From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: Simon Hirscher <public@simonhirscher.de>
Cc: notmuch@notmuchmail.org
Subject: Re: [BUG] Decryption fails if message was signed with an unknown key
Date: Thu, 05 Sep 2013 11:03:18 -0400 [thread overview]
Message-ID: <52289D36.2060006@fifthhorseman.net> (raw)
In-Reply-To: <CAEj42wtt9O1-k9hm9DNCh7En=b-eDYQWham5-FR-wzrt+sij+g@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 2628 bytes --]
Hi Simon--
On 09/04/2013 06:01 PM, Simon Hirscher wrote:
> This is now the second time the following has happened to me:
[ decryption failure until adding sender's key]
> Also, I should add that manually decrypting the message with gpg (i.e.
> without using notmuch) already worked *before* I added the sender's
> key (not shown above). Still, notmuch obviously doesn't like it when
> the sender is unknown.
I just tried to replicate this, and i do not see this misbehavior. I'm
using notmuch 0.16-1 on a debian testing/unstable system.
using --format=json and piping the output through json_pp, i do see the
following part of the response indicating that i don't have the signer's
key:
"sigstatus" : [
{
"errors" : 2,
"keyid" : "CB07362E3294B49E",
"status" : "error"
}
],
but the message body is correctly decrypted and passed through.
I'm confused by a few things in your example above:
A) how does it know that there was a signature if the message was
encrypted? normal PGP/MIME messages contain a single OpenPGP chunk that
contains signatures wrapped inside the encryption, so that an observer
can't tell whether there is a signature or not (or who made the signature)
B) the date of the message is the unix epoch date (1970-01-01), and the
date of the signature appears to be the unix epoch date as well. this
seems suspicious and likely to be false. how are these messages being
generated?
C) you appear to be using gnupg 2.0.17. the latest version of the
2.0.x line of gpg is 2.0.21. maybe you can upgrade your gpg
installation and try again?
D) you have the mingw32 version of gpg. Does this mean you're running
notmuch on windows?
E) i'd be curious to see what printmimestructure looks like on the
message in question. if you've got a decent shell and the notmuch
source code, you should be able to do:
notmuch show --format=raw id:xyz@example.com | devel/printmimestructure
I'd expect to see output like this:
└┬╴multipart/encrypted 3309 bytes
├─╴application/pgp-encrypted 11 bytes
└─╴application/octet-stream 1351 bytes
if you can clarify any of the above, i'd appreciate it.
Also, if you can, you're welcome to send a signed/encrypted message
using the same framework that generated the problematic message directly
to me (my OpenPGP fingerprint is
0EE5BE979282D80B9F7540F1CCD2ED94D21739E9), and i'd be happy to take a
look at it.
--dkg
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 1027 bytes --]
next prev parent reply other threads:[~2013-09-05 15:03 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-09-04 22:01 [BUG] Decryption fails if message was signed with an unknown key Simon Hirscher
2013-09-05 15:03 ` Daniel Kahn Gillmor [this message]
2013-09-23 23:23 ` Simon Hirscher
2013-09-24 23:14 ` Daniel Kahn Gillmor
2013-09-10 11:29 ` David Bremner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://notmuchmail.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=52289D36.2060006@fifthhorseman.net \
--to=dkg@fifthhorseman.net \
--cc=notmuch@notmuchmail.org \
--cc=public@simonhirscher.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://yhetil.org/notmuch.git/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).