Bug 551042 – Seahorse does not recognize clearsign-signed signatures

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 551042 - Seahorse does not recognize clearsign-signed signatures


Summary:	Seahorse does not recognize clearsign-signed signatures


Status:	RESOLVED WONTFIX

Product:	seahorse-plugins
Classification:	Applications
Component:	General
Version:	2.26.x
Hardware:	Other Linux

Importance:	Normal enhancement
Target Milestone:	2.24
Assigned To:	seahorse-plugins-maint
QA Contact:	seahorse-plugins-maint

URL:
Whiteboard:	gnome[unmaintained]

Depends on:
Blocks:

Reported:	2008-09-05 20:10 UTC by Andreas Moog
Modified:	2020-06-06 08:52 UTC

See Also:
GNOME target:	---
GNOME version:	2.25/2.26

Description Andreas Moog 2008-09-05 20:10:18 UTC

Seahorse apparently doesn't recognize clearsigned or attached signatures and only creates and recognizes detached .sig files. If I attempt to open a file made with the command "gpg --clearsign file" (output: file.asc), seahorse tells me: "Couldn't decrypt file: file.asc. No data". If I try to verify (seahorse-tool -v file), I get the message Couldn't verify file: file.asc. No valid signatures found." Same thing with a file created with "gpg -s file" (output: file.gpg).

It seems to me that seahorse should offer more or less the same underlying functionality as gnupg. I often have to go to the command line to do things like this that could easily be done through a nautilus context menu.

This bug was reported on Launchpad:
https://bugs.edge.launchpad.net/ubuntu/+source/seahorse/+bug/266878

Comment 1 Jérémy Bobbio 2013-09-23 15:40:45 UTC

I had a quick look at this. In tool/seahorse-tool.c:verify_start(), the code directly prompts the user for the original material to verify.

Unfortunately, I can't see an easy way to ask GPGME if the data we are looking at is a cleartext signature or a detached signature.

In the former case, we could avoid prompting a file and call gpgme_op_verify_start() a bit differently.

Comment 2 Jérémy Bobbio 2013-09-24 09:53:08 UTC

There is no easy way in GPGME, see:
https://lists.gnupg.org/pipermail/gnupg-users/2013-September/047710.html

One way to solve it would be to read the begining of the file to look for
"----- BEGIN PGP SIGNED MESSAGE -----\n". Not ideal but should be good
enough.

Comment 3 André Klapper 2020-06-06 08:52:28 UTC

seahorse-plugins is not under active development anymore:
https://gitlab.gnome.org/Infrastructure/Infrastructure/issues/257

It had its last code changes many years ago:
https://gitlab.gnome.org/GNOME/seahorse-plugins/-/commits/master

Closing this report as WONTFIX as part of Bugzilla Housekeeping to reflect
reality. Please feel free to reopen this ticket (or rather transfer the project
to GNOME Gitlab, as GNOME Bugzilla is deprecated) if anyone takes the
responsibility for active development again.