Bug 188931

Summary: kmail fails to verify signature with RFC 3156 encrypted+signed mails
Product: [Unmaintained] kmail Reporter: Raimar Sandner <disp.reg.bugs.kde>
Component: generalAssignee: kdepim bugs <kdepim-bugs>
Status: RESOLVED DUPLICATE    
Severity: normal CC: t.zell
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Gentoo Packages   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description Raimar Sandner 2009-04-06 00:49:13 UTC 
Version:            (using KDE 4.2.1)
Compiler:          gcc-4.3.3 
OS:                Linux
Installed from:    Gentoo Packages

According to http://www.ietf.org/rfc/rfc3156.txt there are two ways to both sign and encrypt an OpenPGP/MIME message. Kmail uses the method described in 6.1 of RFC 3156 (called RFC 1847 Encapsulation), other mail clients like thunderbird/enigmail or mutt use 6.2 (Combined method).

Kmail fails to verify the signature, if the message was composed with the combined method 6.2. The error message is

Message was signed with unknown key.
The validity of the signature cannot be verified.
Status: Error: Signature not verified

On the other hand, verification on the commandline with gpg --verify works.

To reproduce, compose an encrypted and signed message with thunderbird (I use enigmail 0.95.7) or mutt (1.5.19) and view it with kmail.
Comment 1 Raimar Sandner 2009-04-06 00:59:18 UTC 
That should of course be 'gpg --decrypt' to verify the signature on the commandline...
Comment 2 Raimar Sandner 2009-04-16 01:09:44 UTC 
Seems to be fixed in kde-4.2.2
Comment 3 Thomas Zell 2010-08-05 23:50:10 UTC 
I use Enigmail 0.96 and KDE 4.4.4.

It's definitely _not_ working here ("unknown key").

Verifying on the command line with 'gpg --decrypt' works. If I send the same message unencrypted or as an in-line message, the signature is also verified correctly by kmail.
Comment 4 Thomas Zell 2010-08-08 16:53:51 UTC 
Usually, if the verification fails because there really is no key, kmail displays "message was signed with unknown key 0x...", where 0x... is the key ID.

Here, it says key 0x... and displays the hex value of the _fingerprint_ of the key (and not the ID).

Could this bug be reopened, please?
Comment 5 Thomas Zell 2010-08-13 15:32:46 UTC 
Updated to KMail 4.4.5 on KDE 4.5 and it's not working.
Comment 6 Raimar Sandner 2010-08-13 15:56:57 UTC 
Not working with messages created by mutt-1.5.20 and kmail version 1.13.5 (using kde 4.5.0)
Comment 7 kdebug 2010-10-17 01:44:05 UTC 
I can confirm this for kmail 1.13.5.
Comment 8 Thomas Zell 2011-11-06 14:29:38 UTC 
Updated to KMail 4.7.3 and this is still not working.
Comment 9 Thomas Zell 2011-11-06 14:30:06 UTC 
Shall I open a new bug for KMail2 or can this be reassigned?
Comment 10 Raimar Sandner 2011-11-06 14:45:10 UTC 
This bug has never received any attention, and because it was reported against KDE version 4.2.1 I guess it never will.

Probably it is best to report a new bug for kmail2, Thomas could you do this? Hopefully the developers will look into this problem, in my opinion it is quite a limitation for people using gpg. 

What is the official policy, should I mark this as a duplicate of the new bug, or resolve as wontfix?
Comment 11 Thomas Zell 2011-11-07 19:55:27 UTC 
reported again as bug 286035
Comment 12 Raimar Sandner 2011-11-08 06:01:00 UTC 

*** This bug has been marked as a duplicate of bug 286035 ***