[kmail2] [Bug 387183] New: Message was signed with unknown key, The validity of the signature cannot be verified., Status: Bad signature

Dennis Schridde bugzilla_noreply at kde.org
Tue Nov 21 15:34:19 GMT 2017 

https://bugs.kde.org/show_bug.cgi?id=387183

            Bug ID: 387183
           Summary: Message was signed with unknown key, The validity of
                    the signature cannot be verified., Status: Bad
                    signature
           Product: kmail2
           Version: 5.6.0
          Platform: Other
                OS: Linux
            Status: UNCONFIRMED
          Severity: normal
          Priority: NOR
         Component: crypto
          Assignee: kdepim-bugs at kde.org
          Reporter: dennis.schridde at uni-heidelberg.de
  Target Milestone: ---

When showing an email with a broken signature (our mailing list server adds
some lines to the contents of mails, such that the original signature does not
match anymore), KMail displays:
```
Not enough information to check signature validity.
```

When clicking "Show Details", it displays:
```
Message was signed with unknown key <Key ID>. 
The validity of the signature cannot be verified. 
Status: Bad signature
```

This feels wrong.  I would expect KMail to display "Bad signature" instead of
"Not enough information to check signature validity.".

Further, for an email that contains another email (forwarded as attachment)
that was signed with the same key, whose signature matches, KMail displays this
correctly:
```
Message was signed by <Email Address> (Key ID: <Key ID>). 
The signature is valid and the key is fully trusted.
```

Thus the key obviously is not "unknown" as KMail displays for the outer email.

A more graphical explanation of the problem:
---
| <Outer Email Header>
| ---
| Not enough information to check signature validity. -- Show Details
| ---
| | Encapsulated message
| | <Inner Email Header>
| | ---
| | Signed by <Two Email Addresses>. -- Show Details
| | ---
| | <Inner Email Body>
| ---
---

After clicking "Show Details":
---
| <Outer Email Header>
| ---
| Message was signed with unknown key <Key ID>.
| The validity of the signature cannot be verified.
| Status: Bad signature
| ---
| | Encapsulated message
| | <Inner Email Header>
| | ---
| | Message was signed by <One Of The Two Email Addresses Only> (Key ID: <Key
ID>).
| | The signature is valid and the key is fully trusted.
| | ---
| | <Inner Email Body>
| ---
---

(<Key ID> is the same in all cases.)

I am using KMail 5.6.3 on KDE neon User LTS 5.8.

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the Kdepim-bugs mailing list