[imp] Multiple GPG issues in IMP 6.0.4

Jan Schneider jan at horde.org
Mon Feb 25 11:38:25 UTC 2013 

Zitat von Laurent Blume <laurent at elanor.org>:

> Hello all,
>
> I'm trying to set up GPG in Horde 5.0.4 / IMP 6.0.4 (groupware  
> webmail edition).
>
> I'm hitting several issues, which surprises me. as some of them are  
> quite noticeable, but I don't see what I could be doing wrong.
>
> First, system summary: it's running on Solaris 10 / Apache 2.2.22 /  
> PHP 5.3.22. I've built Apache and PHP myself.
> The Horde/Webmail suite was installed using PEAR, in its own  
> directory. IT was reinstalled from scratch and configuration from an  
> older install copied over and updated from the interface.
> The GPG binary comes from OpenCSW, I tried their 1.4.12 and 2.0.18  
> versions, same problems.
>
> Unless specified otherwise, I've been using the en_US locale to test.
>
> Here goes.
>
>  - Sending an encrypted/signed email to myself, the signature is  
> always bad: it does decrypt it, it does list show the correct RSA  
> ID, but it always say the signature is bad.
> I've tried recreating a key from scratch inside IMP to make sure  
> there was no interference from an older one, but the issue stays.
>
>  - creating a new key ignores the parameters: I tried to create a  
> key 2048 bits long, and with a one year expiration. So I set the  
> keylength, unchecked "Expiration", made sure the date was right,  
> clicked on "Create Keys". But the resulting key is 1024 bits long,  
> and has no expiration date.
>
>  - icons don't match the message.
> This looks like http://bugs.horde.org/ticket/10273 but is actually  
> more, ie, it happens also using the en_US locale.
> Eg, from the above issue, my own signature is always said to be bad.
> In en_US, the icon is the right one, error icon:
> Error
> gpg: Signature made Sat Feb 23 19:29:14 2013 CET using RSA key ID 9FE86AD4
> gpg: BAD signature from "Laurent Blume <laurent À elanor.org>"
>
> In fr_FR, the icon is wrong, it says success, even though the  
> message says otherwise:
> Succès
> gpg: Signature faite le 23 février 2013 19:39:26 CET avec la clé RSA  
> ID 9FE86AD4
> gpg: MAUVAISE signature de « Laurent Blume <laurent À elanor.org> »
>
> That matches the bug ID above. However, in en_US, with a message  
> from another source where the key is not present, the icon still  
> says success, even though GPG said it could not check the signature:
> Success
> gpg: Signature made Sun Feb 24 12:26:03 2013 CET using RSA key ID 9449EF58
> gpg: Can't check signature: public key not found
>
>  - signature verification is not able to use subkeys properly
> I imported my work public keys, exported from by PGP Desktop 9.12.0,  
> using its Send To: Mail Recipient function.
> However, after importing it, IMP still can't check the signature of  
> a crypted email.
> It seems to be because PGP Desktop uses specific subkeys for  
> crypting and signing, with different IDs, and IMP is not able to  
> process them.
>
> Here's what they look like:
> $ gpg --list-keys xxx at xxx
> pub   2048R/BFE9A6A5 2011-05-18
> uid                  Blume, Laurent <xxx at xxx>
> sub   2048R/E39D18A6 2011-05-18 [expire: 2013-05-16]
> sub   2048R/9449EF58 2011-05-18 [expire: 2013-05-16]
>
> When I click on Details in IMP, it shows only this one:
> Key ID:           0xBFE9A6A5
>
> And clicking on a crypted/signed email, it complains:
> gpg: Signature made Sun Feb 24 12:26:03 2013 CET using RSA key ID 9449EF58
> gpg: Can't check signature: public key not found
>
> Even though 9449EF58 is part of the same public key block.
>
>
> Any hint welcome on how to fix that.
>
> Thanks,
>
> Laurent

As a starter, you could run the unit tests to see if there is some  
general issues with your system and how GPG is working there:

pear install horde/horde_test
php /usr/share/php/Horde_Crypt/Horde/Crypt/AllTests.php

Your path to the test/ directory might be different.
-- 
Jan Schneider
The Horde Project
http://www.horde.org/

More information about the imp mailing list