Created attachment 65899 [details]
signed files and screenshot
Version: unspecified (using KDE 4.7.3)
I have an offline primary key with a signing subkey on an openpgp smartcard.
Gpg has those keys marked as ultimately trusted.
When instructed to verify a file clearsigned with said key, kleopatra shows the signature as valid, but coming from an unknown certificate.
If the signature was made with an "online" primary key (i.e., effectively stored under an on-disk secring file) kleopatra shows correct behavior, reporting valid signature from a known certificate.
Kleopatra correctly recognises the openpgp details in the certificate list view.
Steps to Reproduce:
0) have offline primary key with signing subkey on openpgp smartcard
1) create test cleartext file
2) clearsign with gpg2 --clearsign test_cleartext.txt
3) verify the signature with kleopatra
kleopatra reports valid signature from unknown certificate
kleopatra should report valid signature from a known certificate
The offline primary key + smartcard subkeys were generated following the howto found at the following URL:
Attached: related cleartext, clearsigned files and screenshot.
I am experiencing this bug on my Windows (Ult 64) platform as well. From command line, GPG successfully verifies a signed file with a detached subkey signature. Kleopatra verifies the signature but lists the key as unknown.
-----BEGIN PGP SIGNED MESSAGE-----
I am also experiencing this bug using Windows 7 (x64). I am not using a smartcard, but have my private key set-up with a subkey for signing. When I sign a file and verify it using Kleopatra the GUI indicates that the file has been verified and signed by an unknown certificate.
If the command line interface is used to verify the file it returns the proper name and email for the signing key.
I would like to keep using a subkey for signing to protect my private key, but I am worried this incompatibility might confuse others.
I suspect if you try to verify this message with kleopatra it will return the same error/bug.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (MingW32)
-----END PGP SIGNATURE-----
I'll check this issue with current Kleopatra and Gpg4win.
I'm seeing this issue as well with Kleopatra 2.2.0 from Gpg4win 2.2.0. I am using a similar arrangement to that previously described with an offline primary private key and a subkey for signing.
There is a another report with a similiar issue where the subkey is reported
"unknown" independently of the signature status.
It is in German from https://wald.intevation.org/forum/forum.php?thread_id=1620&forum_id=84&group_id=11
reporting for Gpg4win 2.3.1 which uses Kleopatra: 2.2.0-gitfb4ae3d
Should be reproducable with the tails certificate in question.