From 278867bc71b30c97bd80ae95ac90dc1d860a2d37 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Wed, 25 Sep 2013 19:14:22 +2000 Subject: [PATCH] Re: [BUG] Decryption fails if message was signed with an unknown key --- 81/e6255fb2cef96365ad730a4808ef56fb1465e1 | 105 ++++++++++++++++++++++ 1 file changed, 105 insertions(+) create mode 100644 81/e6255fb2cef96365ad730a4808ef56fb1465e1 diff --git a/81/e6255fb2cef96365ad730a4808ef56fb1465e1 b/81/e6255fb2cef96365ad730a4808ef56fb1465e1 new file mode 100644 index 000000000..4398caab3 --- /dev/null +++ b/81/e6255fb2cef96365ad730a4808ef56fb1465e1 @@ -0,0 +1,105 @@ +Return-Path: +X-Original-To: notmuch@notmuchmail.org +Delivered-To: notmuch@notmuchmail.org +Received: from localhost (localhost [127.0.0.1]) + by olra.theworths.org (Postfix) with ESMTP id 3BBC6431FBD + for ; Tue, 24 Sep 2013 16:14:34 -0700 (PDT) +X-Virus-Scanned: Debian amavisd-new at olra.theworths.org +X-Spam-Flag: NO +X-Spam-Score: 0 +X-Spam-Level: +X-Spam-Status: No, score=0 tagged_above=-999 required=5 tests=[none] + autolearn=disabled +Received: from olra.theworths.org ([127.0.0.1]) + by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024) + with ESMTP id qFuQviygHg22 for ; + Tue, 24 Sep 2013 16:14:28 -0700 (PDT) +Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) + by olra.theworths.org (Postfix) with ESMTP id 9F8CF431FBC + for ; Tue, 24 Sep 2013 16:14:28 -0700 (PDT) +Received: from [192.168.13.183] (lair.fifthhorseman.net [108.58.6.98]) + by che.mayfirst.org (Postfix) with ESMTPSA id F1D74F986; + Tue, 24 Sep 2013 19:14:22 -0400 (EDT) +Message-ID: <52421CCE.6030006@fifthhorseman.net> +Date: Tue, 24 Sep 2013 19:14:22 -0400 +From: Daniel Kahn Gillmor +User-Agent: Mozilla/5.0 (X11; Linux x86_64; + rv:17.0) Gecko/20130821 Icedove/17.0.8 +MIME-Version: 1.0 +To: Simon Hirscher +Subject: Re: [BUG] Decryption fails if message was signed with an unknown key +References: + + <52289D36.2060006@fifthhorseman.net> + +In-Reply-To: + +X-Enigmail-Version: 1.5.1 +Content-Type: multipart/signed; micalg=pgp-sha512; + protocol="application/pgp-signature"; + boundary="----enig2MIIXRHDXVCQPLPPLEHDU" +Cc: notmuch +X-BeenThere: notmuch@notmuchmail.org +X-Mailman-Version: 2.1.13 +Precedence: list +List-Id: "Use and development of the notmuch mail system." + +List-Unsubscribe: , + +List-Archive: +List-Post: +List-Help: +List-Subscribe: , + +X-List-Received-Date: Tue, 24 Sep 2013 23:14:34 -0000 + +This is an OpenPGP/MIME signed message (RFC 4880 and 3156) +------enig2MIIXRHDXVCQPLPPLEHDU +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: quoted-printable + +On 09/23/2013 07:23 PM, Simon Hirscher wrote: +> Now, in order for you to test that behavior I'm going to send you a +> signed and encrypted message because that should exactly reproduce the +> bug, as long as you don't import my key (id EBACABE5 / +> http://simonhirscher.de/public_key.asc) for signature verification. + +message received and tested on debian jessie using notmuch 0.16-1, and i +did not see this misbehavior. + +Simon, for future reference, you can also test this sort of thing +yourself by making multiple (phony) gpg homedirectories and notmuch +config files, and setting GNUPGHOME and NOTMUCH_CONFIG environment +variables appropriately. I find this a pretty handy diagnostic approach.= + + + --dkg + + +------enig2MIIXRHDXVCQPLPPLEHDU +Content-Type: application/pgp-signature; name="signature.asc" +Content-Description: OpenPGP digital signature +Content-Disposition: attachment; filename="signature.asc" + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.14 (GNU/Linux) +Comment: Using GnuPG with Icedove - http://www.enigmail.net/ + +iQJ8BAEBCgBmBQJSQhzOXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w +ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRFQjk2OTEyODdBN0FEREUzNzU3RDkxMUVB +NTI0MDFCMTFCRkRGQTVDAAoJEKUkAbEb/fpcTi0QANoDHh478VYEJWjqvjevmy3K +igzofP1W0bGY2eekdD1CR/1B5t6nRBypaei19nrMNfDXLyjDz9VLCLnpIi/DF/K2 +PxXj4te1TCkzJs/Yoe3uGcFBk+NWQivO4DsXyqwVDa3fQogg1HU0/+ySRP8uW287 +A7bVyfA4izK41MyAvf1HxeEArFVgeHnEDo3tiq+dkwh617fHSBUaP+gikrYIrZI/ +gMEySHW2zrpFAzrLCtCVmoB3HBVklKYoYg9mP5evVLuhi5J4nyDrI1h8UEIB9/YF +LXL/WZYXuYwu8W8kvctaChBr8ZskigKVoJxDRgXkMIhr2B6Wb8lZtNgJd7PZXODL +ocHgmCBuyM4l8yYxI8xSgqCsisHdWolHK4G6b3VNNrYrLiOSL8mvy9FL8Z6AKVnV +sjegRh+KOt98A6BEvPb+IgXjA4zRMqiJLdx0Am3Q1+6/WeR7RRb7nG8KknV+1vPB +ADgPhPx6UqrAFdaQwvzD0dok1cexguWMW0aJhtX5rrbi8svtWbUviLkGWkoW/b/9 +hUAZakrwurjSmoGymxvudqwK9jC2WNUmAchVQwO+wswgOzNwHBXcEUk/q9SVYSQp +IvPocH8LZVWPPLRZysx7d7NeVg2kQaWi8NhIeLhl4+Wfog26KNhJkTPdWUiIx0zB +BFScyp/R6p1/TEIUhwhO +=Gfji +-----END PGP SIGNATURE----- + +------enig2MIIXRHDXVCQPLPPLEHDU-- -- 2.26.2