Technically a new self-signature with different expiration date is added to the key. BTW, IMO Evolution behaves seriously wrong because expired keys shouldn't be regarded as secure anymore. *** This bug has been marked as a duplicate of 59626 ***