GNOME Bugzilla – Bug 266147
Can't verify GPG signatures of signed and encrypted messages by Enigmail
Last modified: 2013-09-10 14:04:09 UTC
Description of Problem: When a message is both signed and encrypted with Enigmail, the message can be decrypted but the signature is not verified. Steps to reproduce the problem: 1. Write a message with Thunderbird+Enigmail 2. Encrypt and sign (using PGP/MIME) 3. Receive it with Evolution and enter the passphrase Actual Results: The message is decrypted but is declared "unsigned". Expected Results: The message is decrypted and the signature is declared valid. How often does this happen? Always Additional Information: There is a workaround to verify the signature: 1. Save encrypted.asc 2. $ gpg encrypted.asc (or gpg --status-fd 2 encrypted.asc for more details) The same behaviour was reported on Enigmail mailing list (the bug is now solved in Enigmail): http://mozdev.org/pipermail/enigmail/2004-February/001212.html http://bugzilla.mozdev.org/show_bug.cgi?id=5777
Seems to work for me.
adding security keyword for better finding
please attach an example message, and a private key with enough passwords to decode it
Created attachment 44841 [details] example message + 2 keys (passphrase is 'test' for both)
at least punting target milestone from 2.1 to 2.3.
Seeing the same with mail sent from mutt. (Mail is shown as encrypted, gpg says signed/encrypted) Works with mail sent to myself from evolution, it gets correctly recognized as signed+encrypted.
Target for fix needs to be bumped. I'm using evo 2.4.1, still seeing the exact same thing reported in initial report. Mail sent from evo 2.4.1, signed and encrypted with gpg is regonized as being signed and encrypted. Mail sent from thunderbird 1.0.7 using enigmail 0.92.1.0 shows encryption, but the signiture is not recognized. Thunderbird reads them all correctly, signed, unsigned, from enigmail and from evo. Let me know if you need any screenshots or whatnot, though it's pretty easy to reproduce.
punting as per last comment.
*** Bug 321156 has been marked as a duplicate of this bug. ***
bug 334151 and bug 318179 could be duplicates.
*** Bug 334151 has been marked as a duplicate of this bug. ***
Based on my reading, it seems that messages sent in the separate signing/encrypting operations described in RFC 3156 section 6.1, and messages sent in the combined sign/encrypt operation in section 6.2 have the exact same MIME types, and would not be immediately identifiable as 6.1-compliant or 6.2-compliant prior to decryption. What I'm finding is that Enigmail 0.94 is using the combined method of section 6.2 ("the 6.2/combined method"). However, it's also prepending MIME information (i.e. "Content-Type: text/html" or "Content-Type: text/plain") to the message text, and then signing and encrypting that in one operation. Is it possible that Evolution is seeing the embedded MIME information with the assumption that the message is using the 6.1/separate method, and as a result is failing to notice that gpg is returning a "good signature" message? Stated another way, if Enigmail was not prepending MIME information prior to the 6.2/combined operation, would Evolution see the "good signature" message from gpg?
*** Bug 318179 has been marked as a duplicate of this bug. ***
I see the target milestone on this bug is 2.5 however I am running 2.7.4 and still seeing this behaviour. A signed and encrypted message (identified as signed and encrypted by gpg) is only identified as encrypted in evolution. Can we get an update on the state of this bug?
Still no change with Evolution 2.8.2.1. Encrypted and signed mails composed in Thunderbird 1.5.0.10 + Enigmail 0.94.3 are identified only as encrypted.
Might Bug 386474 be a duplicate of this? He has the same problem, but his test message uses Gnus as the sending party. I'm experiencing the original problem of this bug report. Sending party: Thunderbird 2.0.0.0/Mac OS X/Enigmail 0.95/GnuPG 1.4.7, receiving: Evolution 2.10.1 on Debian unstable. When I look at a test message of mine, gpg says: gpg: Good signature from "Viktor Horvath [***]" gpg: aka "Viktor Horvath [***]" gpg: textmode signature, digest algorithm SHA1 gpg: decryption okay gpg: WARNING: message was not integrity protected Maybe Evolution doesn't like that the MDC feature ("integrity protection") was not used?
Bug is still present in 2.22. Message composed, signed and encrypted in Thunderbird 2.0.0.12 + Enigmail 0.95 produces "encrypted only" in Evolution.
*** Bug 558536 has been marked as a duplicate of this bug. ***
Created attachment 124364 [details] [review] proposed eds patch for evolution-data-server; While decrypting, the status lines can contain also information on the possible signatures, thus do not ignore these lines, but read the status from them.
Reproduced this problem with the following: 1st computer: Windows Vista Home Edition 32-bit Mozilla Thunderbird 2.0.0.19 GnuPG 1.4.9 Enigmail 0.95.7 2nd computer: Arch Linux Evolution 2.24.2 seahorse 2.24.1-1 When sending encrypted+digitall signed email (either from the 1st to the 2nd computer, or vice-versa) the received email shows up as encrypted but not as digitally signed. If an email is sent that is only encrypted, it works fine. If an email is sent that is only digitally signed, it works fine.
Patch available by Milan. ping.
*** Bug 386474 has been marked as a duplicate of this bug. ***
Committed to trunk. Committed revision 10042.
*** Bug 503064 has been marked as a duplicate of this bug. ***