Tickets :: [#12763] "BAD signature" message appears when verifying a PGP signed HTML message with attachment

6.0.0-beta1

7/15/25

Summary	"BAD signature" message appears when verifying a PGP signed HTML message with attachment
Queue	IMP
Queue Version	Git master
Type	Bug
State	Resolved
Priority	1. Low
Owners	slusarz (at) horde (dot) org
Requester	tokimemofan (at) gmail (dot) com
Created	10/15/2013 (4291 days ago)
Due
Updated	10/22/2013 (4284 days ago)
Assigned	10/19/2013 (4287 days ago)
Resolved	10/22/2013 (4284 days ago)
Github Issue Link
Github Pull Request
Milestone
Patch	No

10/22/2013 07:20:16 PM	Michael Slusarz	Comment #11 State ⇒ Resolved	Reply to this comment
Fixed in Horde_Smtp 1.2.7.

10/22/2013 07:19:56 PM	Git Commit	Comment #10	Reply to this comment
Changes have been made in Git (master): commit 66c5fb35197715df7957c4f461b33b18642d47d0 Author: Michael M Slusarz <slusarz@horde.org> Date: Tue Oct 22 13:18:10 2013 -0600 [mms] Fix handling EOLs split on a stream bucket boundary (~~Bug #12763~~). framework/Smtp/lib/Horde/Smtp/Filter/Data.php \| 5 +++++ framework/Smtp/package.xml \| 4 ++-- 2 files changed, 7 insertions(+), 2 deletions(-) http://git.horde.org/horde-git/-/commit/66c5fb35197715df7957c4f461b33b18642d47d0

10/22/2013 03:20:32 AM	Michael Slusarz	Comment #9	Reply to this comment
There is some sort of fringe case going on here. I was able to reproduce last night from my laptop. But sending the EXACT same message from my desktop is not causing the issue. The issue has to do with extra spaces being inserted into the base64 output. The bad signature message has the following: VounL3tD6iFSE+oC5iyVcH2yOtYTvBGylG47MZPGPlPesEmpXZslBiEuQEA4Bp202IcU0Zmuq8cU k6TBSVJwy549/b2xXpZenzpo8nMYJ0j0D/gltOr6Brs7FVY61MAB93OeoFdvFNN+yT8l+R+S5nH/ Can verify that the bad signature is exactly two bytes larger - this additional CRLF in the middle of the data. However, I can't reproduce this anymore. So almost certain this is a transient issue dealing with stream EOL processing, that is only tripped on some sort of edge case I have yet to find.

10/21/2013 06:34:32 AM	tokimemofan (at) gmail (dot) com	Comment #8	Reply to this comment
[Show Quoted Text - 17 lines][Hide Quoted Text] I'm wondering if this fixes (i.e. upgrade to Horde_Smtp 1.2.6): commit 72de48b9176a44df5cd06b441b64d22cfe425119 Author: Michael M Slusarz <slusarz@horde.org> Date: Fri Oct 18 19:18:27 2013 -0600 [mms] Fix escaping periods that begin a line of DATA input. framework/Smtp/lib/Horde/Smtp/Filter/Data.php \| 2 +- framework/Smtp/package.xml \| 10 ++-- framework/Smtp/test/Horde/Smtp/FilterDataTest.php \| 53 +++++++++++++++++++++ 3 files changed, 60 insertions(+), 5 deletions(-) create mode 100644 framework/Smtp/test/Horde/Smtp/FilterDataTest.php http://github.com/horde/horde/commit/72de48b9176a44df5cd06b441b64d22cfe425119 http://git.horde.org/horde-git/-/commit/72de48b9176a44df5cd06b441b64d22cfe425119 This method does not fix the "BAD signature" issue in my platform.

10/19/2013 01:26:51 AM	Michael Slusarz	Comment #7 State ⇒ Feedback	Reply to this comment
I'm wondering if this fixes (i.e. upgrade to Horde_Smtp 1.2.6): commit 72de48b9176a44df5cd06b441b64d22cfe425119 Author: Michael M Slusarz <slusarz@horde.org> Date: Fri Oct 18 19:18:27 2013 -0600 [mms] Fix escaping periods that begin a line of DATA input. framework/Smtp/lib/Horde/Smtp/Filter/Data.php \| 2 +- framework/Smtp/package.xml \| 10 ++-- framework/Smtp/test/Horde/Smtp/FilterDataTest.php \| 53 +++++++++++++++++++++ 3 files changed, 60 insertions(+), 5 deletions(-) create mode 100644 framework/Smtp/test/Horde/Smtp/FilterDataTest.php http://github.com/horde/horde/commit/72de48b9176a44df5cd06b441b64d22cfe425119 http://git.horde.org/horde-git/-/commit/72de48b9176a44df5cd06b441b64d22cfe425119

10/18/2013 11:15:05 AM	Jan Schneider	Comment #6 Assigned to Michael Slusarz State ⇒ Assigned	Reply to this comment
Confirmed

10/18/2013 11:14:48 AM	Jan Schneider	Version ⇒ Git master Queue ⇒ IMP

10/18/2013 02:28:21 AM	tokimemofan (at) gmail (dot) com	Comment #5	Reply to this comment
Add information: PGP certs I used are created from Horde Webmail Prefs -> Mail -> PGP UI.

10/17/2013 11:20:42 AM	tokimemofan (at) gmail (dot) com	Comment #4 New Attachment: temp.jpg	Reply to this comment
Cannot reproduce on master. Please try the attached picture as the attachment of PGP signed HTML message. This picture can reproduce the issue on the clean Horde webmail I installed on 10/17.

10/17/2013 10:34:08 AM	Jan Schneider	Comment #3 State ⇒ Feedback Priority ⇒ 1. Low	Reply to this comment
Cannot reproduce on master.

10/17/2013 09:40:11 AM	tokimemofan (at) gmail (dot) com	Comment #2	Reply to this comment
Add information: postfix: 2.9.6 dovecot: 2.0.19

10/15/2013 11:18:49 AM	tokimemofan (at) gmail (dot) com	Comment #1 Priority ⇒ 3. High Type ⇒ Bug Summary ⇒ "BAD signature" message appears when verifying a PGP signed HTML message with attachment Queue ⇒ Horde Groupware Webmail Edition Milestone ⇒ Patch ⇒ No State ⇒ Unconfirmed	Reply to this comment
Today I install a clean Horde Webmail 5.1.2, and all components are the latest stable version. I find that Horde_Stream_Filter 2.0.2 mostly fix the ~~Bug #12673~~, but does not fix the case at "HTML message + Attachment + PGP signed". 1. Write a mail with HTML composition. 2. Add an attachment. I tried JPG/MP3 file. 3. Select encryption option to PGP sign message. 4. Send this message. 5. Verify this message, and "BAD signature" message appears. OS: Ubuntu server 12.04.3 64-bit (update all packages today) GnuPG: 1.4.11 PHP: 5.3.10-1ubuntu3.8 MySQL: 5.5.32-0ubuntu0.12.04.1