GNOME Bugzilla – Bug 219709
PGP Signatures are broken for message digests
Last modified: 2002-02-08 18:46:01 UTC
Description of Problem: PGP signatures will be shown as broken for message digests despite being correct. PGP signatures work ok for non digest messages. Steps to reproduce the problem: 1. Subscribe to bugtraq mailing list in digest form 2. Click on one PGP signed message in the digest 3. GPG (tested with gnupg 1.0.6) will tell you the signature is incorrect 4. Checking the signature in mutt will reveal that it is in fact correct Actual Results: Wrong signature displayed Expected Results: Valid signature displayed How often does this happen? always Additional Information: Normal messages work OK. The problem only occurs with message digests.
More info: Evolution handles S/MIME messages just fine, i.e.: Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; What it has problems with are clear-signed PGP messages, particularly those generated by PGP 2.6. PGP 5.0 and up (and GPG) all insert at least one non-empty comment line after the "BEGIN PGP SIGNED MESSAGE" header, which indicates what type of message digest was used (i.e. Hash: SHA1); 2.6 only used MD5. If there is no comment, Evolution eats the next paragraph, and this causes the signature not to verify.
*** This bug has been marked as a duplicate of 218935 ***