From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dkg@fifthhorseman.net>
Received: from localhost (localhost [127.0.0.1])
	by olra.theworths.org (Postfix) with ESMTP id F3916431FDD
	for <notmuch@notmuchmail.org>; Thu,  5 Sep 2013 08:03:34 -0700 (PDT)
X-Virus-Scanned: Debian amavisd-new at olra.theworths.org
X-Spam-Flag: NO
X-Spam-Score: 0
X-Spam-Level: 
X-Spam-Status: No, score=0 tagged_above=-999 required=5 tests=[none]
	autolearn=disabled
Received: from olra.theworths.org ([127.0.0.1])
	by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id YDcgnDLUO5jp for <notmuch@notmuchmail.org>;
	Thu,  5 Sep 2013 08:03:27 -0700 (PDT)
Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108])
	by olra.theworths.org (Postfix) with ESMTP id 57958431FDB
	for <notmuch@notmuchmail.org>; Thu,  5 Sep 2013 08:03:27 -0700 (PDT)
Received: from [192.168.13.192] (lair.fifthhorseman.net [108.58.6.98])
	by che.mayfirst.org (Postfix) with ESMTPSA id BA9C4F984;
	Thu,  5 Sep 2013 11:03:18 -0400 (EDT)
Message-ID: <52289D36.2060006@fifthhorseman.net>
Date: Thu, 05 Sep 2013 11:03:18 -0400
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
	rv:17.0) Gecko/20130821 Icedove/17.0.8
MIME-Version: 1.0
To: Simon Hirscher <public@simonhirscher.de>
Subject: Re: [BUG] Decryption fails if message was signed with an unknown key
References: <CAEj42wtt9O1-k9hm9DNCh7En=b-eDYQWham5-FR-wzrt+sij+g@mail.gmail.com>
In-Reply-To: <CAEj42wtt9O1-k9hm9DNCh7En=b-eDYQWham5-FR-wzrt+sij+g@mail.gmail.com>
X-Enigmail-Version: 1.5.1
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature";
	boundary="----enig2GXKIHSCACNNJKQFFTDXR"
Cc: notmuch@notmuchmail.org
X-BeenThere: notmuch@notmuchmail.org
X-Mailman-Version: 2.1.13
Precedence: list
Reply-To: notmuch <notmuch@notmuchmail.org>
List-Id: "Use and development of the notmuch mail system."
	<notmuch.notmuchmail.org>
List-Unsubscribe: <http://notmuchmail.org/mailman/options/notmuch>,
	<mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>
List-Archive: <http://notmuchmail.org/pipermail/notmuch>
List-Post: <mailto:notmuch@notmuchmail.org>
List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>
List-Subscribe: <http://notmuchmail.org/mailman/listinfo/notmuch>,
	<mailto:notmuch-request@notmuchmail.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Sep 2013 15:03:35 -0000

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
------enig2GXKIHSCACNNJKQFFTDXR
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Hi Simon--

On 09/04/2013 06:01 PM, Simon Hirscher wrote:
> This is now the second time the following has happened to me:

 [ decryption failure until adding sender's key]

> Also, I should add that manually decrypting the message with gpg (i.e.
> without using notmuch) already worked *before* I added the sender's
> key (not shown above). Still, notmuch obviously doesn't like it when
> the sender is unknown.

I just tried to replicate this, and i do not see this misbehavior.  I'm
using notmuch 0.16-1 on a debian testing/unstable system.

using --format=3Djson and piping the output through json_pp, i do see the=

following part of the response indicating that i don't have the signer's
key:

                 "sigstatus" : [
                     {
                        "errors" : 2,
                        "keyid" : "CB07362E3294B49E",
                        "status" : "error"
                     }
                  ],


but the message body is correctly decrypted and passed through.

I'm confused by a few things in your example above:

 A) how does it know that there was a signature if the message was
encrypted?  normal PGP/MIME messages contain a single OpenPGP chunk that
contains signatures wrapped inside the encryption, so that an observer
can't tell whether there is a signature or not (or who made the signature=
)

 B) the date of the message is the unix epoch date (1970-01-01), and the
date of the signature appears to be the unix epoch date as well.  this
seems suspicious and likely to be false.  how are these messages being
generated?

 C) you appear to be using gnupg 2.0.17.  the latest version of the
2.0.x line of gpg is 2.0.21.  maybe you can upgrade your gpg
installation and try again?

 D) you have the mingw32 version of gpg.  Does this mean you're running
notmuch on windows?

 E) i'd be curious to see what printmimestructure looks like on the
message in question.  if you've got a decent shell and the notmuch
source code, you should be able to do:

 notmuch show --format=3Draw id:xyz@example.com | devel/printmimestructur=
e

I'd expect to see output like this:

=E2=94=94=E2=94=AC=E2=95=B4multipart/encrypted 3309 bytes
 =E2=94=9C=E2=94=80=E2=95=B4application/pgp-encrypted 11 bytes
 =E2=94=94=E2=94=80=E2=95=B4application/octet-stream 1351 bytes


if you can clarify any of the above, i'd appreciate it.

Also, if you can, you're welcome to send a signed/encrypted message
using the same framework that generated the problematic message directly
to me (my OpenPGP fingerprint is
0EE5BE979282D80B9F7540F1CCD2ED94D21739E9), and i'd be happy to take a
look at it.

	--dkg


------enig2GXKIHSCACNNJKQFFTDXR
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Icedove - http://www.enigmail.net/

iQJ8BAEBCgBmBQJSKJ02XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRFQjk2OTEyODdBN0FEREUzNzU3RDkxMUVB
NTI0MDFCMTFCRkRGQTVDAAoJEKUkAbEb/fpczO0QANWp58Yrn1feyowT6kt715G8
G2tMQZwOmg84GNk/ftJ+q/DPf6J22Qo164BaEh/SFn/jowcbXD/AX5WD2DDQCGGi
2/H6eOuz9qmELzsEUBv5fuMi4LAfz3lgLB1WilIUOUaUTYQyBKuQi1Ag8pI2tmOO
pei5sCduHv3vpyxjAHozEKtIO3JbKIhiW04FEXKujn/nTyitc/WcjKiZEnTP0UyT
lK8OoRdkAxCuJV1ZuFV35VL2SCYGZZ+bJy5oMH6xgK4TKQ6O8tDXDpxO5x9qLPYp
H4DTJ+Y2uUdHCmCwM/HXJ1bRUgFNq0XeB/uZbysPqe40PqL9H7LJpjEcVrWffuE9
owKcr7zwT5bugrgkCquTkfMlregemtIZJcoHru10xi/WfBWuwU0aJZyOfFMS70Fp
hYWuSPXyteSFbnisnUZy/qhQfBhlXLaVt0TQA7eJaRYZqL1dE99flU2exKk6RCo/
AAonyZ7TmGxL1egCdQIfucIwuGQ7TRkiAOPySUNUbhwbQdHVSdgixF6YSuofAz2e
QI2YaTO/1m2jEQInRwcFV7PpOdm1GBApZVNnK9NfQJnVP4SwUcnLcz6cE//rmaij
nPUXi6b/q3dSA3nXbKCk6UKznlNws3rUuB1VuywAcezrjQJPwmKdDT7kYnc5GXFe
OGP9q/4h51WdCMKN25n3
=HcU7
-----END PGP SIGNATURE-----

------enig2GXKIHSCACNNJKQFFTDXR--