[kmail2] [Bug 427091] New: Kmail gpg bad signature if From header contains non-ascii characters

André M bugzilla_noreply at kde.org
Tue Sep 29 01:20:00 BST 2020


            Bug ID: 427091
           Summary: Kmail gpg bad signature if From header contains
                    non-ascii characters
           Product: kmail2
           Version: 5.15.1
          Platform: Archlinux Packages
                OS: Linux
            Status: REPORTED
          Severity: normal
          Priority: NOR
         Component: crypto
          Assignee: kdepim-bugs at kde.org
          Reporter: andre.vmatos at gmail.com
  Target Milestone: ---

I was getting GPG Bad signature on my own sent messages (to my self, as a
test), and also upon saving with Sign on save option set. After a lot of
debugging, I could identify that if (at least) the From field contains
non-ascii characters (in my case, my name), Kmail did change the field encoding
**after** it got signed, giving that error on any client which would try to
verify the OpenPGP/MIME attached signature.

>From setting some debug options in GnuPG dialog, and created "dbgmd-00001.sign"
and "dbgmd-00001.verify" files, I can see they differ in the former containing
"From: =?UTF-8?B?QW5kcsOp?= Vitor de Lima Matos <andre.vmatos at gmail.com>"
header, while the final mail body and verify header got changed to "From:
=?ISO-8859-1?Q?Andr=E9?= Vitor de Lima Matos <andre.vmatos at gmail.com>" (the
issue here then is on the "é" character). The issue doesn't happen if e.g.
Subject header contains the non-ascii character, with both signed and final
versions ending in the UTF-8 version.

Workaround for now is to remove non-ascii characters from my identity's name.
Not sure if it matters, but my Composer's charset list is set to [utf-8,
iso-8859-1, us-ascii]

1. Have given set of charset in that order in config
2. Create a new mail and set some non-ascii character in From field 
3. Save/sign and/or send the email
4. See Bad signature error.

Final email body (used to verify signature) re-encodes the From field AFTER it
got signed, making signature verification fail.

Any [re-]encoding (if needed) should be done BEFORE signing, and the
body/headers should NEVER be touched after gpg signing was performed.

Linux/KDE Plasma: Arch Linux testing
(available in About System)
KDE Plasma Version: 5.19.90
KDE Frameworks Version: 5.74.0
Qt Version: 5.15.1


You are receiving this mail because:
You are the assignee for the bug.

More information about the Kdepim-bugs mailing list