#209 Invalid signature, 'cause signed text is changed by enigmail

[hefee]

When sending mails (PGP MIME) with kmail and using a signature with "--". This mail is showed as invalid. This is 'caused by the replacement extensions/enigmail/package/mimeVerify.jsm line 184:

  this.writeToPipe(data.replace(/^-/gm, "- -"));

This is invalid like the rfc 3156 say:
"Multipart/signed and multipart/encrypted are to be treated by agents as opaque, meaning that the data is not to be altered in any way"

This is also filed as bug of kmail, there you'll find also mails that causes the problem:
https://bugs.kde.org/show_bug.cgi?id=286553

[Patrick Brunschwig]

You have to understand the line you reference in the context of how Enigmail does the signature verification.

Enigmail verifies PGP/MIME signed messages by transforming the data to a clearsigned message which is then passed to GnuPG. And for clearsigned messages, the transformation of leading "-" to "- -" is mandatory.

Unless KMail creates PGP/MIME signed messages using the "binary" mode of GnuPG (which does not make sense for emails), there is no reason why this alteration should have an impact on the signature status.

[hefee]

RFC3156 says, that textmode is not needed. Also the docu for gpgme says it clear:
Text mode is for example used for the RFC2015 signatures; note that the updated RFC 3156 mandates that the mail user agent does some preparations so that text mode is not needed anymore.

So yes kmail don't use textmode signatures, but the signatures are correct!
I fixed the creation of mails in kmail 4.11.3 to be textmode safe.

In the context of enigmail I see, that it is hard to switch, 'cause you use gpg via cmdline. But this is no excuse to see that this is a valid bug of enigmail.

[Patrick Brunschwig]

You're certainly right concerning textmode and the fact that it's not needed anymore. I'm planning to work on this, as I'm aware of the issue.

I actually didn't intend to change the status ...

[Patrick Brunschwig]

fix committed.