[Tickets #12142] Re: GPG signature verification broken
noreply at bugs.horde.org
noreply at bugs.horde.org
Thu Apr 4 05:22:43 UTC 2013
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/12142
------------------------------------------------------------------------------
Ticket | 12142
Updated By | Michael Slusarz <slusarz at horde.org>
Summary | GPG signature verification broken
Queue | Horde Framework Packages
Version | Git master
Type | Bug
State | Feedback
Priority | 1. Low
Milestone |
Patch |
Owners |
------------------------------------------------------------------------------
Michael Slusarz <slusarz at horde.org> (2013-04-03 23:22) wrote:
> mails created with enigmail don't have a detached signature. so the
> signature verification is done in Horde_Crypt_Pgp::_decryptMessage.
> since in this method the pubkeyring consists only my own pubkey,
> this will always yield "Can't check signature: No public key"
> (opposed to the detached signatures which are verified in
> IMP_Crypt_Pgp::verifySignature which automatically tries to fetch
> the correct key....)
I am not following. Signed messages can be sent in one of three ways:
1) As PGP armored text (handled in Plain viewer).
2) multpart/signed w/ application/pgp-signature (handled in PGP viewer).
3) Encrypted + signed message -- multipart/encrypted (handled in PGP
viewer). There are acutally 2 types here (encrypted with embedded
signed part AND encrypted+signed). Both are handled by the PGP viewer.
Not sure which one is not being handled properly for you.
More information about the bugs
mailing list