| Summary: | kmail2 fails to verify signature with RFC 3156 encrypted+signed mails | ||
|---|---|---|---|
| Product: | [Applications] kmail2 | Reporter: | Thomas Zell <t.zell> |
| Component: | crypto | Assignee: | kdepim bugs <kdepim-bugs> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | aheinecke, bugs.kde.org, disp.reg.bugs.kde, mail, martinralbrecht, michael.saalfeld, timbelina |
| Priority: | NOR | ||
| Version: | 4.7 | ||
| Target Milestone: | --- | ||
| Platform: | Unlisted Binaries | ||
| OS: | Linux | ||
| Latest Commit: | Version Fixed In: | ||
| Sentry Crash Report: | |||
|
Description
Thomas Zell
2011-11-07 19:54:39 UTC
*** Bug 188931 has been marked as a duplicate of this bug. *** *** Bug 276813 has been marked as a duplicate of this bug. *** Hello, A side effect of this bug is that if someone sends me a Thunderbird-signed email that contains attachments, I am unable to save the attachments at all. It seems that KMail does not like the fact that (it thinks that) the signature cannot be verified. Thanks, Tim. Hello all, Does the KDE project have any kind of sponsorship or bounty program? I'm hoping to see a couple of bugs fixed (especially those associated with PGP integration, such as 286035) and I would be happy in principle to sponsor someone to get the work done. All info most welcome. Thanks, Tim. *** Bug 289364 has been marked as a duplicate of this bug. *** i must confirm this, and it's still present in kmail2/KDE 4.8.1 This is a valid and very old bug has been around (forever?) it is also valid for the old Kdepim 3.x versions. gpgme's decrypt and verify job returns a valid signature for the Combined Method but not for the encapsulated method. So i guess somewhere in libkleo / kmail this is not used or overwritten by an additonal check for an encapsulated signature, which would fail in the combined case. Strange from your report is that your status is: Status: Error: Signature not verified For an encrypted/signed mail from mutt I get: The validity of the signature cannot be verified. Status: Good signature Git commit 3f8f80c195d5a31c3add321940a0a3ba7628781c by Andre Heinecke.
Committed on 16/04/2012 at 19:15.
Pushed by aheinecke into branch 'master'.
Fix parsing of combined encrypted/signed messages
In the case that a mime object was encrypted and signed the
rendered mail showed an incorrect signature status because the
signature was aready checked with the decryptverifyjob and the
key object not available in writeOpaqueOrMultipartSignedData.
(So only the fingerprint was used).
In the case that writeOpaqueOrMultipartSignedData is called
to show OpenPGP Encrypted and Signed data with a valid signature,
the signature's key is now fetched from the OpenPGP backend using
the fingerprint from the signature.
The Key is then used as in the other cases to show the details
(Name / Trustlevel etc.)
This fixes the rendering of openpgp mails signed with the combined
method which is used by mutt, gnus etc.
M +32 -1 messageviewer/objecttreeparser.cpp
http://commits.kde.org/kdepim/3f8f80c195d5a31c3add321940a0a3ba7628781c
I'm not sure if this fixes everything mentioned here in the bug. This was a rendering problem the signature was correctly verified but the key was not used to check the trust level for the signature and no key details were available. I don't think this can have something to do with Comment #3 for example that attachments can't be saved. If this is still the case thats another bug though. I've tested this patch with an encrypted/signed mail from gnus that was previously "rendered yellow" and is now green with the correct details. Git commit 44a3eb070b74414256f8f8ef58f73fd67678f5e4 by Andre Heinecke.
Committed on 16/04/2012 at 19:15.
Pushed by aheinecke into branch 'KDE/4.8'.
Fix parsing of combined encrypted/signed messages
In the case that a mime object was encrypted and signed the
rendered mail showed an incorrect signature status because the
signature was aready checked with the decryptverifyjob and the
key object not available in writeOpaqueOrMultipartSignedData.
(So only the fingerprint was used).
In the case that writeOpaqueOrMultipartSignedData is called
to show OpenPGP Encrypted and Signed data with a valid signature,
the signature's key is now fetched from the OpenPGP backend using
the fingerprint from the signature.
The Key is then used as in the other cases to show the details
(Name / Trustlevel etc.)
This fixes the rendering of openpgp mails signed with the combined
method which is used by mutt, gnus etc.
(cherry picked from commit 3f8f80c195d5a31c3add321940a0a3ba7628781c)
M +32 -1 messageviewer/objecttreeparser.cpp
http://commits.kde.org/kdepim/44a3eb070b74414256f8f8ef58f73fd67678f5e4
|