Re: [Evolution] Signature not verified

[Paul Menzel <paulepanter users sourceforge net>]

Am Donnerstag, den 24.11.2011, 17:28 +0100 schrieb Milan Crha:
> On Thu, 2011-11-24 at 15:17 +0100, Paul Menzel wrote:
> > > What does it claim about the signature exactly, please?
> >
> > The box is red and reads ÂInvalid signature (German: ÂUngÃltige
> > SignaturÂ).

> hmm, I see the texts are there even in 2.30.0. Mine works as expected.
> (See below.)
>
> > > As an example, I see "Valid signature (David Woodhouse <...>)" on the
> > > inner message, but "Signature exists, but need public key" on your
> > > signature. I believe the later makes sense too, and can be probably the
> > > reason for your error claim. When you click the icon on the left from
> > > the signature claim inside the message, then you can see more details.
> >
> > The certificate for Intel(?) seems to be missing.
> >
> > Unterzeichner: <unknown> <<unknown>>: Signaturzertifikat nicht gefunden
> > Signee(?): <unknown> <<unknown>>: signature certificate not found
> >
> > So I guess the error message should be improved by adding the reason to
> > it: ÂInvalid signature (certificate not found)Â.
>
> That is how it works for me, even on 3.2.2, which is the current stable.
> Just get root certificates from http://cacert.org , install them into
> certificate Authorities, edit the trust for it (you should tell
> evolution/nss/nspr that your trust this certificate authority (CA)), and
> then it'll work.
>
> I just tried, and when I do not trust to the CA, then I also get
> "Invalid Signature", and the detailed information says:
>    Signer: David ... <...>: Signing certificate not trusted

But I do get unknown entries like I pasted above and not your message.
So something must in certificate handling must have been changed between
3.0.3 and 3.2.2.

> Even it can seem strange on the first look, then it makes sense that
> signatures done by certificates which are published by CA you do not
> trust are treated as invalid.

I looked at my certificates and I have the following certificate there.

        CAcert Class 3 Root
        DB:4C:42:69:07:3F:E9:C2:A3:7D:89:0A:5C:1B:18:C4:18:4E:2A:2D
        73:3F:35:54:1D:44:C9:E9:5A:4A:EF:51:AD:03:06:B6

Additionally there is enough in the box to put that âdetailedâ
information why the status is this or that there. It would improve the
usability a lot.


Thanks,

Paul

Attachment: signature.asc
Description: This is a digitally signed message part