Fri, 10 Apr 2026 17:02:26 +0000 https://bugs.horde.org/ticket/9225 Signatures of signed & encrypted messages are ignored When opening an email which has been signed and encrypted, IMP apparently ignores the included signature. It only states "The message below has been encrypted with PGP.", while not mentioning the signature. This happens with both PGP/Inline and PGP/MIME messages. Sun, 05 Sep 2010 11:59:10 +0000 https://bugs.horde.org/ticket/9225#t59856 How is this supposed to work? You don't know that a message is signed until it is decrypted. Signing takes place /inside/ of encrypted data, not vice versa. Tue, 07 Sep 2010 23:40:22 +0000 https://bugs.horde.org/ticket/9225#t59920 > How is this supposed to work? You don't know that a message is > signed until it is decrypted. Exactly. But as soon as the message is decrypted, the signature can be checked -- which is obviously either not done or not displayed by IMP. When manually decrypting a signed message with GnuPG, by default it also performs a signature check as soon as the decryption is finished, and tells the user whether the signature matches the message content or not. Decrypting signed messages in IMP doesn't give any user feedback concering the signature. Wed, 08 Sep 2010 13:34:33 +0000 https://bugs.horde.org/ticket/9225#t59921 > Decrypting signed messages in IMP doesn't > give any user feedback concering the signature. Yes it does. See, e.g., imp/lib/MIME/Viewer/pgp.php:207 $this->_status[] = _("The message below has been digitally signed and encrypted with PGP."); If the underlying message is truly signed, this is what is shown. Which is what I see. If this is not shown for you then we will need further details (e.g. debugging; a sample message) to track this down. Wed, 08 Sep 2010 21:30:11 +0000 https://bugs.horde.org/ticket/9225#t59946 I did a quick test, and apparently the message only shows up for me if the email in question has been encrypted to/signed using the secret key stored in IMP. That is, if I send signed/encrypted mail to myself, IMP indeed states the message has been both signed and encrypted. If another person sends me signed/encrypted mail, i.e. uses a secret key for signing which is not stored in my IMP account, I will only get notified the message was encrypted. (I imade sure I'd imported their public keys before opening their messages.) This is not an MUA problem on the sender's side: I have sent myself email using different accounts, but the same MUA, and could reproduce the aforementioned problem. Thu, 09 Sep 2010 10:55:34 +0000 https://bugs.horde.org/ticket/9225#t59955 Might be fixed by: http://git.horde.org/horde-git/-/commit/221e6622ab049beafed05e6854011be874153e74 Wed, 02 Nov 2011 09:04:56 +0000 https://bugs.horde.org/ticket/9225#t68521 > Might be fixed by: > http://git.horde.org/horde-git/-/commit/221e6622ab049beafed05e6854011be874153e74 No - this ticket does not describe the symptoms described by this commit. This commit fixed the signature always being reported as BAD, because the full canonical text of the signed part was not available. This ticket claims that after unencrypting a message, there is no mentioned that it is signed. But I am going to close anyway, since this refers to IMP 4 and I cannot reproduce in IMP 5. Wed, 02 Nov 2011 19:43:15 +0000 https://bugs.horde.org/ticket/9225#t68555