Re: [gpgtools-users] Mail does not validate my own signatures

Wed, 02 Feb 2011 18:37:57 -0800 

Hi again,

I think I nailed this bug. Basically, Mail.app improperly changes the MIME 
content headers upon receiving from the mail server. In particular, the 
following in the signed message body:

"""
Content-Type: text/plain; charset=us-ascii
"""

gets changed to:

"""
Content-Type: text/plain;
        charset=us-ascii
"""

i.e. "charset=..." gets moved to the next line, with a TAB character. 

Since the signature was generated with the content-type header on a single 
line, this change invalidates the signature. I found this out by looking at the 
detailed log from GPGME, see the bottom of this  mail for a copy. Basically 
this shows that the mail was generated/sent with the header on a single line, 
which I can also confirm by looking at the e-mail on the IMAP server directly 
(using a different client). Strangely when keeping the mails on the IMAP 
server, the header is modified on the local copy but not on the server. 
Thunderbird/Enigmail also leaves the header untouched, that's why the signature 
verifies with it.

I checked with GPGMail disabled (not in the Bundles directory), and I see that 
Mail.app still breaks the content header with GPGMail disabled. So this 
behavior seems not specific to GPGMail.

Now that said, I hear that some other people using Mail.app can actually 
validate my sigs. Is there a setting in Mail.app to prevent this handling of 
content headers? Also, could we work around this in GPGMail by trying (once) to 
re-format the content headers the first time signature verification fails?


Thanks


Output from GPGME:

- Log data when generating the sig:

GPGME 2011-02-03 03:17:53 <0x7fff7020eca0>  _gpgme_io_write: check: 
436f6e74656e742d 5472616e73666572 Content-Transfer
GPGME 2011-02-03 03:17:53 <0x7fff7020eca0>  _gpgme_io_write: check: 
2d456e636f64696e 673a20376269740d -Encoding: 7bit.
GPGME 2011-02-03 03:17:53 <0x7fff7020eca0>  _gpgme_io_write: check: 
0a436f6e74656e74 2d547970653a2074 .Content-Type: t
GPGME 2011-02-03 03:17:53 <0x7fff7020eca0>  _gpgme_io_write: check: 
6578742f706c6169 6e3b206368617273 ext/plain; chars
GPGME 2011-02-03 03:17:53 <0x7fff7020eca0>  _gpgme_io_write: check: 
65743d75732d6173 6369690d0a0d0a66 et=us-ascii....f
GPGME 2011-02-03 03:17:53 <0x7fff7020eca0>  _gpgme_io_write: check: 
6f6f0d0a0d0a626c 61680d0a0d0a     oo....blah....
...
GPGME 2011-02-03 03:17:59 <0x7fff7020eca0>  _gpgme_io_read: check: 
2d2d2d2d2d424547 494e205047502053 -----BEGIN PGP S
GPGME 2011-02-03 03:17:59 <0x7fff7020eca0>  _gpgme_io_read: check: 
49474e4154555245 2d2d2d2d2d0a5665 IGNATURE-----.Ve
GPGME 2011-02-03 03:17:59 <0x7fff7020eca0>  _gpgme_io_read: check: 
7273696f6e3a2047 6e7550472f4d6163 rsion: GnuPG/Mac
GPGME 2011-02-03 03:17:59 <0x7fff7020eca0>  _gpgme_io_read: check: 
475047322076322e 302e313720284461 GPG2 v2.0.17 (Da
GPGME 2011-02-03 03:17:59 <0x7fff7020eca0>  _gpgme_io_read: check: 
7277696e290a436f 6d6d656e743a2068 rwin).Comment: h
GPGME 2011-02-03 03:17:59 <0x7fff7020eca0>  _gpgme_io_read: check: 
747470733a2f2f77 77772e6269676c75 ttps://www.biglu
GPGME 2011-02-03 03:17:59 <0x7fff7020eca0>  _gpgme_io_read: check: 
6d6265722e636f6d 2f782f7765623f70 mber.com/x/web?p
GPGME 2011-02-03 03:17:59 <0x7fff7020eca0>  _gpgme_io_read: check: 
6b3d394233323930 4142323937324339 k=9B3290AB2972C9
GPGME 2011-02-03 03:17:59 <0x7fff7020eca0>  _gpgme_io_read: check: 
3242424146414236 3943323336453445 2BBAFAB69C236E4E
GPGME 2011-02-03 03:17:59 <0x7fff7020eca0>  _gpgme_io_read: check: 
3530353032344641 45330a0a69455945 505024FAE3..iEYE
GPGME 2011-02-03 03:17:59 <0x7fff7020eca0>  _gpgme_io_read: check: 
4152454441415946 416b314b45466341 AREDAAYFAk1KEFcA
GPGME 2011-02-03 03:17:59 <0x7fff7020eca0>  _gpgme_io_read: check: 
43676b51526f4f74 654c576456686f6b CgkQRoOteLWdVhok
GPGME 2011-02-03 03:17:59 <0x7fff7020eca0>  _gpgme_io_read: check: 
55774366644f584e 4236347762745245 UwCfdOXNB64wbtRE
GPGME 2011-02-03 03:17:59 <0x7fff7020eca0>  _gpgme_io_read: check: 
5070727043456767 557675460a663467 PprpCEggUvuF.f4g
GPGME 2011-02-03 03:17:59 <0x7fff7020eca0>  _gpgme_io_read: check: 
416e5242444d4741 5271794743704731 AnRBDMGARqyGCpG1
GPGME 2011-02-03 03:17:59 <0x7fff7020eca0>  _gpgme_io_read: check: 
2b6e62546a495148 72493459530a3d52 +nbTjIQHrI4YS.=R
GPGME 2011-02-03 03:17:59 <0x7fff7020eca0>  _gpgme_io_read: check: 
434e550a2d2d2d2d 2d454e4420504750 CNU.-----END PGP
GPGME 2011-02-03 03:17:59 <0x7fff7020eca0>  _gpgme_io_read: check: 
205349474e415455 52452d2d2d2d2d0a  SIGNATURE-----.

- Log data when validating the sig:

GPGME 2011-02-03 03:18:38 <0x7fff7020eca0>  _gpgme_io_write: check: 
2d2d2d2d2d424547 494e205047502053 -----BEGIN PGP S
GPGME 2011-02-03 03:18:38 <0x7fff7020eca0>  _gpgme_io_write: check: 
49474e4154555245 2d2d2d2d2d0d0a56 IGNATURE-----..V
GPGME 2011-02-03 03:18:38 <0x7fff7020eca0>  _gpgme_io_write: check: 
657273696f6e3a20 476e7550472f4d61 ersion: GnuPG/Ma
GPGME 2011-02-03 03:18:38 <0x7fff7020eca0>  _gpgme_io_write: check: 
6347504732207632 2e302e3137202844 cGPG2 v2.0.17 (D
GPGME 2011-02-03 03:18:38 <0x7fff7020eca0>  _gpgme_io_write: check: 
617277696e290d0a 436f6d6d656e743a arwin)..Comment:
GPGME 2011-02-03 03:18:38 <0x7fff7020eca0>  _gpgme_io_write: check: 
2068747470733a2f 2f7777772e626967  https://www.big
GPGME 2011-02-03 03:18:38 <0x7fff7020eca0>  _gpgme_io_write: check: 
6c756d6265722e63 6f6d2f782f776562 lumber.com/x/web
GPGME 2011-02-03 03:18:38 <0x7fff7020eca0>  _gpgme_io_write: check: 
3f706b3d39423332 3930414232393732 ?pk=9B3290AB2972
GPGME 2011-02-03 03:18:38 <0x7fff7020eca0>  _gpgme_io_write: check: 
4339324242414641 4236394332333645 C92BBAFAB69C236E
GPGME 2011-02-03 03:18:38 <0x7fff7020eca0>  _gpgme_io_write: check: 
3445353035303234 464145330d0a0d0a 4E505024FAE3....
GPGME 2011-02-03 03:18:38 <0x7fff7020eca0>  _gpgme_io_write: check: 
6945594541524544 41415946416b314b iEYEAREDAAYFAk1K
GPGME 2011-02-03 03:18:38 <0x7fff7020eca0>  _gpgme_io_write: check: 
4546634143676b51 526f4f74654c5764 EFcACgkQRoOteLWd
GPGME 2011-02-03 03:18:38 <0x7fff7020eca0>  _gpgme_io_write: check: 
56686f6b55774366 644f584e42363477 VhokUwCfdOXNB64w
GPGME 2011-02-03 03:18:38 <0x7fff7020eca0>  _gpgme_io_write: check: 
6274524550707270 4345676755767546 btREPprpCEggUvuF
GPGME 2011-02-03 03:18:38 <0x7fff7020eca0>  _gpgme_io_write: check: 
0d0a663467416e52 42444d4741527179 ..f4gAnRBDMGARqy
GPGME 2011-02-03 03:18:38 <0x7fff7020eca0>  _gpgme_io_write: check: 
47437047312b6e62 546a495148724934 GCpG1+nbTjIQHrI4
GPGME 2011-02-03 03:18:38 <0x7fff7020eca0>  _gpgme_io_write: check: 
59530d0a3d52434e 550d0a2d2d2d2d2d YS..=RCNU..-----
GPGME 2011-02-03 03:18:38 <0x7fff7020eca0>  _gpgme_io_write: check: 
454e442050475020 5349474e41545552 END PGP SIGNATUR
GPGME 2011-02-03 03:18:38 <0x7fff7020eca0>  _gpgme_io_write: check: 
452d2d2d2d2d0d0a                  E-----..

GPGME 2011-02-03 03:18:38 <0x7fff7020eca0>  _gpgme_io_write: check: 
436f6e74656e742d 5472616e73666572 Content-Transfer
GPGME 2011-02-03 03:18:38 <0x7fff7020eca0>  _gpgme_io_write: check: 
2d456e636f64696e 673a20376269740d -Encoding: 7bit.
GPGME 2011-02-03 03:18:38 <0x7fff7020eca0>  _gpgme_io_write: check: 
0a436f6e74656e74 2d547970653a2074 .Content-Type: t
GPGME 2011-02-03 03:18:38 <0x7fff7020eca0>  _gpgme_io_write: check: 
6578742f706c6169 6e3b0d0a09636861 ext/plain;...cha
GPGME 2011-02-03 03:18:38 <0x7fff7020eca0>  _gpgme_io_write: check: 
727365743d75732d 61736369690d0a0d rset=us-ascii...
GPGME 2011-02-03 03:18:38 <0x7fff7020eca0>  _gpgme_io_write: check: 
0a666f6f0d0a0d0a 626c61680d0a0d0a .foo....blah....

As this shows the signed data is different the 2nd time, a CR-LF-TAB sequence 
was inserted.





_______________________________________________
gpgtools-users mailing list
[email protected]
FAQ: http://www.gpgtools.org/faq.html
Changes: http://lists.gpgtools.org/mailman/listinfo/gpgtools-users
Unsubscribe: 
http://lists.gpgtools.org/mailman/options/gpgtools-users/[email protected]?unsub=Unsubscribe&unsubconfirm=1

This email sent to: [email protected]

Reply via email to