GNOME Bugzilla – Bug 742622
GPG verification line should be smarter about keys with multiple aliases
Last modified: 2015-02-12 13:02:20 UTC
Say I get an encrypted/signed mail. The sender may have multiple aliases in their GPG key, as foo@one.com and foo@two.com on the same GPG key. If the sender used foo@two.com to send the mail, but foo@one.com is listed as the "first" alias in the GPG key, then Evolution will display that the mail has a valid signature by foo@one.com. This is slightly confusing. It would be nice if Evo could check the GPG key's aliases and see if one of them corresponds to the mail's sender. The attached screenshot shows this problem.
Created attachment 294130 [details] Screenshot that shows mismatched addresses
To clarify what the screenshot shows - Christian's public key has two aliases. The first one is for his mongodb.com address; the second one is for his hergerg.me address. (Similarly, my public key has @gnome.org and @suse.com)
Thanks for a bug report. As far as I can tell, Evolution shows what gpg returns. You can verify that when you run evolution as: $ CAMEL_DEBUG=gpg evolution then select the message. It'll show GPG status line, when one might look like: > status: [GNUPG:] GOODSIG some-id Name <email> where the "Name <email>" is passed to the Evolution UI.