Bug 469304

Summary: KMail does not find the key used to sign a message if a signing subkey was used
Product: [Applications] kmail2 Reporter: Ingo Klöcker <kloecker>
Component: cryptoAssignee: Ingo Klöcker <kloecker>
Status: RESOLVED FIXED    
Severity: normal    
Priority: NOR    
Version: 5.22.3   
Target Milestone: ---   
Platform: Other   
OS: Linux   
Latest Commit: https://invent.kde.org/pim/messagelib/commit/70f39256784280d2034aa7bf1c4765f606c22d56 Version Fixed In: 5.23.1
Sentry Crash Report:

Description Ingo Klöcker 2023-05-03 09:45:50 UTC 
SUMMARY
KMail claims that messages signed with a subkey of my own key are signed with an unknown key.

STEPS TO REPRODUCE
1. You need an OpenPGP certficate with a signing subkey.
2. Sign a message with this key and send it to yourself (or use Send Later to put it in your outbox).
3. View the message.

OBSERVED RESULT
I have an OpenPGP certficate with a signing subkey that is used to sign my messages. KMail has no problem signing my messages, but when viewing my messages KMail says:
> Message was signed on 25.04.23 18:24 with unknown key 0xDB8E020E328C30942060BF21B16F599516474ABA.
> The validity of the signature cannot be verified.
> Status: Good signature

Obviously, this doesn't make any sense because how can the signature be good if it was signed with an unknown key. It turns out that gpg which is used to verify the signature very well knows the key, but KMail is not able to find it.

EXPECTED RESULT
KMail should say something like:
> Message was signed by *@ingo-kloecker.de (Key ID: 0xE375339BF4C51840).
> The signature is valid and the key is ultimately trusted.
Comment 1 Ingo Klöcker 2023-05-03 12:52:00 UTC 
Git commit 606ea1478d2d5b5aacdc6ef3f050655fe0352d87 by Ingo Klöcker, on behalf of Ingo Klöcker.
Committed on 03/05/2023 at 12:51.
Pushed by kloecker into branch 'release/23.04'.

Look for matching subkey if no key was found for fingerprint

If the message was signed with a signing subkey instead of with the
primary key of an OpenPGP certificate, then we won't find a key with
findByFingerprint(). To look for a matching subkey we need to use
findSubkeysByKeyID().

FIXED-IN: 5.23.1

M  +11   -1    mimetreeparser/src/messagepart.cpp

https://invent.kde.org/pim/messagelib/commit/606ea1478d2d5b5aacdc6ef3f050655fe0352d87
Comment 2 Ingo Klöcker 2023-05-03 15:47:46 UTC 
Git commit 70f39256784280d2034aa7bf1c4765f606c22d56 by Ingo Klöcker, on behalf of Ingo Klöcker.
Committed on 03/05/2023 at 15:47.
Pushed by kloecker into branch 'master'.

Look for matching subkey if no key was found for fingerprint

If the message was signed with a signing subkey instead of with the
primary key of an OpenPGP certificate, then we won't find a key with
findByFingerprint(). To look for a matching subkey we need to use
findSubkeysByKeyID().

FIXED-IN: 5.23.1
(cherry picked from commit 606ea1478d2d5b5aacdc6ef3f050655fe0352d87)

M  +11   -1    mimetreeparser/src/messagepart.cpp

https://invent.kde.org/pim/messagelib/commit/70f39256784280d2034aa7bf1c4765f606c22d56