Re: [Evolution-hackers] Incorrect GPG handling
- From: Not Zed <notzed ximian com>
- To: sroose <stage02 gawab com>
- Cc: evolution-hackers lists ximian com
- Subject: Re: [Evolution-hackers] Incorrect GPG handling
- Date: Thu, 13 May 2004 09:30:40 +0800
On Wed, 2004-05-12 at 11:20 +0200, sroose wrote:
You can ignore my last mail. KMail worked fine the regular way.
But I have done further investigation and have found the difference in use of
GPG. This is probably the reason for the error.
The following is tested with Thunderbird an Evolution but goes for several
other clients too.
The mail seems to be formatted in almost the same way. However, when i save
the GPG encrypted blocks to decrypt them by commandline i get this:
* for a mail send by evolution
--gpg output
gpg: encrypted with 2048-bit ELG-E key, ID 51B9BF6E, created 2004-05-11
my name etc
--decrypted message
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature";
boundary="=-U65lbm6++U+r75iGceBc"
--=-U65lbm6++U+r75iGceBc
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
TEST
--=-U65lbm6++U+r75iGceBc
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQBAoeMbZQGNQ0/97JgRAnfIAJ9DzJl29oB3FTQqygC6uOCm6RLKEACgxpWx
7IqDQ0aAI4fa0ch6PUiROM4=
=f78Z
-----END PGP SIGNATURE-----
--=-U65lbm6++U+r75iGceBc--
* for a mail send by evolution
--gpg output
gpg: encrypted with 2048-bit ELG-E key, ID F5FDF3CE, created 2004-05-03
sender's name etc
gpg: encrypted with 2048-bit ELG-E key, ID 51B9BF6E, created 2004-05-11
my name etc
gpg: Signature made Wed May 12 10:56:50 2004 CEST using DSA key ID 1C44307A
gpg: Good signature from "sender's name etc
--decrypted message
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
test
Conclusion:
Evolution does not 'encrypt and sign' the message but 'encrpyts the signed
message'.
Is it possible to create a fix to make Evolution compatible with both ways of
use?
No. And to clarify this point, from rfc 3156:
6.1. RFC 1847 Encapsulation
In [2], it is stated that the data is first signed as a
multipart/signature body, and then encrypted to form the final
multipart/encrypted body. This is most useful for standard MIME-
compliant message forwarding.
There is a reason for doing it this way, and it has security implications, although I can't find the reference to this information.
Here's a very detailed discussion on the topic i found with a simple google search:
http://world.std.com/~dtd/sign_encrypt/sign_encrypt7.html
A key quote:
"Of course, Encrypt-then-Sign isn't very useful anyway, because only the illegible ciphertext, not the plaintext, would be non-repudiable. In what follows, for simplicity, we'll mostly ignore Encrypt & Sign, and we'll concentrate on analyzing and fixing Sign & Encrypt's defects."
But then it goes on to say pgp later has a sign then encrypt thing - but afaik that is only inline pgp, which evolution doesn't support anyway.
I'm not sure what your bug report is about. Is it not displaying the security information at all/properly?
I would find it odd if all other clients did it differnetly, given the above quote from the relevent rfc which is pretty unambiguous about it. And wouldn't mind knowing why.
Op Wednesday 12 May 2004 10:53, schreef sroose:
> I have noticed another remarkable thing, which might lead to a solution:
>
> When i exported a mail received from a KMail user with 'save as', delted
> the file from my inbox, and imported the file back to the inbox from the
> file, everything was ok. Signature icon displayed as it should.
>
> I did not change the file in any way.
>
> Kind regards
>
> Op Wednesday 12 May 2004 09:54, schreef sroose:
> > Evolution seems to handle GPG encypted + signed messages incorrectly.
> >
> > The problem arises only when the message is encrypted AND signed
> >
> > A mail from other clients (tested with Thunderbird and Windows GPGRelay)
> > which are encrypted and signed with GnuPG do not have the signature icon.
> > Also the only way to know the message was encrpyted is that set 'remember
> > paasword' off, so by typing your passphrase you know it was encrypted.
> >
> > Is it possible to fix this? I'm willing to make a patch myself if nobody
> > else does, but I've no experience in patching and little knowledge of C
> > and Corba.
> >
> > Kind regards
> >
> > Sam
> > _______________________________________________
> > evolution-hackers maillist - evolution-hackers lists ximian com
> > http://lists.ximian.com/mailman/listinfo/evolution-hackers
>
> _______________________________________________
> evolution-hackers maillist - evolution-hackers lists ximian com
> http://lists.ximian.com/mailman/listinfo/evolution-hackers
_______________________________________________
evolution-hackers maillist - evolution-hackers lists ximian com
http://lists.ximian.com/mailman/listinfo/evolution-hackers
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]