#2717 new
Thomas Kahle

OpenPGP Signature Checking FROM of decrypted message fails.

Reported by Thomas Kahle | December 28th, 2020 @ 09:47 AM

When an encrypted message arrives from a user with multiple identities in their PGP key, then the sender is only checked against the main identity. This results in a wrong message "OpenPGP: The message is valid, but it was not signed by the sender". The report from PGP looks like this:

[...] [GNUPG:] GOODSIG 697E3EB3C9B0A514 A A@B.de gpg: Good signature from "A A@B.de" [full]
gpg: aka "A A@C.de" [full]

with From : A@C.de. If A@B.de is used as the from address, the signature is correctly verified.

The error also does not happen with unencrypted but signed messages from the same sender, and it also does not happen with encrypted and signed messages where the sender uses the main identity as the from address.

Comments and changes to this ticket

  • Thomas Kahle

    Thomas Kahle January 15th, 2021 @ 03:46 PM

    Hi, I can make this more specific now. When a decrypted and signed message arrives, mailmate displays "OpenPGP: Mismatching addresses in signature" and clicking on it gives me the gpg output nicely formatted / parsed. There I get something like:

    Risk analysis The sender address does not match the key.
    Fingerprint 671F...
    From Address �
    Key Addresses [list of addresses that DOES contain the FROM address of the envelope]

    But you see that the parsed "From Address" is not correct. It determines the sender as some strange character that I cannot copy and paste. On my screen it looks like 6 thick horizontal lines. Like a "hamburger menu" except it's a triple decker with cheese.

  • benny

    benny January 20th, 2021 @ 03:22 PM

    • State changed from “new” to “fixcommitted”

    That symbol is a so-called null string and it does indicate that MailMate failed to properly find a From address.

    Hmm, looking at the code I can see a potential problem, but it doesn't seem to be related to multiple identities. It seems to be related to handling a message part which is both encrypted and signed (usually there's a signed part within an encrypted part). If I'm right then it might be a simple fix (it'll be in r5762+).

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป

Mac OS X email client.

Shared Ticket Bins

People watching this ticket