Re: [Evolution] Evolution + GPG + MailScanner = Bad Juju...

On Thu, 2006-01-26 at 15:00 -0500, Michael H. Warfield wrote:
Ok all,

      I'm cross posting this to both Evolution and MailScanner because I can
already predict the finger pointing that's naturally going to result.

      A few months ago, someone brought it to my attention that my GPG
signatures (messages signed only, not encrypted) where suddenly turning
up "bad".  The signature on this message will probably be "bad".  It
took some major head scratching to figure out what changed, what the
parameters where, and what the hell was happening but I think I've got
in narrowed down to some poor behavior on the part of BOTH Evolution AND
MailScanner (or a component of MailScanner - not sure).

      It seems to have initially broken with an upgrade to MailScanner.  I
think upgrading to 4.47.4-2 or there abouts might have been the
triggering event, but I don't remember what I was running on that server
prior to that.  Before then, all my signatures GPG signatures were good.
After, they were bad.  If I turn off MailScanner on my server, the
signatures are good.  I have accounts on several servers and the
signatures are bad if I forward mail through one running a recent
version of MailScanner.  I just upgraded one of my servers to 4.50.5-12
and now I've got bad signatures through that server as well (I wasn't
running MailScanner on that one before).

      But, that doesn't get Evolution off the hook.  It's only happening for
messages that I'm composing in Evolution!  If I compose them in Mutt or
vi a text file and send it, everything is fine.  Also, my saved copies
in the Evolution sent box is fine.

      Sooo...  I compare what was saved in the "sent" box with what was
received with a bad signature...  What was the difference?  Carriage
Returns!  Evolution is terminating lines with CR-LF when composing a
message.  MailScanner is removing the CR and leaving the LF.
Apparently, Evolution called gpg in binary mode to create the signature.
Modifying even the line termination then breaks the signature.

      No other mailer I use generates the DOS/Windows line termination, they
all end lines with *NIX convention of LF only (no I haven't tried
ThunderBird or KMail or other GUI client as yet).

      1) Why must we be adding extraneous CR on text messages?  Is this
REALLY necessary?

Yes. From rfc3156:

   When the OpenPGP digital signature is generated:

   (1)   The data to be signed MUST first be converted to its content-
         type specific canonical form.  For text/plain, this means
         conversion to an appropriate character set and conversion of
         line endings to the canonical <CR><LF> sequence.

This is what Evolution does.

Jeffrey Stedfast
Evolution Hacker - Novell, Inc.
fejj ximian com  -

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]