Bug 287145 - kleopatra reports valid signature from unknown openpgp certificate
Summary: kleopatra reports valid signature from unknown openpgp certificate
Alias: None
Product: kleopatra
Classification: Applications
Component: general (show other bugs)
Version: unspecified
Platform: Other Linux
: NOR normal
Target Milestone: ---
Assignee: Andre Heinecke
Depends on:
Reported: 2011-11-21 10:12 UTC by Alberto Ronzani
Modified: 2016-05-10 06:36 UTC (History)
5 users (show)

See Also:
Latest Commit:
Version Fixed In:

signed files and screenshot (57.02 KB, application/x-gzip)
2011-11-21 10:12 UTC, Alberto Ronzani

Note You need to log in before you can comment on or make changes to this bug.
Description Alberto Ronzani 2011-11-21 10:12:01 UTC
Created attachment 65899 [details]
signed files and screenshot

Version:           unspecified (using KDE 4.7.3) 
OS:                Linux

I have an offline primary key with a signing subkey on an openpgp smartcard.
Gpg has those keys marked as ultimately trusted.

When instructed to verify a file clearsigned with said key, kleopatra shows the signature as valid, but coming from an unknown certificate.

If the signature was made with an "online" primary key (i.e., effectively stored under an on-disk secring file) kleopatra shows correct behavior, reporting valid signature from a known certificate.

Kleopatra correctly recognises the openpgp details in the certificate list view.

Reproducible: Always

Steps to Reproduce:
0) have offline primary key with signing subkey on openpgp smartcard
1) create test cleartext file
2) clearsign with gpg2 --clearsign test_cleartext.txt
3) verify the signature with kleopatra

Actual Results:  
kleopatra reports valid signature from unknown certificate

Expected Results:  
kleopatra should report valid signature from a known certificate

The offline primary key + smartcard subkeys were generated following the howto found at the following URL:

Attached: related cleartext, clearsigned files and screenshot.
Comment 1 Adam Colligan 2012-02-13 17:48:52 UTC
I am experiencing this bug on my Windows (Ult 64) platform as well.  From command line, GPG successfully verifies a signed file with a detached subkey signature.  Kleopatra verifies the signature but lists the key as unknown.
Comment 2 Evan 2012-11-21 03:04:42 UTC
Hash: SHA1

I am also experiencing this bug using Windows 7 (x64). I am not using a smartcard, but have my private key set-up with a subkey for signing. When I sign a file and verify it using Kleopatra the GUI indicates that the file has been verified and signed by an unknown certificate. 

If the command line interface is used to verify the file it returns the proper name and email for the signing key.

I would like to keep using a subkey for signing to protect my private key, but I am worried this incompatibility might confuse others.

I suspect if you try to verify this message with kleopatra it will return the same error/bug.
Version: GnuPG v2.0.19 (MingW32)

Comment 3 Emanuel Schütze 2013-05-08 15:16:09 UTC
I'll check this issue with current Kleopatra and Gpg4win.
Comment 4 Tony Gies 2013-12-05 02:07:09 UTC
I'm seeing this issue as well with Kleopatra 2.2.0 from Gpg4win 2.2.0. I am using a similar arrangement to that previously described with an offline primary private key and a subkey for signing.
Comment 5 Bernhard E. Reiter 2016-05-10 06:35:30 UTC
There is a another report with a similiar issue where the subkey is reported
"unknown" independently of the signature status.

It is in German from https://wald.intevation.org/forum/forum.php?thread_id=1620&forum_id=84&group_id=11
reporting for Gpg4win 2.3.1 which uses Kleopatra:       2.2.0-gitfb4ae3d

Should be reproducable with the tails certificate in question.