PGP signing problem with Evolution

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

PGP signing problem with Evolution

Gnome Evolution - General mailing list
Hi all,

I have strange issue with Evolution signing my emails with GPG. I have
email account, the one I'm writing this message with and I use it in 3
configurations: web mail, Mozilla and Evolution (on another PC). GPG
key pair is imported from web mail. Mozilla uses Enigmail and Evolution
uses gpg key ring.
So, the problem is that when I send signed (not encrypted) mail from
web mail or Mozilla, then my signature verification by my recipients
succeeds, but when I send signed mail from Evolution then verification
fails. I have made a test and send signed message to my other email
account and checked attached *.asc files and strangely enough, attached
*.asc file is different!
Furthermore, if I look in Evolution in my sent emails folder, then
signature is shown like verified. If I send encrypted AND signed mail
by Evolution then signature verification by recipients succeeds.

So, I'm totally lost. Can't find the reason for this behavior by
reading on the internet. I hope that I can get some good ideas here.
Where should I start looking for the issues, what to check, what
configuration to change?

By the way, I'm writing this message with Evolution and it suppose to
be signed with the very same signature which can't be verified as valid
by the recipients.

--
Best regards,
Darius

_______________________________________________
evolution-list mailing list
[hidden email]
To change your list options or unsubscribe, visit ...
https://mail.gnome.org/mailman/listinfo/evolution-list

signature.asc (499 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: PGP signing problem with Evolution

Gnome Evolution - General mailing list
On Wed, 2020-06-24 at 21:47 +0200, darius via evolution-list wrote:
> By the way, I'm writing this message with Evolution and it suppose to
> be signed with the very same signature which can't be verified as
> valid by the recipients.

        Hi,
does it claim what failed with the verification on the recipient side,
please? If they use Evolution, then they can click the left-side
button, which shows some information. Of they can run Evolution as this
from a terminal:

    $ CAMEL_DEBUG=gpg evolution

which will print some information about the data being passed to/from
gpg.

I downloaded your key from pgp.mit.edu and right after the import I've
been told, by Evolution, that the signature is valid, but the sender
cannot be verified. Then I set trust on the key in gpg (to ultimate),
which changed the message in Evolution, it says the signature is valid,
but the sender of the message doesn't match the signer address (the
'From' address here is the mailing list, not you).

I use the development version (after 3.37.2 release) of Evolution and
gpg (GnuPG) 2.2.20 with libgcrypt 1.8.5 (taken from `gpg2 --version`).
        Bye,
        Milan



_______________________________________________
evolution-list mailing list
[hidden email]
To change your list options or unsubscribe, visit ...
https://mail.gnome.org/mailman/listinfo/evolution-list
Reply | Threaded
Open this post in threaded view
|

Re: PGP signing problem with Evolution

Gnome Evolution - General mailing list
In reply to this post by Gnome Evolution - General mailing list
Hi,

I'm sorry if this reply will not be placed correct. I couldn't find
original mail in my mail box to reply to.

Here is my reply:

The receiver uses Protonmail web mail client, so there is no chance to
test proposed command.

You have actually described the same problem as other recipients have,
so maybe you could test on your own machine why Evolution can't validate
sender?

As I mentioned before, I use the same key, but Mozilla and Evolution
signatures (attached *.asc file) differs. Right now I'm writing from
Mozilla client and you will see that signatures are different, even
though I use the same key. My webmail also sends the same signature.
Webmail and Mozile initiated messages gets always validated at the
receiver side.

Any other ideas? Could you test both signatures?


Here is original mail I'm replying to:
-----------------------------------------------------------------------
Hi,
does it claim what failed with the verification on the recipient side,
please? If they use Evolution, then they can click the left-side
button, which shows some information. Of they can run Evolution as this
from a terminal:

    $ CAMEL_DEBUG=gpg evolution

which will print some information about the data being passed to/from
gpg.

I downloaded your key from pgp.mit.edu and right after the import I've
been told, by Evolution, that the signature is valid, but the sender
cannot be verified. Then I set trust on the key in gpg (to ultimate),
which changed the message in Evolution, it says the signature is valid,
but the sender of the message doesn't match the signer address (the
'From' address here is the mailing list, not you).

I use the development version (after 3.37.2 release) of Evolution and
gpg (GnuPG) 2.2.20 with libgcrypt 1.8.5 (taken from `gpg2 --version`).
        Bye,
        Milan
----------------------------------------------------------------------

--
Best regards,
Darius


_______________________________________________
evolution-list mailing list
[hidden email]
To change your list options or unsubscribe, visit ...
https://mail.gnome.org/mailman/listinfo/evolution-list

signature.asc (499 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: PGP signing problem with Evolution

Gnome Evolution - General mailing list
On Tue, 2020-06-30 at 21:45 +0200, darius via evolution-list wrote:
> You have actually described the same problem as other recipients
> have, so maybe you could test on your own machine why Evolution can't
> validate sender?

        Hi,
I already did that, but maybe I didn't describe it properly. Let me try
to rephrase what Evolution does:

The signature verification is done in two steps. The first is the
actual digital signature check, which can fail, when the public key for
the signature is not installed/available on the recipient side, but
also when it is available, but the public key doesn't have set
sufficient trust level. Depending on this the signature is claimed as
valid (green), valid, but with some issue (yellow), no public key
installed (I think it's yellow or gray), failed validation (red -
broken signature, someone could modify the signed part(s)).

The second step applies only if the signature is considered valid, in
which case the signer address and the sender addresses are checked,
whether they match. If they do not match, then a "yellow" info is shown
with a text like "Valid signature, but sender address and signer
address do not match (email-address-of-the-signer)". It's shown when
the From header value doesn't match the signer email.

I cannot tell which of the two is the case on the Protonmail or the
other client your recipients use. This is just how it works in
Evolution.

Note the first part is mainly done by gpg itself, Evolution relies on
its output and formats it in the relevant way.
        Bye,
        Milan

_______________________________________________
evolution-list mailing list
[hidden email]
To change your list options or unsubscribe, visit ...
https://mail.gnome.org/mailman/listinfo/evolution-list