[kmail2] [Bug 465551] New: E-Mail signed with gnupg subkey not properly shown as valid when opened in composer/preview pane

Stephan Wezel bugzilla_noreply at kde.org
Fri Feb 10 16:20:38 GMT 2023 

https://bugs.kde.org/show_bug.cgi?id=465551

            Bug ID: 465551
           Summary: E-Mail signed with gnupg subkey not properly shown as
                    valid when opened in composer/preview pane
    Classification: Applications
           Product: kmail2
           Version: 5.22.1
          Platform: Gentoo Packages
                OS: Linux
            Status: REPORTED
          Severity: normal
          Priority: NOR
         Component: message list
          Assignee: kdepim-bugs at kde.org
          Reporter: s.wezel at web.de
  Target Milestone: ---

SUMMARY
I'm using gnupg with an subkey to sign my e-mails.
KMail shows following message when a e-mail was signed with the gnugp subkey:
"Not enough information to check signature validity."

Details message:
"Message was signed on <date> with unknown key <keyfingerprint>.
The validity of the signature cannot be verified.
Status: Good signature"

Expected 
STEPS TO REPRODUCE
1. Create e-mail in composer, with signing active (using an gnupg key with an
signing only subkey)
2. save e-mail as draft
3. Open draft email

OBSERVED RESULT
KMail shows an orange border with following message when a e-mail was signed
with the gnugp subkey:
"Not enough information to check signature validity."

Details message:
"Message was signed on <date> with unknown key <keyfingerprint>.
The validity of the signature cannot be verified.
Status: Good signature"


EXPECTED RESULT
Showing an green border

SOFTWARE/OS VERSIONS
KDE KMail Version: 5.22.1 (22.12.1)
KDE Frameworks Version:  5.101.0
Qt Version: 5.15.8

ADDITIONAL INFORMATION
The log output when "Write server mode logs to FILE" is configured shows
following Information when the signed e-mail is opened:

2023-02-10 17:06:11 gpg[1848451] armor: BEGIN PGP SIGNATURE
2023-02-10 17:06:11 gpg[1848451] Signature made Do 22 Dez 2022 11:53:36 CET
2023-02-10 17:06:11 gpg[1848451]                using RSA key <keyfingerprint>
2023-02-10 17:06:11 gpg[1848451] using subkey <subkeyid> instead of primary key
<primarykeyid>
2023-02-10 17:06:11 gpg[1848451] using subkey <subkeyid> instead of primary key
<primarykeyid>
2023-02-10 17:06:11 gpg[1848451] using classic trust model
2023-02-10 17:06:11 gpg[1848451] key <primarykeyid>: accepted as trusted key
2023-02-10 17:06:11 gpg[1848451] Good signature from "<name + e-mail address>"
[ultimate]
2023-02-10 17:06:11 gpg[1848451] using subkey <subkeyid> instead of primary key
<primarykeyid>
2023-02-10 17:06:11 gpg[1848451] binary signature, digest algorithm SHA256, key
algorithm rsa4096
2023-02-10 17:06:11 gpg[1848454] using character set 'utf-8'
2023-02-10 17:06:11 gpg[1848454] using classic trust model
2023-02-10 17:06:11 gpg[1848454] key <primarykeyid>: accepted as trusted key

So gnupg itself uses the subkey to verify the signature

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the Kdepim-bugs mailing list