Enigmail 1.7 and Gpg4win mailing list
OpenPGP addon for Mozilla Thunderbird
Brought to you by:
pbrunschwig
Hello support,
Enigmail 1.7 is unable to properly check signatures of e-mails sent by any member of the Gpg4win team.
However, Enigmail 1.6 (patched for TB 31 or used with TB 24.6) does properly work in the same circumstances - see screenshots enclosed.
There is no problem with signed and/or encrypted e-mails sent to myself (through aliases) with TB 31 / Enigmail 1.7.
Test configuration:
- TB 31 portable, new profile;
- Enigmail 1.7, default setup;
- No other add-on.
According to the doc, the brand new version has significantly changed compared to the former one. Did I miss something important?
Thank you very much for such a great add-on. Keep up the good work!
Best regards,
Etienne
Hi Etienne,
could you please forward the message shown in your screenshots to patrick at enigmail dot net and ludwig at enigmail dot net? Please forward as attachment, this is important!
Thanks!
Hi Etienne, this is odd, but I can confirm this with any (Kmail) messages Bernhard sent to GnuPG mailing list with Enigmail 1.7 release and 1.8a1pre (20140809-0013) nightly. I created two debug logs from the same message. So that's definitely a bug.
I can not reproduce this. All of Bernhards mails to Gnupg-users have good signatures here. Maybe this is a representation of Bug 77
Well, Patrick stated in Bug 77
If the content-transfer-encoding of the top level MIME part is "base64"
then decryption does not work. Quoted-Printable in the main MIME part
leads to the same result (no surprise).
and Bernhard's message body is encoded quoted-printable:
--===============1865223682==
Content-Type: multipart/signed;
boundary="nextPart6916198.MJa6rPCxsy";
protocol="application/pgp-signature";
micalg=pgp-sha1
Content-Transfer-Encoding: 7bit
--nextPart6916198.MJa6rPCxsy
Content-Type: text/plain;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
So it's a question what is fed to GnuPG since GnuPG fails to verify whereas the same GnuPG fed by EM 1.6 verifies correctly.
Sidenotes:
From the current nightly debug log:
enigmailMessengerOverlay.js: verifyEmbeddedCallback: detected multipart/signed. msigned: 31
What's msigned?
enigmailFuncs.jsm: getHeaderData: Content-Type: multipart/signed; boundary="nextPart6916198.MJa6rPCxsy"; protocol="application/pgp-s
Why is debug output truncated?
Debug output is truncated, because the execution of enigmailMsgHdrViewOverlay.js is terminated due to a bug.
JS debugger says:
** Error in file chrome://enigmail/content/enigmailMsgHdrViewOverlay.js, line 891:
createNewAttachmentInfo is not defined
Termination of the code after this line prohibits the display of the signature status.
I was wrong: there is no execution termination, the execption caused by the undefined variable is caught by other code. Still debugging:-)
Last edit: Ludwig Hügelschäfer 2014-08-10
I'm working on this.
That's easily answered. Until v1.6 Enigmail constructed a clearsigned message to feed GnuPG. This is however not working correctly if the sender sends the email without using "--textmode" (e.g. KMail does this). In Enigmail v1.7 and newer, we no longer construct a clearsigned message, but simply feed the unchanged message plus the detached signature to GnuPG.
I have attached the message that Martin sent me. I can verify it (and Martin too), but Etienne not. Ludwig, could you try to verify the message?
Sorry, no verification possible. No Enigmail status bar, no logfile. Looks like Enigmail is not even triggered.
"My" enigmail is built upon commit e7f9bbf, no own modifications.
As far as I can tell, this is fixed together with bug 299
If this issue is actually fixed in 1.7.1, is it normal that I still get an error message with the nightly build(2014-08-27)?
Test conditions did not change from my original post.
No, if you can reproduce it with the current nightly, then your bug is not fixed. Reopening.
Last edit: Olav Seyfarth 2014-08-27
Etienne, which error message do you receive? Does it show "Bad signature from..."? Did you try with 1.7.2?
Hello Ludwig,
Please find enclosed a screenshot of the message.
Yep.
If ever you need more information, don't hesitate.
Best regards,
Etienne
Forgot to mention... the key does exist!
Thanks for the screenshots.
I could verify your example mail as well as the last mail from Bernhard Reiter on the GnuPG users mailing list, both did show a good signature, so there must be a really special condition on your side.
Of course you have the public key of Bernhard in your keyring, otherwise you wouldn't be able to check his signature at all.
There's a minor glitch in the string used leading to misinterpretation. It should state "Public key <key-id> used to verify signature", not "needed". We'll change this.
If in doubt that there might be "secial circumstances" from the client environment, try to eliminate them step by step. First create a separate minimal Thunderbird profile and reproduce bug there. If bug is still reproducable, backup keyring and settings and cleanly import only keys needed for the test.
Other useful(?) information:
Minimal test profile - TB31 from www.portableapps.com (def. settings) + EM 1.6 / 1.7.2 installed on a ramdisk, no other add-on.
EM 1.6 / 1.7.2 def. settings
Gpg4win 2.2.0 / GPG 2.0.21 up and running.
I can successfully check the original e-mail with EM 1.6 or manually - see enclosed archive.
I can also successfully verify signed (PGP/MIME or inline PGP) e-mails sent to myself.
What else should I try to solve this mystery?
This is probably a Windows only issue. I have the same mail from Bernhard Reiter providing a bad signature on Windows and good signature on Mac OS X. When saving both messages and comparing them gives no difference in the signature relevant parts.
To conclude, the problem we have now is that the message is not verified properly if the line ending (CRLF or LF) does not match the original line ending.
This would be the same as [bugs:#301].
Related
Bugs:
#301