Re: [BUG] Decryption fails if message was signed with an unknown key

diff --git a/85/6178d065a7117302ae69905fa8f6090ef2a2b8 b/85/6178d065a7117302ae69905fa8f6090ef2a2b8
new file mode 100644 (file)
index 0000000..96ab085
--- /dev/null
+++ b/85/6178d065a7117302ae69905fa8f6090ef2a2b8
@@ -0,0 +1,162 @@
+Return-Path: <dkg@fifthhorseman.net>\r
+X-Original-To: notmuch@notmuchmail.org\r
+Delivered-To: notmuch@notmuchmail.org\r
+Received: from localhost (localhost [127.0.0.1])\r
+       by olra.theworths.org (Postfix) with ESMTP id F3916431FDD\r
+       for <notmuch@notmuchmail.org>; Thu,  5 Sep 2013 08:03:34 -0700 (PDT)\r
+X-Virus-Scanned: Debian amavisd-new at olra.theworths.org\r
+X-Spam-Flag: NO\r
+X-Spam-Score: 0\r
+X-Spam-Level: \r
+X-Spam-Status: No, score=0 tagged_above=-999 required=5 tests=[none]\r
+       autolearn=disabled\r
+Received: from olra.theworths.org ([127.0.0.1])\r
+       by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024)\r
+       with ESMTP id YDcgnDLUO5jp for <notmuch@notmuchmail.org>;\r
+       Thu,  5 Sep 2013 08:03:27 -0700 (PDT)\r
+Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108])\r
+       by olra.theworths.org (Postfix) with ESMTP id 57958431FDB\r
+       for <notmuch@notmuchmail.org>; Thu,  5 Sep 2013 08:03:27 -0700 (PDT)\r
+Received: from [192.168.13.192] (lair.fifthhorseman.net [108.58.6.98])\r
+       by che.mayfirst.org (Postfix) with ESMTPSA id BA9C4F984;\r
+       Thu,  5 Sep 2013 11:03:18 -0400 (EDT)\r
+Message-ID: <52289D36.2060006@fifthhorseman.net>\r
+Date: Thu, 05 Sep 2013 11:03:18 -0400\r
+From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>\r
+User-Agent: Mozilla/5.0 (X11; Linux x86_64;\r
+       rv:17.0) Gecko/20130821 Icedove/17.0.8\r
+MIME-Version: 1.0\r
+To: Simon Hirscher <public@simonhirscher.de>\r
+Subject: Re: [BUG] Decryption fails if message was signed with an unknown key\r
+References:\r
+ <CAEj42wtt9O1-k9hm9DNCh7En=b-eDYQWham5-FR-wzrt+sij+g@mail.gmail.com>\r
+In-Reply-To:\r
+ <CAEj42wtt9O1-k9hm9DNCh7En=b-eDYQWham5-FR-wzrt+sij+g@mail.gmail.com>\r
+X-Enigmail-Version: 1.5.1\r
+Content-Type: multipart/signed; micalg=pgp-sha512;\r
+       protocol="application/pgp-signature";\r
+       boundary="----enig2GXKIHSCACNNJKQFFTDXR"\r
+Cc: notmuch@notmuchmail.org\r
+X-BeenThere: notmuch@notmuchmail.org\r
+X-Mailman-Version: 2.1.13\r
+Precedence: list\r
+Reply-To: notmuch <notmuch@notmuchmail.org>\r
+List-Id: "Use and development of the notmuch mail system."\r
+       <notmuch.notmuchmail.org>\r
+List-Unsubscribe: <http://notmuchmail.org/mailman/options/notmuch>,\r
+       <mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>\r
+List-Archive: <http://notmuchmail.org/pipermail/notmuch>\r
+List-Post: <mailto:notmuch@notmuchmail.org>\r
+List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>\r
+List-Subscribe: <http://notmuchmail.org/mailman/listinfo/notmuch>,\r
+       <mailto:notmuch-request@notmuchmail.org?subject=subscribe>\r
+X-List-Received-Date: Thu, 05 Sep 2013 15:03:35 -0000\r
+\r
+This is an OpenPGP/MIME signed message (RFC 4880 and 3156)\r
+------enig2GXKIHSCACNNJKQFFTDXR\r
+Content-Type: text/plain; charset=UTF-8\r
+Content-Transfer-Encoding: quoted-printable\r
+\r
+Hi Simon--\r
+\r
+On 09/04/2013 06:01 PM, Simon Hirscher wrote:\r
+> This is now the second time the following has happened to me:\r
+\r
+ [ decryption failure until adding sender's key]\r
+\r
+> Also, I should add that manually decrypting the message with gpg (i.e.\r
+> without using notmuch) already worked *before* I added the sender's\r
+> key (not shown above). Still, notmuch obviously doesn't like it when\r
+> the sender is unknown.\r
+\r
+I just tried to replicate this, and i do not see this misbehavior.  I'm\r
+using notmuch 0.16-1 on a debian testing/unstable system.\r
+\r
+using --format=3Djson and piping the output through json_pp, i do see the=\r
+\r
+following part of the response indicating that i don't have the signer's\r
+key:\r
+\r
+                 "sigstatus" : [\r
+                     {\r
+                        "errors" : 2,\r
+                        "keyid" : "CB07362E3294B49E",\r
+                        "status" : "error"\r
+                     }\r
+                  ],\r
+\r
+\r
+but the message body is correctly decrypted and passed through.\r
+\r
+I'm confused by a few things in your example above:\r
+\r
+ A) how does it know that there was a signature if the message was\r
+encrypted?  normal PGP/MIME messages contain a single OpenPGP chunk that\r
+contains signatures wrapped inside the encryption, so that an observer\r
+can't tell whether there is a signature or not (or who made the signature=\r
+)\r
+\r
+ B) the date of the message is the unix epoch date (1970-01-01), and the\r
+date of the signature appears to be the unix epoch date as well.  this\r
+seems suspicious and likely to be false.  how are these messages being\r
+generated?\r
+\r
+ C) you appear to be using gnupg 2.0.17.  the latest version of the\r
+2.0.x line of gpg is 2.0.21.  maybe you can upgrade your gpg\r
+installation and try again?\r
+\r
+ D) you have the mingw32 version of gpg.  Does this mean you're running\r
+notmuch on windows?\r
+\r
+ E) i'd be curious to see what printmimestructure looks like on the\r
+message in question.  if you've got a decent shell and the notmuch\r
+source code, you should be able to do:\r
+\r
+ notmuch show --format=3Draw id:xyz@example.com | devel/printmimestructur=\r
+e\r
+\r
+I'd expect to see output like this:\r
+\r
+=E2=94=94=E2=94=AC=E2=95=B4multipart/encrypted 3309 bytes\r
+ =E2=94=9C=E2=94=80=E2=95=B4application/pgp-encrypted 11 bytes\r
+ =E2=94=94=E2=94=80=E2=95=B4application/octet-stream 1351 bytes\r
+\r
+\r
+if you can clarify any of the above, i'd appreciate it.\r
+\r
+Also, if you can, you're welcome to send a signed/encrypted message\r
+using the same framework that generated the problematic message directly\r
+to me (my OpenPGP fingerprint is\r
+0EE5BE979282D80B9F7540F1CCD2ED94D21739E9), and i'd be happy to take a\r
+look at it.\r
+\r
+       --dkg\r
+\r
+\r
+------enig2GXKIHSCACNNJKQFFTDXR\r
+Content-Type: application/pgp-signature; name="signature.asc"\r
+Content-Description: OpenPGP digital signature\r
+Content-Disposition: attachment; filename="signature.asc"\r
+\r
+-----BEGIN PGP SIGNATURE-----\r
+Version: GnuPG v1.4.14 (GNU/Linux)\r
+Comment: Using GnuPG with Icedove - http://www.enigmail.net/\r
+\r
+iQJ8BAEBCgBmBQJSKJ02XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w\r
+ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRFQjk2OTEyODdBN0FEREUzNzU3RDkxMUVB\r
+NTI0MDFCMTFCRkRGQTVDAAoJEKUkAbEb/fpczO0QANWp58Yrn1feyowT6kt715G8\r
+G2tMQZwOmg84GNk/ftJ+q/DPf6J22Qo164BaEh/SFn/jowcbXD/AX5WD2DDQCGGi\r
+2/H6eOuz9qmELzsEUBv5fuMi4LAfz3lgLB1WilIUOUaUTYQyBKuQi1Ag8pI2tmOO\r
+pei5sCduHv3vpyxjAHozEKtIO3JbKIhiW04FEXKujn/nTyitc/WcjKiZEnTP0UyT\r
+lK8OoRdkAxCuJV1ZuFV35VL2SCYGZZ+bJy5oMH6xgK4TKQ6O8tDXDpxO5x9qLPYp\r
+H4DTJ+Y2uUdHCmCwM/HXJ1bRUgFNq0XeB/uZbysPqe40PqL9H7LJpjEcVrWffuE9\r
+owKcr7zwT5bugrgkCquTkfMlregemtIZJcoHru10xi/WfBWuwU0aJZyOfFMS70Fp\r
+hYWuSPXyteSFbnisnUZy/qhQfBhlXLaVt0TQA7eJaRYZqL1dE99flU2exKk6RCo/\r
+AAonyZ7TmGxL1egCdQIfucIwuGQ7TRkiAOPySUNUbhwbQdHVSdgixF6YSuofAz2e\r
+QI2YaTO/1m2jEQInRwcFV7PpOdm1GBApZVNnK9NfQJnVP4SwUcnLcz6cE//rmaij\r
+nPUXi6b/q3dSA3nXbKCk6UKznlNws3rUuB1VuywAcezrjQJPwmKdDT7kYnc5GXFe\r
+OGP9q/4h51WdCMKN25n3\r
+=HcU7\r
+-----END PGP SIGNATURE-----\r
+\r
+------enig2GXKIHSCACNNJKQFFTDXR--\r