Bug 287145

Summary: kleopatra reports valid signature from unknown openpgp certificate
Product: [Applications] kleopatra Reporter: Alberto Ronzani <alberto.ronzani>
Component: generalAssignee: Andre Heinecke <aheinecke>
Status: ASSIGNED ---    
Severity: normal CC: adam, emanuel, evahnyird, mutz, tgies
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Other   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:
Attachments: signed files and screenshot

Description Alberto Ronzani 2011-11-21 10:12:01 UTC 
Created attachment 65899 [details]
signed files and screenshot

Version:           unspecified (using KDE 4.7.3) 
OS:                Linux

I have an offline primary key with a signing subkey on an openpgp smartcard.
Gpg has those keys marked as ultimately trusted.

When instructed to verify a file clearsigned with said key, kleopatra shows the signature as valid, but coming from an unknown certificate.

If the signature was made with an "online" primary key (i.e., effectively stored under an on-disk secring file) kleopatra shows correct behavior, reporting valid signature from a known certificate.

Kleopatra correctly recognises the openpgp details in the certificate list view.

Reproducible: Always

Steps to Reproduce:
0) have offline primary key with signing subkey on openpgp smartcard
1) create test cleartext file
2) clearsign with gpg2 --clearsign test_cleartext.txt
3) verify the signature with kleopatra

Actual Results:  
kleopatra reports valid signature from unknown certificate

Expected Results:  
kleopatra should report valid signature from a known certificate

The offline primary key + smartcard subkeys were generated following the howto found at the following URL:
http://wiki.fsfe.org/Card_howtos/Card_with_subkeys_using_backups

Attached: related cleartext, clearsigned files and screenshot.
Comment 1 Adam Colligan 2012-02-13 17:48:52 UTC 
I am experiencing this bug on my Windows (Ult 64) platform as well.  From command line, GPG successfully verifies a signed file with a detached subkey signature.  Kleopatra verifies the signature but lists the key as unknown.
Comment 2 Evan 2012-11-21 03:04:42 UTC 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I am also experiencing this bug using Windows 7 (x64). I am not using a smartcard, but have my private key set-up with a subkey for signing. When I sign a file and verify it using Kleopatra the GUI indicates that the file has been verified and signed by an unknown certificate. 

If the command line interface is used to verify the file it returns the proper name and email for the signing key.

I would like to keep using a subkey for signing to protect my private key, but I am worried this incompatibility might confuse others.

I suspect if you try to verify this message with kleopatra it will return the same error/bug.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (MingW32)

iQIcBAEBAgAGBQJQrESfAAoJEIJrHQl12qNTtDMP/0XdD7Dbb+NonRu1z9vG5X6M
iF+PWE+dDh6F5z0r11YByfDUyg6zZZVZw0iGHUCew9IpNz007K95kJVN0kJtcgC2
lDssThoDJqd1O1DE4OO1MitwNrdDKuzMYV4VYJ7t8xaedWZ85S8PjCt15LUYkqAj
V8LrocJqWgPvBX2HsBj3y0ENC94VyOk1LxnDC8h6QgqIhEQwS25Mc94K7j90LLmC
D2H1c1PtueggmaenmZQM70lPH+6dirLBaHjOCXadzijQS+yVR4i8qL/QT3BN1r3v
ZhRILoCb7B7qyquTKjmw3z42vGDrhCB5Fg7OoctkNh7vYvsB8uJBeTA9LOkgoa/i
4pEFEj54IwxifdjvGQpE04e3WRR0jQ79SI5seONXWfQ1LAmBa4tkfAhT78VO1Wu9
aqCccsTfacHPqdJK5SYprfQ6gf9KBF0UZN+MZ00ZwO/dVe6kL22LqaALEQqVz7Rc
vbxtdRq5VuEjuu16Npx/7KH3zx8j4sFuRe1ViEb8Ex9dpZS2AXX2n4kx908JnKgH
0jg+Ylhyuh25L3ovYqUGkQq0sRgjeAGXGbcWYeWMV/Z4Nr6B792LldZmx4pwLN5t
mNqhgBBjs/pfNkM7pEW05tldB33fhm0YtLFOjw3RQUfETe4kO1iPya5RCntB5Y67
tEW+Uzrdyz5/dFe2YCkj
=eJKn
-----END PGP SIGNATURE-----
Comment 3 Emanuel Schütze 2013-05-08 15:16:09 UTC 
I'll check this issue with current Kleopatra and Gpg4win.
Comment 4 Tony Gies 2013-12-05 02:07:09 UTC 
I'm seeing this issue as well with Kleopatra 2.2.0 from Gpg4win 2.2.0. I am using a similar arrangement to that previously described with an offline primary private key and a subkey for signing.
Comment 5 Bernhard E. Reiter 2016-05-10 06:35:30 UTC 
There is a another report with a similiar issue where the subkey is reported
"unknown" independently of the signature status.

It is in German from https://wald.intevation.org/forum/forum.php?thread_id=1620&forum_id=84&group_id=11
reporting for Gpg4win 2.3.1 which uses Kleopatra:       2.2.0-gitfb4ae3d

Should be reproducable with the tails certificate in question.