Bug 378320 - SMIME/X509: Encrypted message Not enough information to check signature. %1(I18N_ARGUMENT_MISSING)
Summary: SMIME/X509: Encrypted message Not enough information to check signature. %1(...
Status: REPORTED
Alias: None
Product: kmail2
Classification: Applications
Component: UI (show other bugs)
Version: 5.4.3
Platform: Other Linux
: NOR normal (vote)
Target Milestone: ---
Assignee: kdepim bugs
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-03-31 15:27 UTC by Achim Bohnet
Modified: 2017-05-19 15:27 UTC (History)
1 user (show)

See Also:
Latest Commit:
Version Fixed In:


Attachments
mail signed with my key. (With 'MPG CA' as 3rd level CA) (7.76 KB, application/mbox)
2017-04-15 13:39 UTC, Achim Bohnet
Details
kwatchgnupg log of mail from attachemnt above ( differs starting at line 73 from (3) ) (20.43 KB, text/x-log)
2017-04-15 13:40 UTC, Achim Bohnet
Details
watchgnupg log of a mail with a successully verified signature (with different 3rd level CA than 'MPG CA') (24.88 KB, text/x-log)
2017-04-15 13:41 UTC, Achim Bohnet
Details
Screenshot of kleopatra with 'non uniq' cert 'MPG CA' (193.77 KB, image/png)
2017-04-15 13:59 UTC, Achim Bohnet
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Achim Bohnet 2017-03-31 15:27:47 UTC
On KDE Neon-User installation with Plasma 5.9.4 and Kmail 5.4.3, I added my X509 Cert and key and installed kleopatra

I can decrypt a S/MIME message, but signatures can't be verified, despite the fact that encryption and signature used the same key.  After decrypting the msg and clicking on 'Show details' in the upper right oranage part of the message view:

Encrypted message
Not enough information to check signature. %1(I18N_ARGUMENT_MISSING)
Status: No status information available.

This is reproducable with all signed and encrypted&signed msg that I have.  Also with msg I sent with my key from Apple Mail to me.

In Kleopatra the X509 chain to my certificate seem to be trusted. At least Kleopatra over only the option to distrust them.  Others are options are disabled (light gray). My X509 cert is in Bold and RMB Menu I can't change trust at all.

Achim
P.S FWIW signing and encry do not work at all with my X509 key. I always get 'not found ' when I add it to my Kmail-Identity.  (Will be another bug report when reading is fixed)

Achim
Comment 1 Laurent Montel 2017-04-03 11:34:22 UTC
Git commit 2e6ad643072a5de40b96365d352966244f1c0116 by Montel Laurent.
Committed on 03/04/2017 at 11:33.
Pushed by mlaurent into branch 'Applications/17.04'.

Fix i18n(...) it's a "block" variable here.

M  +2    -2    messageviewer/src/messagepartthemes/default/templates/signedmessagepart.html

https://commits.kde.org/messagelib/2e6ad643072a5de40b96365d352966244f1c0116
Comment 2 Achim Bohnet 2017-04-13 15:48:44 UTC
Signing and encryption problem is described in https://bugs.kde.org/show_bug.cgi?id=378745

Maybe info there helps to unterstand the 'Signature verfication' fails.
Comment 3 Achim Bohnet 2017-04-15 13:39:15 UTC
Created attachment 105035 [details]
mail signed with my key.  (With 'MPG CA' as 3rd level CA)
Comment 4 Achim Bohnet 2017-04-15 13:40:50 UTC
Created attachment 105036 [details]
kwatchgnupg log of mail from attachemnt above ( differs starting at line 73 from (3) )
Comment 5 Achim Bohnet 2017-04-15 13:41:25 UTC
Created attachment 105037 [details]
watchgnupg log of a mail with a successully verified signature (with different 3rd level CA than 'MPG CA')
Comment 6 Achim Bohnet 2017-04-15 13:43:02 UTC
Apple Mail marks signed mail from our coorporate members, with 'MPG CA' in chain as okay.  Nobody complains on the our List about broken signartues.  (I bet all OS & MTA Agents combinations are used to read those mails)

Look like kmail fails to update the CRL of 'MPG CA'.  Maybe that's the signature check failure reason?  At least I've found other signed mail with same 1st&2nd level CAs but different 3rd level CA, that is successfully verified.

Attachments:

1) s_mine_signed.mbox: mail signed with my key.  (With 'MPG CA' as 3rd level CA)
2) smime-bad-sig-check.log: kwatchgnupg log of mail from attachemnt above ( differs starting at line 73 from (3) )
3) smime-good-sig-check.log: watchgnupg log of a mail with a successully verified signature (with different 3rd level CA than 'MPG CA')

Hope this helps!
Achim
Comment 7 Achim Bohnet 2017-04-15 13:59:18 UTC
Created attachment 105038 [details]
Screenshot of kleopatra with 'non uniq' cert 'MPG CA'

About the 'mehrdeutiger Name' (en: not unique name) error in the log when trying to update the CRL: I see in kleopatra that there are 2 'MPG CA' keys.  Details see attached screen shot.
Comment 8 Dennis Schridde 2017-05-19 15:25:42 UTC
When I enable S/MIME OCSP checks, I also see the following in the logs:
```
...
  4 - 2017-05-19 17:21:21 gpgsm[8356]: DBG: chan_10 -> ISVALID <<REDACTED>>
  4 - 2017-05-19 17:21:21 gpgsm[8356]: DBG: chan_10 <- ERR 167772220 Not supported <Dirmngr>
...
  4 - 2017-05-19 17:21:36 gpgsm[8562]: DBG: chan_10 -> ISVALID <<REDACTED>>
  4 - 2017-05-19 17:21:36 gpgsm[8562]: DBG: chan_10 <- ERR 167772220 Not supported <Dirmngr>
  4 - 2017-05-19 17:21:36 gpgsm[8562]: certificate <<REDACTED>>
  4 - 2017-05-19 17:21:36 gpgsm[8562]: checking the CRL failed: Not supported
  4 - 2017-05-19 17:21:36 gpgsm[8562]: validation model used: shell
...
```
Comment 9 Dennis Schridde 2017-05-19 15:27:04 UTC
When I disable CRL checks, I can send S/MIME encrypted & signed emails.