| Summary | Signatures of signed & encrypted messages are ignored |
| Queue | IMP |
| Queue Version | 4.3.7 |
| Type | Bug |
| State | Not A Bug |
| Priority | 1. Low |
| Owners | slusarz (at) horde (dot) org |
| Requester | apfelmus (at) ungehorsam (dot) ch |
| Created | 09/05/2010 (5429 days ago) |
| Due | |
| Updated | 11/02/2011 (5006 days ago) |
| Assigned | 09/21/2010 (5413 days ago) |
| Resolved | 11/02/2011 (5006 days ago) |
| Github Issue Link | |
| Github Pull Request | |
| Milestone | |
| Patch | No |
State ⇒ Not A Bug
http://git.horde.org/horde-git/-/commit/221e6622ab049beafed05e6854011be874153e74
commit. This commit fixed the signature always being reported as BAD,
because the full canonical text of the signed part was not available.
This ticket claims that after unencrypting a message, there is no
mentioned that it is signed.
But I am going to close anyway, since this refers to IMP 4 and I
cannot reproduce in IMP 5.
http://git.horde.org/horde-git/-/commit/221e6622ab049beafed05e6854011be874153e74
the email in question has been encrypted to/signed using the secret
key stored in IMP.
That is, if I send signed/encrypted mail to myself, IMP indeed states
the message has been both signed and encrypted. If another person
sends me signed/encrypted mail, i.e. uses a secret key for signing
which is not stored in my IMP account, I will only get notified the
message was encrypted. (I imade sure I'd imported their public keys
before opening their messages.)
This is not an MUA problem on the sender's side: I have sent myself
email using different accounts, but the same MUA, and could reproduce
the aforementioned problem.
Summary ⇒ Signatures of signed & encrypted messages are ignored
concering the signature.
$this->_status[] = _("The message below has been digitally signed and
encrypted with PGP.");
If the underlying message is truly signed, this is what is shown.
Which is what I see. If this is not shown for you then we will need
further details (e.g. debugging; a sample message) to track this down.
signed until it is decrypted.
checked -- which is obviously either not done or not displayed by IMP.
When manually decrypting a signed message with GnuPG, by default it
also performs a signature check as soon as the decryption is finished,
and tells the user whether the signature matches the message content
or not. Decrypting signed messages in IMP doesn't give any user
feedback concering the signature.
Priority ⇒ 1. Low
State ⇒ Feedback
Assigned to Michael Slusarz
until it is decrypted. Signing takes place /inside/ of encrypted
data, not vice versa.
Priority ⇒ 2. Medium
Type ⇒ Bug
Summary ⇒ Signatures of signed && encrypted messages are ignored
Queue ⇒ IMP
Milestone ⇒
Patch ⇒ No
State ⇒ Unconfirmed
apparently ignores the included signature. It only states "The message
below has been encrypted with PGP.", while not mentioning the
signature. This happens with both PGP/Inline and PGP/MIME messages.