[Bug 289364] New: Kmail incorreclty reports openpgp signature verification if subkey is used for signing (encrypted+signed mails)

Stanislav Sidorenko mail at stanislavsidorenko.com
Mon Dec 19 17:45:00 GMT 2011 

https://bugs.kde.org/show_bug.cgi?id=289364

           Summary: Kmail incorreclty reports openpgp signature
                    verification if subkey is used for signing
                    (encrypted+signed mails)
           Product: kmail2
           Version: 4.7
          Platform: Ubuntu Packages
        OS/Version: Linux
            Status: UNCONFIRMED
          Severity: normal
          Priority: NOR
         Component: crypto
        AssignedTo: kdepim-bugs at kde.org
        ReportedBy: mail at stanislavsidorenko.com


Version:           4.7 (using KDE 4.7.3) 
OS:                Linux

Here is an example of incorrect report:

Encrypted message
Message was signed on 19.12.11 21:29 with unknown key
0x18FCD1311DCF84834BED9F857027404925B7C18D.
The validity of the signature cannot be verified.
Status: Good signature    Hide Details
Test: Signed, Encrypted
End of signed message
End of encrypted message


In fact 0x25B7C18D key is a signing subkey of my main key 0x46EB581F. As far as
I understood kmail does not identify mail only if combined method described in
p 6.2 of RFC 3156 is used for encrypted&signed mails. For example, combined
method is used by Enigmail Thunderbird extension.

If non-conbined method is used then all will be displayed correctly, in this
case kmail identifies main key by subkey.

Reproducible: Always

Steps to Reproduce:
1. Send encrypted&singed PGP/MIME email message e.g. using Thunderbird +
Enigmail to yourself. Use a key that has a signing subkey and ensure that
subkey used for signing.
2. Try to decrypt and verify the signature.

Actual Results:  
Encrypted message
Message was signed on 19.12.11 21:29 with unknown key
0x18FCD1311DCF84834BED9F857027404925B7C18D.
The validity of the signature cannot be verified.
Status: Good signature    Hide Details
Test: Signed, Encrypted
End of signed message
End of encrypted message

Expected Results:  
Encrypted message
Message was signed by mail at ++++++++++++.com (Key ID: 0xA0F213F146EB581F).
The signature is valid and the key is fully trusted.    Hide Details
Test: Signed, Encrypted
End of signed message
End of encrypted message

-- 
Configure bugmail: https://bugs.kde.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the Kdepim-bugs mailing list