[kmail2] [Bug 432040] New: PGP Signatures created by kmail are invalid

Sun Jan 24 15:55:46 GMT 2021

https://bugs.kde.org/show_bug.cgi?id=432040

            Bug ID: 432040
           Summary: PGP Signatures created by kmail are invalid
           Product: kmail2
           Version: 5.15.3
          Platform: Gentoo Packages
                OS: Linux
            Status: REPORTED
          Severity: normal
          Priority: NOR
         Component: crypto
          Assignee: kdepim-bugs at kde.org
          Reporter: stefandoesinger at gmx.at
  Target Milestone: ---

Created attachment 135131
  --> https://bugs.kde.org/attachment.cgi?id=135131&action=edit
Example email with bad signature

When creating an email signed with a PGP key but without encrypting it the
resulting signature is invalid. Kmail itself reports the signature as invalid.
Other mail clients (Thunderbird, Apple mail + gpgtools for Mac) agree. Kmail
correctly verifies OpenPGP/MIME signatures from other clients.

A workaround is to use inline-openpgp. Emails that are encrypted in addition to
being signed are unaffected.

STEPS TO REPRODUCE
1. Set up an email identity with a PGP public+private key
2. Draft an email to yourself. Disable encryption but keep signing on
3. Store the email in the outbox - sending is not necessary
4. Open the email in the outbox folder

OBSERVED RESULT
Kmail reports that it cannot verify the email because of an unknown encryption
key. However, other email clients will report that the signature is not valid.

EXPECTED RESULT
The email is correctly signed

SOFTWARE/OS VERSIONS
Linux/KDE Plasma: 
(available in About System)
KDE Plasma Version: 5.20.5
KDE Frameworks Version: 5.77.0
Qt Version: 5.15.2
Kernel 5.10.10-gentoo

ADDITIONAL INFORMATION

The PGP public key my example email is signed with:
http://keys.gnupg.net/pks/lookup?op=get&search=0x8CB81F9A72BBA155

-- 
You are receiving this mail because:
You are the assignee for the bug.