Version: 2.1.1 (using KDE 4.6.5) OS: Linux When sending an S/MIME clear-signed (signed but not encrypted) message, KMail2 doesn't follow S/MIME RFC correctly, resulting in a non compliant MIME header usage. Some mail clients like iPad and Outlook Web Access are unable to show the email body. They show empty message with a single smime.p7m attachment. Per S/MIME RFC 2633 (http://tools.ietf.org/html/rfc2633#section-3.4), there are two ways to send a signed-only message: application/pkcs7-mime with SignedData, and multipart/signed. Apparently, KMail2 can send both, controlled by menu Options/Cryptographic Message Format/SMIME Opaque or (just) SMIME. The multipart/signed is governed by Section 3.4.3 (http://tools.ietf.org/html/rfc2633#section-3.4.3). RFC provides a sample of a clear-signed email in http://tools.ietf.org/html/rfc2633#section-3.4.3.3 """ 3.4.3.3 Sample multipart/signed Message Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha1; boundary=boundary42 --boundary42 Content-Type: text/plain This is a clear-signed message. --boundary42 Content-Type: application/pkcs7-signature; name=smime.p7s Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=smime.p7s ghyHhHUujhJhjH77n8HHGTrfvbnj756tbB9HG4VQpfyF467GhIGfHfYT6 4VQpfyF467GhIGfHfYT6jH77n8HHGghyHhHUujhJh756tbB9HGTrfvbnj n8HHGTrfvhJhjH776tbB9HG4VQbnj7567GhIGfHfYT6ghyHhHUujpfyF4 7GhIGfHfYT64VQbnj756 --boundary42-- """ However, KMail2 generates the following: Content-Type: multipart/signed; boundary="nextPart3571509.Xs4gzcKTgc"; micalg="sha1"; protocol="application/pkcs7-signature" Content-Disposition: attachment; filename="smime.p7m" Content-Transfer-Encoding: 7Bit --nextPart3571509.Xs4gzcKTgc Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" This is a clear-signed message --nextPart3571509.Xs4gzcKTgc Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Disposition: attachment; filename="smime.p7s" Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIILWzCCBN0w ggPFoAMCAQICEHGS++YZX6xNEoV0cTSiGKcwDQYJKoZIhvcNAQEFBQAwezELMAkGA1UEBhMCR0Ix … kAAAAAAAAA== --nextPart3571509.Xs4gzcKTgc-- Reproducible: Always Steps to Reproduce: (Assuming an identify with a valid S/MIME certificate is configured) New Message. Options/Sign Message - selected Options/Encrypt Message - unselected Options/Formatting (HTML) - unselected Options/Cryptiographic Message Format - S/MIME In the message body - type "This is a clear-signed message" Send Actual Results: Content-Type: multipart/signed; boundary="nextPart3571509.Xs4gzcKTgc"; micalg="sha1"; protocol="application/pkcs7-signature" Content-Disposition: attachment; filename="smime.p7m" Content-Transfer-Encoding: 7Bit --nextPart3571509.Xs4gzcKTgc Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" This is a clear-signed message --nextPart3571509.Xs4gzcKTgc Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Disposition: attachment; filename="smime.p7s" Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIILWzCCBN0w ggPFoAMCAQICEHGS++YZX6xNEoV0cTSiGKcwDQYJKoZIhvcNAQEFBQAwezELMAkGA1UEBhMCR0Ix … kAAAAAAAAA== --nextPart3571509.Xs4gzcKTgc-- Expected Results: Content-Type: multipart/signed; boundary="nextPart3571509.Xs4gzcKTgc"; micalg="sha1"; protocol="application/pkcs7-signature" Content-Transfer-Encoding: 7Bit --nextPart3571509.Xs4gzcKTgc Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" This is a clear-signed message --nextPart3571509.Xs4gzcKTgc Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Disposition: attachment; filename="smime.p7s" Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIILWzCCBN0w ggPFoAMCAQICEHGS++YZX6xNEoV0cTSiGKcwDQYJKoZIhvcNAQEFBQAwezELMAkGA1UEBhMCR0Ix … kAAAAAAAAA== --nextPart3571509.Xs4gzcKTgc-- This bug is a duplicate of Bug 280245, but maybe explains better. This bug doesn't cause a crash, but recipients with at least iPad, iPhone, and Outlook Web are unable to read these messages. gpg2 developer Werner Koch says it's not a problem with gpg, but with KMail regression. http://markmail.org/message/li3nvwhg2mh7kv5n
Looks like the code responsible for MIME is either in messagecomposer or in KMime, the latter described at http://api.kde.org/4.x-api/kdepimlibs-apidocs/kmime/html/index.html#crypto Looks like messagecomposer signjob is responsible for invoking gpg and getting signature, then putting the result together with d->resultContent = Message::Util::composeHeadersAndBody( d->content, signature, d->format, true, signatureHashAlgo ); (https://projects.kde.org/projects/kde/kdepim/repository/revisions/7873c144c0cc31b5627a4b43e52823222b517281/entry/messagecomposer/signjob.cpp#L193) Ah, found it. Looks like it's already been fixed by Volker Krause https://projects.kde.org/projects/kde/kdepim/repository/revisions/24e069f14f1e7d861383b87db7f3a72941400d07 Not sure what the proper resolution should be.
Please check if this problem still exists with KDE 4.8 This should have been resolved by 24e069f14f1e7d861383b87db7f3a72941400d07