Bug 154427

Summary: Kleoaptra: Verification of S/MIME E-Mails fails
Product: [Applications] kleopatra Reporter: Jan-Oliver Wagner <jan-oliver.wagner>
Component: generalAssignee: Frank Osterfeld <osterfeld>
Status: VERIFIED WORKSFORME    
Severity: normal    
Priority: NOR    
Version: outdated (old bug dump)   
Target Milestone: ---   
Platform: Compiled Sources   
OS: Microsoft Windows   
Latest Commit: Version Fixed In:
Sentry Crash Report:
Attachments: Gpgme log file

Description Jan-Oliver Wagner 2007-12-21 11:13:43 UTC 
Version:            (using KDE Devel)
Installed from:    Compiled sources
OS:                MS Windows

I've tried to verify a S/MIME signed E-Mail from Outlook via GpgOL
which fails with "General Error" and this concole output:

[1412.712] DBG: -> OK GPG UI server (Kleopatra/1.9.0 (svn-748480, 2007-12-14)) r
eady to serve
[1412.712] DBG: <- GETINFO pid
[1412.712] DBG: -> D 1412
[1412.712] DBG: -> OK
[1412.712] DBG: <- [Error: Resource temporarily unavailable]
[1412.712] DBG: <- RESET
[1412.712] DBG: -> OK
[1412.712] DBG: <- MESSAGE FD=1468
[1412.712] DBG: -> OK
[1412.712] DBG: <- INPUT FD=1364
[1412.712] DBG: -> OK
[1412.712] DBG: <- VERIFY --protocol=CMS
GpgME::Data(): DataProvider supports: read, no write, no seek, release
GpgME::Data(): DataProvider supports: read, no write, no seek, release
[1412.712] DBG: -> ERR 150994945 Allgemeiner Fehler <KSBA>
Comment 1 Frank Osterfeld 2008-01-09 16:05:53 UTC 
Is this 100% reproducible?
Can't reproduce, I could S/MIME sign a message (with GpgOL) using the Kleopatra test certificate from KDE SVN and also verify it again with GpgOL.
Can you provide a test mail (to gpg4win-intern) and the public key?
Comment 2 Jan-Oliver Wagner 2008-01-10 12:32:22 UTC 
It is 100% reproducable with S/MIME signed E-Mails I create
with Kontact as of KDE 3.5.
Comment 3 Frank Osterfeld 2008-01-10 14:46:34 UTC 
I retried now with a mail sent from KMail.

When I open the mail and choose Tools->Verify signature from the menu, nothing happens. There is nothing received on kleopatra side. Apparently gpgol doesn't trigger VERIFY.

Verifying Messages signed with GpgOL still works.

GpgOL is installed via installer svn667.
Comment 4 Frank Osterfeld 2008-01-10 15:05:51 UTC 
It seems KMail and GpgOL are incompatible and don't recognize each other's S/MIME signatures.

GpgOL sends an attachment winmail.dat with Content-Type "application/ms-tnef" which isn't recognized as signature in my KMail (from enterprise branch).

KMail uses the content-type application/pkcs7-signature, which is apparently ignored by GpgOL.

gpgol version, according to the options tab in outlook: "Version 0.10.4-svn205 (Jan 8"
Comment 5 Jan-Oliver Wagner 2008-01-10 16:32:02 UTC 
Frank, my GpgOL (same version) does not ignore such emails.

Is S/MIME enabled in your GpgOL configuration (options tab)?

Also, if I send a S/MIME signed email with GpgOL, despite
the GPGME error and the broken signature, the content type looks
like this:

Content-Type: multipart/signed;
  protocol="application/pkcs7-signature";
  micalg=pgp-sha1;
  boundary="=-=hnUDCUgicgoCUx=-="


which look OK to me.
Comment 6 Frank Osterfeld 2008-01-10 20:40:34 UTC 
Ok, I can now confirm the General Error <KSBA>, when verifying a mail sent from KMail. The gpgme log doesn't look very useful - I will create one nevertheless and check which data is sent. This looks like the passed data isn't recognized as signature by KSBA.
 
About the smime signatures created by gpgol:
gpgol sometimes creates tnef for me, sometimes pkcs7-signature. It seems to have to do with the GpgOL options - whose check states are broken and don't match with the behaviour, so I'm not sure yet how to reproduce either attachment types.
Comment 7 Frank Osterfeld 2008-01-11 09:35:26 UTC 
Created attachment 22951 [details]
Gpgme log file

I attached a gpgme log file for a failed VERIFY
Comment 8 Jan-Oliver Wagner 2008-01-14 22:32:17 UTC 
From the GpgME log I can not derive a next point to look into.

I only can confirm that the problem is still there with
svn-756761 (2008-01-11).
Comment 9 Jan-Oliver Wagner 2008-02-01 09:30:05 UTC 
After some fixes in the crypto backend, this problem seems to be solved.

With Gpg4win 1.9.0-svn701 distribution (Kleopatra 1.9.0 svn767238)
I can now verify S/MIME signatures without any crash.