I receive pgp-signed messages which are just pgp-encoded rather pgp-encrypted. So, it is sufficient just to gpg -d file.txt to decode a pgp block. Here file.txt is -----BEGIN PGP MESSAGE----- Version: PGP 6.5.8 owFlkDtIA0EQho+gggcHiogiIoOg2OTcu5hLvEoE7SMIErDw0Qgq2Njb2WhjKYiN ... mbjcpP8B =dv5G -----END PGP MESSAGE----- At case you haven't sender public key, you get just a warning, but decoding still takes place (I have tried it on the another Linux box). So it is use case when a public key is used for signing only rather for encryption. For such incoming messages KMail shows green-decorated error: Message was signed by someone@somewhere (Key ID: 0x-----). The signature is valid and the key is fully trusted. Hide Details <div style="font-size:x-large; text-align:center;padding:20pt;">Could not decrypt the data.</div> End of signed message P.S. At the moment I use Thunderbird to receive these messages. Reproducible: Always
I'm ready to sent a message with included PGP-block to this KMail component developer directly but want to avoid publishing it here.
Addition. If I hit F5 on the folder with such messages, some of messages are duplicated in the headers list. After restarting KMail duplicates absent (until next folder refresh :)). So decoding errors results in duplications creating, I guess.
I'm still ready to send PGP-signed (encoded, but not encrypted) message example directly to KMail team member. Or - must I supply any additional information? BTW, KMail1 has dealt with this use case perfectly.
4.14.1 still has the issue. Are there steps I can do to help in resolving the issue? It it the only KMail show stopper at the moment preventing to return to the favorite mail client after dark kmail2 years :)
4.14.3 still has the issue.
Attempts to workaround the bug is here: https://forum.kde.org/viewtopic.php?f=18&t=124680
Can you send me a a test mail in private? That would help to understand your problem.
Have sent.
I can reproduce the behaviour.
$ gpg --list-packets email.txt :compressed packet: algo=1 :signature packet: algo 17, keyid XXXXXXXXXXXXXXXX version 4, created 1428544404, md5len 0, sigclass 0x00 digest algo 2, begin of digest ca 75 hashed subpkt 2 len 4 (sig created 2015-XX-XX) subpkt 16 len 8 (issuer key ID XXXXXXXXXXXXXXXX) data: [160 bits] data: [160 bits] :literal data packet: mode b (62), created 1428544404, name="", raw data: 409 bytes
HI! This very simple (and verified) issue is still untouched by the team. Is there any reason to hope? KMail1 has dealt this situation seamlessly, so there is a code for reference.
adding Andree as part of libkleo, libgpgme. "BEGIN PGP MESSAGE" start a DecryptionJob, but this fails because it don't find a valid decrypted messages. because it isn't decrypted. So the question is what need to be done to descide if that is okay or not?
Git commit 0af8d92ccf1ffc3d5eef1b5028ec754847862daa by Andre Heinecke. Committed on 18/12/2015 at 17:44. Pushed by aheinecke into branch 'master'. Add test using decryptVerify on opaque signed data The test used the decryptVerifyJob to verify the test.data.signed-opaque.asc file. M +26 -0 kleopatra/tests/test_verify.cpp http://commits.kde.org/kdepim/0af8d92ccf1ffc3d5eef1b5028ec754847862daa
It's an opaque signed pgp message if its signed but not encrypted. So the right Job for this would be verifyOpaqueJob which Kleopatra uses from the clipboard if it detects PGP MESSAGE as content. And confusingly enough this also decrypts encrypted PGP MESSAGES,.. so you could use that. But I thought that you should also be able to use a normal decryptVerifyJob for this but was not sure so I wrote the test from Comment 13 to try it. Basically you can see that when decryption failed but if the VerificationResult has a Signature that you can use the VerificationResult's Signature to show signature information and show the returned plaintext.
@Andre thanks for the fast response. I now also have a bugfix for this bug. But I just get it right - from outside I can't differ if it is encrypted or only a encoded signature, because both use PGP MESSAGES header? So there is no way to select the "correct" job for it. Is it recommended to use verifyOpaqueJob in any case? Should we first ask gnupgp what kind of packets are inside the message? @Andrew: You sent me a sample mail in private - is it okay if i publish it as testcase in the code? Because I can't read cryrillic, I can't deside if there are any sensible/private informations.
(In reply to Sandro Knauß from comment #15) > @Andrew: You sent me a sample mail in private - is it okay if i publish it > as testcase in the code? Because I can't read cryrillic, I can't deside if > there are any sensible/private informations. @Sandro, yes, if it is impossible to prepare signed and not encrypted document, then - OK, you can publish that email message as a test case.
(In reply to Sandro Knauß from comment #15) > @Andre thanks for the fast response. I now also have a bugfix for this bug. > But I just get it right - from outside I can't differ if it is encrypted or > only a encoded signature, because both use PGP MESSAGES header? Yes. > So there is no way to select the "correct" job for it. Is it recommended to use > verifyOpaqueJob in any case? Sorry I have not designed this API. As I see it you can use either, verifyOpaque (if it also decrypts) might produce nicer results as the general decryptverify job but as far as I know it should be Ok to use both. > Should we first ask gnupgp what kind of packets > are inside the message? Parsing the output of list-packets you mean? I don't think this is sensible to do in KMail. Werner Koch will add API for this in GpgME in the next months because we need to Answer the question "Hey GnuPG, what should we do with this data" to better support file extensions (where it's often .asc or .gpg) for various data formats this could then also be used in this case. > @Andrew: You sent me a sample mail in private - is it okay if i publish it > as testcase in the code? Because I can't read cryrillic, I can't deside if > there are any sensible/private informations. You can generate such a mail if you just do "echo foo | gpg2 -as" on the command line and copy & paste this into a mail.
Git commit a34229dd625ca371f8d905946bcd6106c92b826c by Sandro Knauß. Committed on 28/12/2015 at 13:47. Pushed by knauss into branch 'Applications/15.12'. Handle signed only inline messages correctly In a PGP MESSAGE block can also only be a signed only message. So if the decyption fails but a signature is availabe it is a signed only part. REVIEW: 126454 A +33 -0 messageviewer/autotests/data/openpgp-encoded.mbox A +410 -0 messageviewer/autotests/data/openpgp-encoded.mbox.html M +27 -20 messageviewer/src/viewer/objecttreeparser.cpp http://commits.kde.org/kdepim/a34229dd625ca371f8d905946bcd6106c92b826c
(In reply to Andre Heinecke from comment #17) > Parsing the output of list-packets you mean? I don't think this is sensible > to do in KMail. Werner Koch will add API for this in GpgME in the next > months because we need to Answer the question "Hey GnuPG, what should we do > with this data" to better support file extensions (where it's often .asc or > .gpg) for various data formats this could then also be used in this case. Please inform me about that - I was in the past also wondering if we can add better support for crypted attachments. And faced the problem that I don't have a easy way to get the information what kind of object I face. > > @Andrew: You sent me a sample mail in private - is it okay if i publish it > > as testcase in the code? Because I can't read cryrillic, I can't deside if > > there are any sensible/private informations. > > You can generate such a mail if you just do "echo foo | gpg2 -as" on the > command line and copy & paste this into a mail. Yeah I did that approch to create the sample mail.
Great, thanks! I will verify as fast as Arch Linux get 15.12.1 (or add the patch).
The Arch Linux team has kindly applied the patch, and now I can verify the issue is resolved. Thanks to the KDE team!
*** Bug 357417 has been marked as a duplicate of this bug. ***