Daniel Kahn Gillmor writes: > On Tue 2016-11-22 15:49:37 -0500, Daniel Kahn Gillmor wrote: >> On Tue 2016-11-22 14:22:09 -0500, Marius Bakke wrote: >>> T350-crypto: Testing PGP/MIME signature verification and decryption >>> PASS emacs delivery of signed message >>> FAIL signature verification >>> --- T350-crypto.2.expected 2016-11-22 18:59:48.341851653 +0000 >>> +++ T350-crypto.2.output 2016-11-22 18:59:48.341851653 +0000 >>> @@ -11,7 +11,7 @@ >>> "id": 2 >>> }, >>> { >>> - "content-length": 280, >>> + "content-length": 312, >>> "content-type": "application/pgp-signature", >>> "id": 3 >>> } >> >> If you could get me a copy of the actual application/pgp-signature part, >> i'd be interested in looking at it. Unlike bremner, i'm actually able >> to duplicate this problem on debian sid, so i'll see what i can figure >> out. > > OK, the difference here is that 2.1.16 is automatically including the > full OpenPGP v4 fingerprint in the message signature. This is part of > the ongoing discussion around revisions to the OpenPGP standard, and it > makes it easier for a mail user agent to tell whether it's missing the > key for verification or whether the signature is just bad. > > so the length of the signature is extended by about 23 octets (1 octet > of subpacket length; 1 octet of subpacket type, 1 octet of fpr versio > number, and 20-octets of fingerprint), which becomes about 32 octets > after base64 encoding, hence the increase in content-length from 280 to > 312 octets. > > As for how to fix it -- i guess the right thing would be to make that > number variable -- as long as the signature is non-zero and it > validates, i think it'd be fine. Wow, good catch. I was about to bisect gnupg to figure out what changed this behaviour.. I'm not familiar enough with the notmuch test framework to suggest a fix, but glad to know this is not specific to Guix. Thanks a lot for your help!