GNOME Bugzilla – Bug 792610
Consider alternate signer emails in sender address verification
Last modified: 2018-10-08 10:02:25 UTC
-note- this /might/ be a bug in the signing part of evolution, however I don't believe so I have a GPG key that lists 3 different identities. All those mail adresses are also managed in Evolution, I've send a few test mails from my various accounts and discover that while the signature is verified correctly evolution displays a warning that there is a mismatch between the sender and signer identity. Other mail clients do not exhibit this behavior, at least Thunderbird in combination with enigmail verified the same e-mail message as completely correct. This behavior is most likely caused because Evolution does only 1 step in verification: it calls GPG to see if the signature is correct, and then verifies the sender e-mail adres against the output from the GPG command. GPG will only display the primary identity associated with the signature, thus sender and signer will always mismatch if send from a different mail account than the primary. Idealy evolution will add a second step in signature verification that collects the UID's associated with a GPG key and verifies whether the sender e-mail adress matches at least one of them. If both steps return true than a green bar for correct verification should be displayed. Steps to reproduce: -create a GPG key containing multiple UID's (e-mail adresses) -send and sign an e-mail from a non-primary adress -open the received mail in evolution and check GPG status. These (closed and outdated bugs) seem to reference the same issue: -https://bugzilla.gnome.org/show_bug.cgi?id=329342 -https://bugzilla.gnome.org/show_bug.cgi?id=742622
Verifying 2 e-mails, first one send from primary e-mail, second one send from @heteigenwijsje.nl gijs@gijs-desktop ~ % CAMEL_DEBUG=gpg evolution (evolution:24381): Gtk-WARNING **: Failed to register client: GDBus.Error:org.gnome.SessionManager.AlreadyRegistered: Unable to register client status: [GNUPG:] NEWSIG status: [GNUPG:] KEY_CONSIDERED DFD68E418E30DA37BE25D0D08B664473D0F3ACF3 0 status: [GNUPG:] SIG_ID kZI+IhYNOm+b95gqNu/psihWwvA 2018-01-15 1516008963 status: [GNUPG:] KEY_CONSIDERED DFD68E418E30DA37BE25D0D08B664473D0F3ACF3 0 status: [GNUPG:] GOODSIG 8B664473D0F3ACF3 Gijs Peskens <gijs.peskens@piratenpartij.nl> status: [GNUPG:] VALIDSIG DFD68E418E30DA37BE25D0D08B664473D0F3ACF3 2018-01-15 CAMEL_DEBUG=gpg evolution :( (evolution:24381): Gtk-WARNING **: Failed to register client: GDBus.Error:org.gnome.SessionManager.AlreadyRegistered: Unable to register client status: [GNUPG:] NEWSIG status: [GNUPG:] KEY_CONSIDERED DFD68E418E30DA37BE25D0D08B664473D0F3ACF3 0 status: [GNUPG:] SIG_ID kZI+IhYNOm+b95gqNu/psihWwvA 2018-01-15 1516008963 status: [GNUPG:] KEY_CONSIDERED DFD68E418E30DA37BE25D0D08B664473D0F3ACF3 0 status: [GNUPG:] GOODSIG 8B664473D0F3ACF3 Gijs Peskens <gijs.peskens@piratenpartij.nl> status: [GNUPG:] VALIDSIG DFD68E418E30DA37BE25D0D08B664473D0F3ACF3 2018-01-15 1516008963 0 4 0 1 8 01 DFD68E418E30DA37BE25D0D08B664473D0F3ACF3 status: [GNUPG:] TRUST_ULTIMATE 0 pgp status: [GNUPG:] VERIFICATION_COMPLIANCE_MODE 23 status: [GNUPG:] NEWSIG status: [GNUPG:] KEY_CONSIDERED DFD68E418E30DA37BE25D0D08B664473D0F3ACF3 0 status: [GNUPG:] SIG_ID AITszGBghn0ocoDBfD/S7rw1+Pg 2018-01-15 1516008476 status: [GNUPG:] KEY_CONSIDERED DFD68E418E30DA37BE25D0D08B664473D0F3ACF3 0 status: [GNUPG:] GOODSIG 8B664473D0F3ACF3 Gijs Peskens <gijs.peskens@piratenpartij.nl> status: [GNUPG:] VALIDSIG DFD68E418E30DA37BE25D0D08B664473D0F3ACF3 2018-01-15 1516008476 0 4 0 1 8 01 DFD68E418E30DA37BE25D0D08B664473D0F3ACF3 status: [GNUPG:] TRUST_ULTIMATE 0 pgp status: [GNUPG:] VERIFICATION_COMPLIANCE_MODE 23 1516008963 0 4 0 1 8 01 DFD68E418E30DA37BE25D0D08B664473D0F3ACF3 status: [GNUPG:] TRUST_ULTIMATE 0 pgp status: [GNUPG:] VERIFICATION_COMPLIANCE_MODE 23 status: [GNUPG:] NEWSIG status: [GNUPG:] KEY_CONSIDERED DFD68E418E30DA37BE25D0D08B664473D0F3ACF3 0 status: [GNUPG:] SIG_ID AITszGBghn0ocoDBfD/S7rw1+Pg 2018-01-15 1516008476 status: [GNUPG:] KEY_CONSIDERED DFD68E418E30DA37BE25D0D08B664473D0F3ACF3 0 status: [GNUPG:] GOODSIG 8B664473D0F3ACF3 Gijs Peskens <gijs.peskens@piratenpartij.nl> status: [GNUPG:] VALIDSIG DFD68E418E30DA37BE25D0D08B664473D0F3ACF3 2018-01-15 1516008476 0 4 0 1 8 01 DFD68E418E30DA37BE25D0D08B664473D0F3ACF3 status: [GNUPG:] TRUST_ULTIMATE 0 pgp status: [GNUPG:] VERIFICATION_COMPLIANCE_MODE 23
Thanks for a bug report. I managed to reproduce it too and also made the below fix. The only problem is that the emails are not returned in the 'status' pipe, only in stderr, which provides localized text, thus it can eventually change in the future and break the code, but I guess that it's good for now. Created commit 0b1784377 in eds master (3.27.90+) Created commit_04aa60a35 in evo master (3.27.90+) [1] [1] https://git.gnome.org/browse/evolution/commit/?id=04aa60a358
*** Bug 795124 has been marked as a duplicate of this bug. ***
Let's have the same for S/MIME too: Created commit 7cfd540aa in eds master (3.29.3+) Created commit f9b9e51b1 in eds gnome-3-28 (3.28.3+)
Bug for sending instead of receiving is bug 329342
The status of this bug is "resolved fixed", I'm using evolution-3.28.5-1.fc28.x86_64 and I still only see the primary UID of a person's GPG key in the "Valid signature" bar.
See comment #2, it can break. You can see what gpg returned either when you click the button beside the "Valid signature" bar, or when you run evolution as: $ CAMEL_DEBUG=gpg evolution which will show raw output from the gpg. If it's not there, or if it contains something unexpected (note of the localization), then the code "fails".
(In reply to Milan Crha from comment #7) > See comment #2, it can break. In Thunderbird this functionality already works fine for years. I know these applications are designed differently, but maybe it can be used as an inspiration to get it working in Evolution?