Bug 128784

Summary:	RIPEMD160 hash signed messages send incorrect header with OpenPGP/MIME
Product:	[Unmaintained] kmail	Reporter:	Michael Trausch <fd0man>
Component:	encryption	Assignee:	kdepim bugs <kdepim-bugs>
Status:	RESOLVED FIXED
Severity:	normal	CC:	bugreports, cybdev, joke.de.buhr, julian, michael, mutz
Priority:	NOR
Version:	unspecified
Target Milestone:	---
Platform:	Ubuntu
OS:	Linux
Latest Commit:		Version Fixed In:
Sentry Crash Report:
Attachments:	RIPEMD160 signed message, OpenPGP/MIME, from Thunderbird/Enigmail KMail message, OpenPGP/MIME, RIPEMD160 Error Output from Thunderbird on my KMail message Patch against kdepim 4.3.2

Description Michael Trausch 2006-06-07 20:23:53 UTC

Version:           1.9.3 (using KDE KDE 3.5.3)
Installed from:    Ubuntu Packages

I have used RIPEMD160 hashed signatures for a while now.  Apparently, after I have migrated to KMail, these do not always work in other clients.  It would appear that the reason for this is that KMail sets the header that describes the signature to be something different then what the signature actually is using, by way of assumption.  My messages are going out with:

Content-Type: multipart/signed;
  boundary="nextPart8781268.2g4feAcxuP";
  protocol="application/pgp-signature";
  micalg=pgp-sha1

It should be going out with the header line "micalg" reading a value of "pgp-ripemd160".

The preferences for my signature type are listed in the GnuPG configuration file:

digest-algo RIPEMD160

KMail does not seem to have a way to change its perception of what digest hashing algorithm to use, either.  I think this would be considered an integration issue with GnuPG.

When the message is opened in another client (say, Thunderbird with EnigMail) the client becomes confused (specifically, GnuPG becomes confused).  The error received from EnigMail is:

====

Unverified Signature

gpg command line and output:
M:\\Portable Applications\\PortableThunderbird\\gpg\\gpg.exe --charset utf8 --batch --no-tty --status-fd 2 --verify
gpg: Signature made 06/06/06 19:24:09 using DSA key ID 19C59A30
gpg: WARNING: signature digest conflict in message
gpg: Can't check signature: general error

====

I am not able to replicate the result directly because I am not exactly sure how OpenPGP data is supposed to be fed to GnuPG for verification.

The person who received this message sent me a message back, so that I was able to see what her headers looked like, and her header describing the signature would appear to be correct:

Content-Type: multipart/signed;
  micalg=pgp-ripemd160;
  protocol="application/pgp-signature";
  boundary="------------enig8D90E73118009A487A1FAFF6"

More attached data to come.

Comment 1 Michael Trausch 2006-06-07 20:27:59 UTC

Created attachment 16513 [details]
RIPEMD160 signed message, OpenPGP/MIME, from Thunderbird/Enigmail

This message is signed with OpenPGP/MIME, using Thunderbird and Enigmail as the
front-end to GnuPG.  The Content-Type header contains the right information
about the message digest algorithm.

Comment 2 Michael Trausch 2006-06-07 20:29:51 UTC

Created attachment 16514 [details]
KMail message, OpenPGP/MIME, RIPEMD160

This message has an incorrect header.  (KMail, however, says that it is okay. 
Appears that KMail ignores the header?)

Comment 3 Michael Trausch 2006-06-07 20:31:51 UTC

Created attachment 16515 [details]
Error Output from Thunderbird on my KMail message

This error is a result of viewing the message that is in attachment 16514 [details],
which appears to have the header set to the wrong digest hash algorithm (SHA1,
when it should be RIPEMD160).

Comment 4 Michael Trausch 2006-06-07 20:33:19 UTC

Should any more data be required, please do not hesitate to let me know!

Comment 5 CybDev 2009-01-23 11:15:32 UTC

Confirming this problem with KMail (I'm currently using version 4.1.4)

I'm having the same issues but with SHA-256 instead of RIPEMD160
(dupe from http://forum.kde.org/kmail-openpgp-mime-hash-in-micalg-is-wrong-t-27682.html )

Sending a mail with thunderbird gives a header such as this:
Content-Type: multipart/signed;
  micalg=pgp-sha256;
  protocol="application/pgp-signature";
  boundary="------------enig6C27345EB16199DD8B1DCF31"

Sending a mail with KMail gives this header instead, but same key is used:
Content-Type: multipart/signed;
  boundary="nextPart3110028.RrybVz1ln4";
  protocol="application/pgp-signature";
  micalg=pgp-sha1

Please note that this only applies to OpenPGP/MIME and not OpenPGP/inline as that works just fine.

Comment 6 Larsaaaa 2009-02-19 12:18:59 UTC

*** This bug has been confirmed by popular vote. ***

Comment 7 Julian Mehnle 2009-07-02 23:47:56 UTC

I can confirm that KMail inappropriately generates "micalg=pgp-sha1" even when actually using a different digest algorithm to sign the message (here: SHA-512 or SHA-256).

Given that by now, SHA-1 has been seriously compromised, using SHA-1 simply isn't an acceptable alternative anymore.  What will it take to get this fixed in KMail?

Comment 8 Allen Winter 2009-07-03 02:25:07 UTC

adding Marc to the CC on this.  Maybe he knows more about it.

Comment 9 Julian Mehnle 2009-08-03 21:22:28 UTC

Again, what will it take to get this fixed in KMail?  Who is most well versed in the mechanics involved?  Can we pay that someone to have this fixed?

Comment 10 Stefan Tittel 2009-11-03 03:00:40 UTC

Any updates on this?

From my understanding this can lead to the recipient's client complaining about an invalid signature, even if the sender using KMail did not change anything in his GnuPG configuration, because:

1) There are clients which complain when the declared hash algorithm does not match the hash algorithm that has been used. If I remember correctly I encountered this problem with Sylpheed (and this is how I got aware of this bug in the first place).

2) If a mail is both, encrypted and signed, GnuPG by default should use the hash algorithm that is preferred according to the recipient's key preferences. So if the recipient prefers SHA256 according to his key SHA256 should be used. However, KMail will still declare it as SHA1.

With people moving away from SHA1, I think the priority of this bug should be increased.

Comment 11 Michael Gorven 2009-12-17 09:32:21 UTC

Created attachment 39112 [details]
Patch against kdepim 4.3.2

Retrieves the name of the signature hash algorithm from GpgME and places it in the micalg parameter of the Content-Type header for both PGP and S/MIME.

Comment 12 Thomas McGuire 2009-12-22 20:46:30 UTC

SVN commit 1065228 by tmcguire:

Specify the correct algorithm which was used for creating the hash of the signature.

Thanks to Michael Gorven for the patch!

CCBUG: 128784


 M  +8 -2      messagecomposer.cpp  
 M  +4 -0      messagecomposer.h  


WebSVN link: http://websvn.kde.org/?view=rev&revision=1065228

Comment 13 Thomas McGuire 2009-12-22 20:51:44 UTC

SVN commit 1065232 by tmcguire:

Backport r1065228 by tmcguire from trunk to the 4.3 branch:

Specify the correct algorithm which was used for creating the hash of the signature.

Thanks to Michael Gorven for the patch!

BUG: 128784



 M  +8 -2      messagecomposer.cpp  
 M  +4 -0      messagecomposer.h  


WebSVN link: http://websvn.kde.org/?view=rev&revision=1065232

Comment 14 Thomas McGuire 2009-12-22 21:00:25 UTC

Thanks Michael for the patch, it will be in KDE 4.3.5 and KDE 4.4.0.

If you have further patches, please use Reviewboard, see http://techbase.kde.org/Contribute/Send_Patches. It's easy to miss patches here on bugzilla, good thing I saw this one :)

Comment 15 Thomas McGuire 2010-03-05 08:36:23 UTC

*** Bug 218721 has been marked as a duplicate of this bug. ***