oddies with enigmail

Gnus development mailing list
 help / color / mirror / Atom feed

* oddies with enigmail
@ 2005-07-07 19:16 Uwe Brauer
  2005-07-12 20:16 ` Werner Koch
  0 siblings, 1 reply; 7+ messages in thread
From: Uwe Brauer @ 2005-07-07 19:16 UTC (permalink / raw)


Hello 

The following is odd, I send a mail to myself, sign and encrypted,
using gnus and the mml backend for gpg, I then read
read the mail via mozilla/enigamail and after typing my passphrase the
message is decrypted and the signtaure is verified.

However when I only sign a message the same way and try to verify 
I obtain the following:



OpenPGP Security Info

Unverified signature

gpg command line and output:
/usr/bin/gpg --charset utf8 --batch --no-tty --status-fd 2 --verify
gpg: NOTE: old default options file `/home/oub/.gnupg/options' ignored
gpg: Signature made Thu Jul  7 19:14:29 2005 UTC using RSA key ID 93B61FDD
gpg: WARNING: signature digest conflict in message
gpg: Can't check signature: general error

Can anybody tell me what is up there, or shall I ask in the gpg
mailing list.

Thanks

Uwe Brauer 



^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: oddies with enigmail
  2005-07-07 19:16 oddies with enigmail Uwe Brauer
@ 2005-07-12 20:16 ` Werner Koch
  2005-07-13 18:29   ` Uwe Brauer
  0 siblings, 1 reply; 7+ messages in thread
From: Werner Koch @ 2005-07-12 20:16 UTC (permalink / raw)


On Thu, 07 Jul 2005 19:16:10 +0000, Uwe Brauer said:

> gpg: NOTE: old default options file `/home/oub/.gnupg/options' ignored

[ You should move all your options from that file to gpg.conf -
  options has been deprecated a long time ago]

> gpg: Signature made Thu Jul  7 19:14:29 2005 UTC using RSA key ID 93B61FDD
> gpg: WARNING: signature digest conflict in message

The message looks like

  -----BEGIN ...
  Hash: MD5

  ....
  -----BEGIN ..
  base64/encoded/block

and the actual signature in the base64 block indicates that another
hash algorithm has been used (e.g. SHA-1).  This may also happen if
the Hash: header is missing completely because it defaults to MD5.

It is for sure an Enigmail problem.  I guess for some reasons it
mangles or deletes the Hash: header.

When signing and encrypting a different format than the above clear
signed format is beeing used and thus the problem does not occur.


Shalom-Salam,

   Werner




^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: oddies with enigmail
  2005-07-12 20:16 ` Werner Koch
@ 2005-07-13 18:29   ` Uwe Brauer
  2005-07-19 13:13     ` Werner Koch
  0 siblings, 1 reply; 7+ messages in thread
From: Uwe Brauer @ 2005-07-13 18:29 UTC (permalink / raw)


>>>>> "Werner" == Werner Koch <wk@gnupg.org> writes:

    Werner> On Thu, 07 Jul 2005 19:16:10 +0000, Uwe Brauer said:
    >> gpg: NOTE:  old default options file `/home/oub/.gnupg/options'
    >> ignored

    Werner> [  You  should move all  your  options from that  file  to
    Werner> gpg.conf -
    Werner>   options has been deprecated a long time ago]

Thanks I did not know this.


    Werner>   ....
    Werner>   -----BEGIN ..
    Werner>   base64/encoded/block

    Werner> and the  actual  signature in  the base64 block  indicates
    Werner> that  another hash algorithm has  been  used (e.g. SHA-1).
    Werner> This  may also   happen  if the  Hash:  header is  missing
    Werner> completely because it defaults to MD5.

    Werner> It is for sure an Enigmail problem.  I guess for some reasons it
    Werner> mangles or deletes the Hash: header.

    Werner> When signing and encrypting   a different format than  the
    Werner>   above clear signed format   is beeing used  and thus the
    Werner> problem does not occur.

The question is can I clear sign the message such that enigmail would
not complain?

Uwe 



^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: oddies with enigmail
  2005-07-13 18:29   ` Uwe Brauer
@ 2005-07-19 13:13     ` Werner Koch
  2005-07-19 13:28       ` Simon Josefsson
  0 siblings, 1 reply; 7+ messages in thread
From: Werner Koch @ 2005-07-19 13:13 UTC (permalink / raw)


On Wed, 13 Jul 2005 18:29:03 +0000, Uwe Brauer said:

> The question is can I clear sign the message such that enigmail would
> not complain?

Do you say that pgg inserts the Hash line?  This is obviously wrong -
it is best to let gpg create the cleas signed message.  This will make
sure that the correct header is used.


Salam-Shalom,

   Werner




^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: oddies with enigmail
  2005-07-19 13:13     ` Werner Koch
@ 2005-07-19 13:28       ` Simon Josefsson
  2005-07-19 17:46         ` Uwe Brauer
  0 siblings, 1 reply; 7+ messages in thread
From: Simon Josefsson @ 2005-07-19 13:28 UTC (permalink / raw)
  Cc: ding

Werner Koch <wk@gnupg.org> writes:

> On Wed, 13 Jul 2005 18:29:03 +0000, Uwe Brauer said:
>
>> The question is can I clear sign the message such that enigmail would
>> not complain?
>
> Do you say that pgg inserts the Hash line?  This is obviously wrong -
> it is best to let gpg create the cleas signed message.  This will make
> sure that the correct header is used.

PGG doesn't insert nor remove any Hash: lines.  The output from gpg is
used directly, except for QP encoding when needed.  Gnus will QP
encode the output from gpg, so the receiver till have to perform QP
decode before it looks like a valid OpenPGP packet.  This might break
some MUAs that expect the OpenPGP armor to not be QP escaped, but
rather, only the signed data.  But such a message wouldn't conform to
MIME specs (the '=' in the CRC24 tag is invalid QP unless escaped),
and some MTAs bounce those messages...

That the morale is to use PGP/MIME instead is hopefully obvious.

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: oddies with enigmail
  2005-07-19 13:28       ` Simon Josefsson
@ 2005-07-19 17:46         ` Uwe Brauer
  2005-07-24 14:45           ` Simon Josefsson
  0 siblings, 1 reply; 7+ messages in thread
From: Uwe Brauer @ 2005-07-19 17:46 UTC (permalink / raw)


>>>>> "Simon" == Simon Josefsson <jas@extundo.com> writes:

    Simon> Werner Koch <wk@gnupg.org> writes:
    >> On Wed, 13 Jul 2005 18:29:03 +0000, Uwe Brauer said:
    >> 
    >>>  The   question is can I  clear   sign the  message  such that
    >>> enigmail would not complain?
    >> 
    >> Do you say  that pgg inserts the Hash  line?  This is obviously
    >> wrong - it is best to let gpg  create the cleas signed message.
    >> This will make sure that the correct header is used.

    Simon> PGG doesn't insert nor remove any  Hash: lines.  The output
    Simon>  from gpg  is used directly,  except  for QP encoding  when
    Simon> needed.   Gnus will QP encode  the output from gpg,  so the
    Simon> receiver  till  have to perform  QP decode  before it looks
    Simon> like  a valid OpenPGP packet.  This  might  break some MUAs
    Simon> that expect  the OpenPGP armor   to not be QP escaped,  but
    Simon> rather, only the signed data.   But such a message wouldn't
    Simon> conform to MIME specs (the '='  in the CRC24 tag is invalid
    Simon> QP unless escaped), and some MTAs bounce those messages...

    Simon> That the morale is to use PGP/MIME instead is hopefully obvious.

Well that is what I used
mml-secure-message-sign-pgpmime




^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: oddies with enigmail
  2005-07-19 17:46         ` Uwe Brauer
@ 2005-07-24 14:45           ` Simon Josefsson
  0 siblings, 0 replies; 7+ messages in thread
From: Simon Josefsson @ 2005-07-24 14:45 UTC (permalink / raw)
  Cc: ding

Uwe Brauer <oub@mat.ucm.es> writes:

>>>>>> "Simon" == Simon Josefsson <jas@extundo.com> writes:
>
>     Simon> Werner Koch <wk@gnupg.org> writes:
>     >> On Wed, 13 Jul 2005 18:29:03 +0000, Uwe Brauer said:
>     >> 
>     >>>  The   question is can I  clear   sign the  message  such that
>     >>> enigmail would not complain?
>     >> 
>     >> Do you say  that pgg inserts the Hash  line?  This is obviously
>     >> wrong - it is best to let gpg  create the cleas signed message.
>     >> This will make sure that the correct header is used.
>
>     Simon> PGG doesn't insert nor remove any  Hash: lines.  The output
>     Simon>  from gpg  is used directly,  except  for QP encoding  when
>     Simon> needed.   Gnus will QP encode  the output from gpg,  so the
>     Simon> receiver  till  have to perform  QP decode  before it looks
>     Simon> like  a valid OpenPGP packet.  This  might  break some MUAs
>     Simon> that expect  the OpenPGP armor   to not be QP escaped,  but
>     Simon> rather, only the signed data.   But such a message wouldn't
>     Simon> conform to MIME specs (the '='  in the CRC24 tag is invalid
>     Simon> QP unless escaped), and some MTAs bounce those messages...
>
>     Simon> That the morale is to use PGP/MIME instead is hopefully obvious.
>
> Well that is what I used
> mml-secure-message-sign-pgpmime

Oh.  Ok.  Still, PGG shouldn't alter any Hash: headers.  Was that
definitely the problem here?  Perhaps something else is somehow
modifying that header.



^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2005-07-24 14:45 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2005-07-07 19:16 oddies with enigmail Uwe Brauer
2005-07-12 20:16 ` Werner Koch
2005-07-13 18:29   ` Uwe Brauer
2005-07-19 13:13     ` Werner Koch
2005-07-19 13:28       ` Simon Josefsson
2005-07-19 17:46         ` Uwe Brauer
2005-07-24 14:45           ` Simon Josefsson

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).