Running Enigmail version 1.6 (20131006-1849)
Using gpg executable /usr/bin/gpg to encrypt and decrypt
stephen@SONY ~ $ gpg --version
gpg (GnuPG) 1.4.11
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128,
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
stephen@SONY ~ $
This may be an enhancement request. Apologies up front if so.
I receive an email from a person. The email is digitally signed. I do not know this person. I forward that email to another person, but I do not sign it. Enigmail says there is a problem.
“Signature verification failed”
It seems that Enigmail is not clever enough to differentiate between the two and alert separately. It would make sense to show signature verification failed that this or that signature verification failed. However, in its GUI the developer has chosen to simplify and condense the message and therefore it only tells you that (some) signature failed without being more detailed about which signature that was.
It seems like the error message should say which signature it is that it cannot verify and
ideally the reason for it - e.g. trust not set/known, key expired, etc. Otherwise, the obscure message will send you in a tail spin trying to find out what is wrong with your own signature.
Does one have to validate the signature that was sent to them, before forwarding the original email? That seems cumbersome.