6.0.0-git
2019-03-23

[#9225] Signatures of signed & encrypted messages are ignored
Summary Signatures of signed & encrypted messages are ignored
Queue IMP
Queue Version 4.3.7
Type Bug
State Not A Bug
Priority 1. Low
Owners slusarz (at) horde (dot) org
Requester apfelmus (at) ungehorsam (dot) ch
Created 2010-09-05 (3121 days ago)
Due
Updated 2011-11-02 (2698 days ago)
Assigned 2010-09-21 (3105 days ago)
Resolved 2011-11-02 (2698 days ago)
Milestone
Patch No

History
2011-11-02 19:43:15 Michael Slusarz Comment #7
State ⇒ Not A Bug
Reply to this comment
No - this ticket does not describe the symptoms described by this 
commit.  This commit fixed the signature always being reported as BAD, 
because the full canonical text of the signed part was not available.   
This ticket claims that after unencrypting a message, there is no 
mentioned that it is signed.

But I am going to close anyway, since this refers to IMP 4 and I 
cannot reproduce in IMP 5.
2010-09-21 16:08:50 Jan Schneider State ⇒ Assigned
 
2010-09-09 10:55:34 apfelmus (at) ungehorsam (dot) ch Comment #5 Reply to this comment
I did a quick test, and apparently the message only shows up for me if 
the email in question has been encrypted to/signed using the secret 
key stored in IMP.

That is, if I send signed/encrypted mail to myself, IMP indeed states 
the message has been both signed and encrypted. If another person 
sends me signed/encrypted mail, i.e. uses a secret key for signing 
which is not stored in my IMP account, I will only get notified the 
message was encrypted. (I imade sure I'd imported their public keys 
before opening their messages.)

This is not an MUA problem on the sender's side: I have sent myself 
email using different accounts, but the same MUA, and could reproduce 
the aforementioned problem.
2010-09-08 21:30:11 Michael Slusarz Comment #4
Summary ⇒ Signatures of signed & encrypted messages are ignored
Reply to this comment
Decrypting signed messages in IMP doesn't give any user feedback 
concering the signature.
Yes it does.  See, e.g., imp/lib/MIME/Viewer/pgp.php:207

$this->_status[] = _("The message below has been digitally signed and 
encrypted with PGP.");

If the underlying message is truly signed, this is what is shown.   
Which is what I see.  If this is not shown for you then we will need 
further details (e.g. debugging; a sample message) to track this down.
2010-09-08 13:34:33 apfelmus (at) ungehorsam (dot) ch Comment #3 Reply to this comment
How is this supposed to work?  You don't know that a message is 
signed until it is decrypted.
Exactly. But as soon as the message is decrypted, the signature can be 
checked -- which is obviously either not done or not displayed by IMP. 
When manually decrypting a signed message with GnuPG, by default it 
also performs a signature check as soon as the decryption is finished, 
and tells the user whether the signature matches the message content 
or not. Decrypting signed messages in IMP doesn't give any user 
feedback concering the signature.
2010-09-07 23:40:22 Michael Slusarz Comment #2
Assigned to Michael Slusarz
State ⇒ Feedback
Priority ⇒ 1. Low
Reply to this comment
How is this supposed to work?  You don't know that a message is signed 
until it is decrypted.  Signing takes place /inside/ of encrypted 
data, not vice versa.
2010-09-05 11:59:10 apfelmus (at) ungehorsam (dot) ch Comment #1
Type ⇒ Bug
State ⇒ Unconfirmed
Priority ⇒ 2. Medium
Summary ⇒ Signatures of signed && encrypted messages are ignored
Queue ⇒ IMP
Milestone ⇒
Patch ⇒ No
Reply to this comment
When opening an email which has been signed and encrypted, IMP 
apparently ignores the included signature. It only states "The message 
below has been encrypted with PGP.", while not mentioning the 
signature. This happens with both PGP/Inline and PGP/MIME messages.

Saved Queries