[Kolab-devel] [issue4872] PGP/MIME messages with attachments have invalid signatures

aheinecke issues at kolab.org
Tue Aug 19 12:04:46 CEST 2014


PGP/MIME messages created with e3.5 have invalid signatures. They are verified
in other e3.5 clients but are shown as invalid in KMail2, thunderbird / enigmail
and most importantly with gpgparsemail.

Attached is an example mail that leads to:

 ./gpgparsemail --crypto ~/Documents/Signature\ test\ with\ attachment.mbox    
                
.Return-Path: <emanuel.schuetze at intevation.de>
.Received: from localhost (localhost.localdomain [127.0.0.1])
.        by kolab.intevation.de (Cyrus v2.3.16-kolab-nocaps) with LMTPA;
.        Tue, 19 Aug 2014 11:41:31 +0200
.X-Sieve: CMU Sieve 2.3
.Received: from localhost (localhost.localdomain [127.0.0.1])
.       by kolab.intevation.de (Postfix) with ESMTP id 31A4194D166
.       for <andre.heinecke at intevation.de>; Tue, 19 Aug 2014 11:41:31 +0200 (CEST)
.X-Virus-Scanned: by amavisd-new at intevation.de
.X-Spam-Flag: NO
.X-Spam-Score: -1.8
.X-Spam-Level: 
.X-Spam-Status: No, score=-1.8 tagged_above=-999 required=3.5
.       tests=[ALL_TRUSTED=-1.8]
.Received: from localhost (localhost.localdomain [127.0.0.1])
.       by kolab.intevation.de (Postfix) with ESMTP id C219994D167
.       for <andre.heinecke at intevation.de>; Tue, 19 Aug 2014 11:41:30 +0200 (CEST)
.Received: from thoe.hq.intevation.de (aktaia.hq.intevation.de [192.168.11.254])
.       (Authenticated sender: emanuel.schuetze at intevation.de)
.       by kolab.intevation.de (Postfix) with ESMTPSA id ADA8694D166
.       for <andre.heinecke at intevation.de>; Tue, 19 Aug 2014 11:41:30 +0200 (CEST)
.To: Andre Heinecke <andre.heinecke at intevation.de>
.Subject: Signature test with attachment
.From: Emanuel =?iso-8859-1?q?Sch=FCtze?= <emanuel.schuetze at intevation.de>
.Date: Tue, 19 Aug 2014 11:41:28 +0200
.MIME-Version: 1.0
.Content-Type: multipart/signed;
.  boundary="nextPart5165717.X30Rp5ctXb";
.  protocol="application/pgp-signature";
.  micalg=pgp-sha1
.Content-Transfer-Encoding: 7bit
.Message-Id: <201408191141.30234.emanuel.schuetze at intevation.de>
.X-Kolab-Scheduling-Message: FALSE
h media: multipart signed
h signed.protocol: application/pgp-signature
b down
b part
:--nextPart5165717.X30Rp5ctXb
c begin_hash
.Content-Type: multipart/mixed;
.  boundary="Boundary-01=_Kvx8Tab1lRZFVOd"
.Content-Transfer-Encoding: 7bit
.Content-Disposition: inline
h media:   multipart mixed
b down
b part
:--Boundary-01=_Kvx8Tab1lRZFVOd
.Content-Type: text/plain;
.  charset="us-ascii"
.Content-Transfer-Encoding: 7bit
.Content-Disposition: inline
h media:     text plain
 This email with attachment is signed with OpenPGP.
 
b part
:--Boundary-01=_Kvx8Tab1lRZFVOd
.Content-Type: text/plain;
.  charset="iso-8859-1";
.  name="testfile.txt"
.Content-Transfer-Encoding: 7bit
.Content-Disposition: attachment;
.       filename="testfile.txt"
h media:     text plain
 This is a test file.
 
b last
b up
:--Boundary-01=_Kvx8Tab1lRZFVOd--
b part
c end_hash
:--nextPart5165717.X30Rp5ctXb
.Content-Type: application/pgp-signature; name=signature.asc 
.Content-Description: This is a digitally signed message part.
h media:   application pgp-signature
c begin_signature
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iEYEABECAAYFAlPzG8oACgkQoeOGQ2mpEfyLbwCfT0yHqxFGhniLX8exG30ynOaX
 q58An0coFTv+uELN+Ncrjfjs0Ve0LDlZ
 =7oXL
 -----END PGP SIGNATURE-----
 
b last
c end_signature
b up
gpg: reading options from `/home/aheinecke/.gnupg/gpg.conf'
gpg: Signature made Tue 19 Aug 2014 11:41:30 AM CEST using DSA key ID 69A911FC
c [GNUPG:] BADSIG A1E3864369A911FC Emanuel Schütze <emanuel.schuetze at intevation.de>
gpg: BAD signature from "Emanuel Schütze <emanuel.schuetze at intevation.de>"
secmem usage: 1408/1408 bytes in 2/2 blocks of pool 1408/32768

----------
assignedto: aheinecke
files: Signature test with attachment.mbox
keyword: enterprise35, kde client
messages: 28849
nosy: aheinecke, emanuel
priority: urgent
status: unread
title: PGP/MIME messages with attachments have invalid signatures

______________________________________
Kolab issue tracker <issues at kolab.org>
<https://roundup.kolab.org/issue4872>
______________________________________
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Signature test with attachment.mbox
Type: application/mbox
Size: 2600 bytes
Desc: not available
URL: <http://lists.kolab.org/pipermail/devel/attachments/20140819/226bc027/attachment.mbox>


More information about the devel mailing list