[Tickets #12142] Re: GPG signature verification broken
noreply at bugs.horde.org
noreply at bugs.horde.org
Thu Apr 4 12:17:37 UTC 2013
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/12142
------------------------------------------------------------------------------
Ticket | 12142
Updated By | o+horde at immerda.ch
Summary | GPG signature verification broken
Queue | Horde Framework Packages
Version | Git master
Type | Bug
State | Feedback
Priority | 1. Low
Milestone |
Patch |
Owners |
------------------------------------------------------------------------------
o+horde at immerda.ch (2013-04-04 12:17) wrote:
>> mails created with enigmail don't have a detached signature. so the
>> signature verification is done in Horde_Crypt_Pgp::_decryptMessage.
>> since in this method the pubkeyring consists only my own pubkey, this
>> will always yield "Can't check signature: No public key" (opposed to
>> the detached signatures which are verified in
>> IMP_Crypt_Pgp::verifySignature which automatically tries to fetch the
>> correct key....)
>
> I am not following. Signed messages can be sent in one of three ways:
>
> 1) As PGP armored text (handled in Plain viewer).
> 2) multpart/signed w/ application/pgp-signature (handled in PGP viewer).
> 3) Encrypted + signed message -- multipart/encrypted (handled in PGP
> viewer). There are acutally 2 types here (encrypted with embedded
> signed part AND encrypted+signed). Both are handled by the PGP
> viewer.
>
> Not sure which one is not being handled properly for you.
its about case 3:
* when there is a pgp-encrypted part which contains both an encrypted
packet and a signature packet, the signature is only verified in
Horde_Crypt_Pgp::_decryptMessage, which does not fetch the key from a
keyserver.
* whereas when the encrypted part contains a message with a detached
signature, it is verified in the viewer, and the key is properly
fetched.
for the two cases see http://www.ietf.org/rfc/rfc2015.txt section 6.2 vs. 6.1
More information about the bugs
mailing list