Version: 1.9.1 (using KDE KDE 3.5.1)
Installed from: Fedora RPMs
The mail I'm about to attach seems to have a valid signature according to Evolution.
Kmail reports it as bad, however.
Created attachment 15011 [details]
Raw copy of offending mail
Created attachment 15012 [details]
Screenshot of kmail and evo side-by-side on the same mail, disagreeing about the signature.
Please check bug 123174, they might be related.
As first glance I'd guess it's probably not related. This is only about the signature, and there's far less scope for screwing up the choice of key to use for verifying the signature.
When I open the message you've attached with KMail 1.9.1 (with File->Open...) then the signature is reported as valid. Do you get a bad signature if you do this? Is the message contained in an IMAP folder? Do you get a valid signature after copying the message to a local folder?
If you still get a bad signature when opening the message via File->Open... then it's probably a distribution-specific problem since I can't reproduce it with my KDE 3.5.1 RPMs from SUSE.
Yes, it's still bad when I open it with File->Open.
Signatures are very fragile things. When you said you tested it with KMail and Evolution, did you check the same message using an IMAP server? Or did you receive it from two different paths?
Same message, using an IMAP server (dovecot).
Since the bad signature is also present when you open the message with File->Open this problem doesn't seem to be IMAP-specific. You didn't answer my question regarding a local copy of this message.
Is only this message affected or does your KMail report all (detached) signatures as bad?
Sorry, I thought those questions weren't relevant if it also happened with 'File->Open'.
The offending mail is on IMAP, and the signature still fails if I copy it to a local folder. However, if I then copy the file from kmail's local folder back to the IMAP server, Evolution is still happy with it. So kmail doesn't seem to have corrupted it in transit.
Other messages with a detached signature are fine -- including other UTF-8 messages with non-ASCII characters in them. Only this message and a few other messages from the same user seem to be affected so far.
I tried searching for other multipart/signed messages to test with.
Bug #123605 is the result :)
I think the problem might be caused by the fact that your copy of this key has expired. Please update the key 0x3B29F20D by reloading it from a keyserver. You can use 'gpg --refresh-keys' to update all keys in your keyring.
Refreshing the keys seems to have done the trick; thanks.
I didn't realise a GPG key could expire and then be 'updated' rather than having to be completely replaced with a new key -- how does that work?
kmail should have made it clear that this was the problem, and even given me a button to press to update the key. If it takes even kmail hackers a week to figure out what's up, the interface isn't user-friendly enough :)
I fully agree that the error message should be much better, but there's already a bug report for this.
Regarding your question how extending the expiration date works: Practically you do 'gpg --edit-key <keyid>' and then 'expire'. Technically a new self-signature with different expiration date is added to the key.
BTW, IMO Evolution behaves seriously wrong because expired keys shouldn't be regarded as secure anymore.
*** This bug has been marked as a duplicate of 59626 ***