I have successfully used Thunderbird/Enigmail for signed and encrypted mail for a long time. I have, at long last, managed to get a version of Gpg4win (2.1.1.beta 197) working on my Outlook 2007 set-up, and have been testing with mails from one to the other. As they are on the same machine they are using the same keyring and keys. Signed and encrypted mail from Thunderbird to Outlook works just fine. Mail from Thunderbird/Enigmail to Thunderbird/Enigmail works OK. Mail from Outlook 2007 to Outlook 2007 works perfectly too. However, mail from Outlook/gpg4win to Thunderbird/Enigmail is decypted OK, but the signature fails to verify every time. There is no normal Enigmail coloured band at the top of the screen, the signature appears at the bottom as an attached text file. If I open it, it gives a bad signature. The same applies if the messages are only signed and not encrypted.
Werner Kock tells me that test messages from me using Outlook/gpg4win set-up verify OK,
Quote on....
your test mail verified fine using after the saving the file to a Unix
mailbox file:
~/b/gnupg/tools/gpgparsemail --crypto test.mbox
I use this tool to parse and verify MIME messages. The GpgOL MIME
parser is actually based on code from this tool.
Quote off......
Any ideas as to what might be wrong, or where I should start looking for the problem?
Regards,
Bob
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
After reading your query i suggest you dont worry i will help on should try PST to MBOX converter this will help you try it from my opinion, i am sure you liked it. please visit to solve your problem :-http://www.toolsbaer.com/pst-to-mbox-conversion/
Last edit: jontyrode 2018-11-05
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I've attached a message written from one of my addresses to another using Outlook/Gpg4win to Thunderbird/Enigmail. The message received in Thunderbird shows a yellow band across the top with "Unverified signature; click on 'Details' button for more information". Clicking "Details" only shows "OpenPGP security info" and "Copy OpenPGP security info" - the other four lines are greyed out. Clicking "OpenPGP security info" gives a pop up box with just "OpenPGP security info" written in it. I'm using keys that have ultimate validity to me.
Thanks a lot. I can reproduce the yellow box saying "Unverified signature; click on 'Details' button for more information". I'll look further into the matter.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
gpg: ASCII-Hülle: BEGIN PGP SIGNED MESSAGE
Hash: SHA1
:packet 63: length 11 gpg: ASCII-Hülle:
gpg: ASCII-Hülle: BEGIN PGP SIGNATURE
Version: GnuPG v2.0.20 (MingW32)
:literal data packet:
mode t (74), created 0, name="",
raw data: unknown length
gpg: ASCII-Hülle:
gpg: Ursprünglicher Dateiname=''
:signature packet: algo 1, keyid 7EEFA309D5078B4F
version 4, created 1369595441, md5len 0, sigclass 0x00
digest algo 8, begin of digest d7 2b
hashed subpkt 2 len 4 (sig created 2013-05-26)
subpkt 16 len 8 (issuer key ID 7EEFA309D5078B4F)
data: [2047 bits]
gpg: Signatur vom So 26 Mai 21:10:41 2013 CEST mittels RSA-Schlüssel ID D5078B4F
gpg: WARNUNG: Widersprechende Hashverfahren in der signierten Nachricht [GNUPG:] ERRSIG 7EEFA309D5078B4F 1 8 00 1369595441 1
gpg: Signatur kann nicht geprüft werden: Allgemeiner Fehler
The corresponding english message is "WARNING: signature digest conflict in message"
If you search the web, you'll end up with quite some hits (e.g. http://www.mozdev.org/pipermail/enigmail/2009-December/011821.html). It basically boils down to the fact that the indicated hash algorithm in the header is not the one used to produce the signature (which is absolutely necessary). I'm not sure how to fix this on the outlook side, as I'm not using this. Maybe a posting on the gpg-users mailinglist can give you more help.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I have successfully used Thunderbird/Enigmail for signed and encrypted mail for a long time. I have, at long last, managed to get a version of Gpg4win (2.1.1.beta 197) working on my Outlook 2007 set-up, and have been testing with mails from one to the other. As they are on the same machine they are using the same keyring and keys. Signed and encrypted mail from Thunderbird to Outlook works just fine. Mail from Thunderbird/Enigmail to Thunderbird/Enigmail works OK. Mail from Outlook 2007 to Outlook 2007 works perfectly too. However, mail from Outlook/gpg4win to Thunderbird/Enigmail is decypted OK, but the signature fails to verify every time. There is no normal Enigmail coloured band at the top of the screen, the signature appears at the bottom as an attached text file. If I open it, it gives a bad signature. The same applies if the messages are only signed and not encrypted.
Werner Kock tells me that test messages from me using Outlook/gpg4win set-up verify OK,
Quote on....
your test mail verified fine using after the saving the file to a Unix
mailbox file:
~/b/gnupg/tools/gpgparsemail --crypto test.mbox
I use this tool to parse and verify MIME messages. The GpgOL MIME
parser is actually based on code from this tool.
Quote off......
Any ideas as to what might be wrong, or where I should start looking for the problem?
Regards,
Bob
Hey
After reading your query i suggest you dont worry i will help on should try PST to MBOX converter this will help you try it from my opinion, i am sure you liked it. please visit to solve your problem :-http://www.toolsbaer.com/pst-to-mbox-conversion/
Last edit: jontyrode 2018-11-05
Can you attach a sample message?
I've attached a message written from one of my addresses to another using Outlook/Gpg4win to Thunderbird/Enigmail. The message received in Thunderbird shows a yellow band across the top with "Unverified signature; click on 'Details' button for more information". Clicking "Details" only shows "OpenPGP security info" and "Copy OpenPGP security info" - the other four lines are greyed out. Clicking "OpenPGP security info" gives a pop up box with just "OpenPGP security info" written in it. I'm using keys that have ultimate validity to me.
Regards,
Bob
Thanks a lot. I can reproduce the yellow box saying "Unverified signature; click on 'Details' button for more information". I'll look further into the matter.
gpg: ASCII-Hülle: BEGIN PGP SIGNED MESSAGE
Hash: SHA1
:packet 63: length 11 gpg: ASCII-Hülle:
gpg: ASCII-Hülle: BEGIN PGP SIGNATURE
Version: GnuPG v2.0.20 (MingW32)
:literal data packet:
mode t (74), created 0, name="",
raw data: unknown length
gpg: ASCII-Hülle:
gpg: Ursprünglicher Dateiname=''
:signature packet: algo 1, keyid 7EEFA309D5078B4F
version 4, created 1369595441, md5len 0, sigclass 0x00
digest algo 8, begin of digest d7 2b
hashed subpkt 2 len 4 (sig created 2013-05-26)
subpkt 16 len 8 (issuer key ID 7EEFA309D5078B4F)
data: [2047 bits]
gpg: Signatur vom So 26 Mai 21:10:41 2013 CEST mittels RSA-Schlüssel ID D5078B4F
gpg: WARNUNG: Widersprechende Hashverfahren in der signierten Nachricht
[GNUPG:] ERRSIG 7EEFA309D5078B4F 1 8 00 1369595441 1
gpg: Signatur kann nicht geprüft werden: Allgemeiner Fehler
The corresponding english message is "WARNING: signature digest conflict in message"
If you search the web, you'll end up with quite some hits (e.g. http://www.mozdev.org/pipermail/enigmail/2009-December/011821.html). It basically boils down to the fact that the indicated hash algorithm in the header is not the one used to produce the signature (which is absolutely necessary). I'm not sure how to fix this on the outlook side, as I'm not using this. Maybe a posting on the gpg-users mailinglist can give you more help.
OK, I'll take that information and see if the chaps at the Outlook end can shed any light on the problem. Thanks.
Regards,
Bob