Re: [Evolution] PGP signing problem with Evolution

[Milan Crha <mcrha redhat com>]

On Tue, 2020-06-30 at 21:45 +0200, darius via evolution-list wrote:
> You have actually described the same problem as other recipients
> have, so maybe you could test on your own machine why Evolution can't
> validate sender?

        Hi,
I already did that, but maybe I didn't describe it properly. Let me try
to rephrase what Evolution does:

The signature verification is done in two steps. The first is the
actual digital signature check, which can fail, when the public key for
the signature is not installed/available on the recipient side, but
also when it is available, but the public key doesn't have set
sufficient trust level. Depending on this the signature is claimed as
valid (green), valid, but with some issue (yellow), no public key
installed (I think it's yellow or gray), failed validation (red -
broken signature, someone could modify the signed part(s)).

The second step applies only if the signature is considered valid, in
which case the signer address and the sender addresses are checked,
whether they match. If they do not match, then a "yellow" info is shown
with a text like "Valid signature, but sender address and signer
address do not match (email-address-of-the-signer)". It's shown when
the From header value doesn't match the signer email.

I cannot tell which of the two is the case on the Protonmail or the
other client your recipients use. This is just how it works in
Evolution.

Note the first part is mainly done by gpg itself, Evolution relies on
its output and formats it in the relevant way.
        Bye,
        Milan