#329 Enigmail 1.7 broke PGP/MIME verification when using a binary signature

[Ciphermail]

Enigmail 1.7 broke PGP/MIME verification when using a binary signature

Enigmail 1.7 is no longer able to validate email that is PGP/MIME signed if the signature is a binray signature (0x00: Signature of a binary document). A message will only validate correctly if the line endings of the signed message is converted to LF instead of CR/LF as required by OpenPGP.

The following procedure can be used to create a signed email for which the validation fails.

Note: I have attached the relevant files

1. Create a simple multipart email, name it unsigned.eml

Content-Type: multipart/alternative;
boundary="MSG_Boundary"

--MSG_Boundary
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

test

--MSG_Boundary
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable

test

--MSG_Boundary--

2. Make sure that the line endings are CR/LF (this is required by OpenPGP)

todos unsigned.eml

3. Sign the unsigned.eml file

gpg -bas unsigned.eml

4. create a new PGP/MIME signed email from the above elements, name it signed.eml

Subject: Test
From: test@example.com
To: martijn@ciphermail.com
Date: Thu, 4 Sep 2014 11:22:15 +0200
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature";
boundary="PGP_Boundary"
Message-Id: 123

--PGP_Boundary
Content-Type: multipart/alternative;
boundary="MSG_Boundary"

--MSG_Boundary
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

test

--MSG_Boundary
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable

test

--MSG_Boundary--

--PGP_Boundary
Content-Type: application/pgp-signature; name=signature.asc
Content-Transfer-Encoding: 7bit
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQEcBAABAgAGBQJUCXPcAAoJEEYFlwwnGtI758sIALW1E4e0fcQkjg6C448pVznm
OKwmsdC/9DTYWljcpcfYrTPz0Mq3MV0xhQJBfRCWiKVDqXqiX3fQ/yTryYyk0teV
nJJsCvscbJ/GrvHwpLnqZaxKIS3dZbwyoZBZHTmq97gAQYLTnbPFsJR5AKG4GwBT
VvrUn5knVrx7N+or1t2oxQVt3RPX7vecFm0rNgAmG6ZF25YTUwNX6nIDCIMmd/Xj
A5NK4I2sLheGTpR6/iBCZICpZ43MBbzzSJGPdHog0giCWMoVZB0MqFBCSxaJkK2W
42x6LduV18WPC5mwxm3b/JZLITVGZGQPA/yk/gxK7KAhNNGVgwGHSySyqZ9nQH4=
=uoAu
-----END PGP SIGNATURE-----

--PGP_Boundary--

5. Convert line endings to CR/LF

todos signed.eml

Now validate the file by opening it with Thunderbird. Thunderbird reports "BAD signature"

6. Convert line endings to LF

fromdos signed.eml

Now Thunderbird correctly validates the signature

Discussion:

With Thunderbird 1.6 is was able to validate the signature if the line endings were set to CR/LF. Also PGP desktop is able to validate the email when the line ending are set to CR/LF.

If the unsigned.eml file (from step 1 above) is set to LF (instead of the required CR/LF), the signature is always corrupt so it does not look like Thunderbird valdidates with LF.

I have attached the files as examples. The signed.eml file is signed with a key with (short) key ID 271AD23B

[Patrick Brunschwig]

Duplicate to [bugs:#301]

[Ciphermail]

A bit strange to mark a clear bug report with a reproducable test case as invalid. Is the bug considered to be invalid because it's a duplicate bug or is it considered invalid because it's not considered to be a bug?

[Olav Seyfarth]

Please, don't be offended. We thank you for entering a reproducable case and well documented bug report. This was marked invalid since there is an open bug for it and no "duplicate" status. I'll add a pointer in [bugs:#301] that you documented test cases here.

[Patrick Brunschwig]

Added "duplicate" status

[Ludwig Hügelschäfer]

Ciphermail, could you please try again with the current nightly version? This should fix the issue!

[Ciphermail]

Confirmed it works with the nightly version. Thanks!

[Ludwig Hügelschäfer]

Thanks for testing!