Return-Path: X-Original-To: notmuch@notmuchmail.org Delivered-To: notmuch@notmuchmail.org Received: from localhost (localhost [127.0.0.1]) by olra.theworths.org (Postfix) with ESMTP id F3916431FDD for ; Thu, 5 Sep 2013 08:03:34 -0700 (PDT) X-Virus-Scanned: Debian amavisd-new at olra.theworths.org X-Spam-Flag: NO X-Spam-Score: 0 X-Spam-Level: X-Spam-Status: No, score=0 tagged_above=-999 required=5 tests=[none] autolearn=disabled Received: from olra.theworths.org ([127.0.0.1]) by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YDcgnDLUO5jp for ; Thu, 5 Sep 2013 08:03:27 -0700 (PDT) Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) by olra.theworths.org (Postfix) with ESMTP id 57958431FDB for ; Thu, 5 Sep 2013 08:03:27 -0700 (PDT) Received: from [192.168.13.192] (lair.fifthhorseman.net [108.58.6.98]) by che.mayfirst.org (Postfix) with ESMTPSA id BA9C4F984; Thu, 5 Sep 2013 11:03:18 -0400 (EDT) Message-ID: <52289D36.2060006@fifthhorseman.net> Date: Thu, 05 Sep 2013 11:03:18 -0400 From: Daniel Kahn Gillmor User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130821 Icedove/17.0.8 MIME-Version: 1.0 To: Simon Hirscher Subject: Re: [BUG] Decryption fails if message was signed with an unknown key References: In-Reply-To: X-Enigmail-Version: 1.5.1 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="----enig2GXKIHSCACNNJKQFFTDXR" Cc: notmuch@notmuchmail.org X-BeenThere: notmuch@notmuchmail.org X-Mailman-Version: 2.1.13 Precedence: list Reply-To: notmuch List-Id: "Use and development of the notmuch mail system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Sep 2013 15:03:35 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) ------enig2GXKIHSCACNNJKQFFTDXR Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hi Simon-- On 09/04/2013 06:01 PM, Simon Hirscher wrote: > This is now the second time the following has happened to me: [ decryption failure until adding sender's key] > Also, I should add that manually decrypting the message with gpg (i.e. > without using notmuch) already worked *before* I added the sender's > key (not shown above). Still, notmuch obviously doesn't like it when > the sender is unknown. I just tried to replicate this, and i do not see this misbehavior. I'm using notmuch 0.16-1 on a debian testing/unstable system. using --format=3Djson and piping the output through json_pp, i do see the= following part of the response indicating that i don't have the signer's key: "sigstatus" : [ { "errors" : 2, "keyid" : "CB07362E3294B49E", "status" : "error" } ], but the message body is correctly decrypted and passed through. I'm confused by a few things in your example above: A) how does it know that there was a signature if the message was encrypted? normal PGP/MIME messages contain a single OpenPGP chunk that contains signatures wrapped inside the encryption, so that an observer can't tell whether there is a signature or not (or who made the signature= ) B) the date of the message is the unix epoch date (1970-01-01), and the date of the signature appears to be the unix epoch date as well. this seems suspicious and likely to be false. how are these messages being generated? C) you appear to be using gnupg 2.0.17. the latest version of the 2.0.x line of gpg is 2.0.21. maybe you can upgrade your gpg installation and try again? D) you have the mingw32 version of gpg. Does this mean you're running notmuch on windows? E) i'd be curious to see what printmimestructure looks like on the message in question. if you've got a decent shell and the notmuch source code, you should be able to do: notmuch show --format=3Draw id:xyz@example.com | devel/printmimestructur= e I'd expect to see output like this: =E2=94=94=E2=94=AC=E2=95=B4multipart/encrypted 3309 bytes =E2=94=9C=E2=94=80=E2=95=B4application/pgp-encrypted 11 bytes =E2=94=94=E2=94=80=E2=95=B4application/octet-stream 1351 bytes if you can clarify any of the above, i'd appreciate it. Also, if you can, you're welcome to send a signed/encrypted message using the same framework that generated the problematic message directly to me (my OpenPGP fingerprint is 0EE5BE979282D80B9F7540F1CCD2ED94D21739E9), and i'd be happy to take a look at it. --dkg ------enig2GXKIHSCACNNJKQFFTDXR Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) Comment: Using GnuPG with Icedove - http://www.enigmail.net/ iQJ8BAEBCgBmBQJSKJ02XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRFQjk2OTEyODdBN0FEREUzNzU3RDkxMUVB NTI0MDFCMTFCRkRGQTVDAAoJEKUkAbEb/fpczO0QANWp58Yrn1feyowT6kt715G8 G2tMQZwOmg84GNk/ftJ+q/DPf6J22Qo164BaEh/SFn/jowcbXD/AX5WD2DDQCGGi 2/H6eOuz9qmELzsEUBv5fuMi4LAfz3lgLB1WilIUOUaUTYQyBKuQi1Ag8pI2tmOO pei5sCduHv3vpyxjAHozEKtIO3JbKIhiW04FEXKujn/nTyitc/WcjKiZEnTP0UyT lK8OoRdkAxCuJV1ZuFV35VL2SCYGZZ+bJy5oMH6xgK4TKQ6O8tDXDpxO5x9qLPYp H4DTJ+Y2uUdHCmCwM/HXJ1bRUgFNq0XeB/uZbysPqe40PqL9H7LJpjEcVrWffuE9 owKcr7zwT5bugrgkCquTkfMlregemtIZJcoHru10xi/WfBWuwU0aJZyOfFMS70Fp hYWuSPXyteSFbnisnUZy/qhQfBhlXLaVt0TQA7eJaRYZqL1dE99flU2exKk6RCo/ AAonyZ7TmGxL1egCdQIfucIwuGQ7TRkiAOPySUNUbhwbQdHVSdgixF6YSuofAz2e QI2YaTO/1m2jEQInRwcFV7PpOdm1GBApZVNnK9NfQJnVP4SwUcnLcz6cE//rmaij nPUXi6b/q3dSA3nXbKCk6UKznlNws3rUuB1VuywAcezrjQJPwmKdDT7kYnc5GXFe OGP9q/4h51WdCMKN25n3 =HcU7 -----END PGP SIGNATURE----- ------enig2GXKIHSCACNNJKQFFTDXR--