[Dovecot] OT: PGP signature verification

Thomas Zajic zlatko at zlatko.fdns.net
Thu May 8 08:24:41 EEST 2008 

* Timo Sirainen, 2008-05-07 22:02

> On Wed, 2008-05-07 at 21:38 +0200, Thomas Zajic wrote:
>> Okay, so it's a gnupg thing? But both mutt and enigmail use the same
>> version of gpg internally, though, and it's the latest one available
>> AFAIK:
>>
>> [zlatko at disclosure]:~$ gpg --version | head -1
>> gpg (GnuPG) 1.4.9
> 
> Oh. I thought 1.4.8 and later would have verified it as valid. For some
> reason gnupg in Debian unstable is stuck at v1.4.6 so I haven't tested
> it myself yet.
> 
> So if that didn't help, I'm not sure then what the problem is. Unless
> your version tries to verify the mails using the old format. Wonder if
> it's possible to tell GPGMail to use the old format or not use textmode
> at all .. other than by creating a gpg wrapper script, which I'm a bit
> lazy to do. :)

:-)

I think that it's a different problem than the one mentioned in the gnupg
mailing list post you refered to. The funny thing is that it's actually
exactly the other way round than you'd expect from that post:

The mails that you send from your Debian system using Evolution (which in
turn uses gnupg-1.4.6 internally, ie. an "old" version) are verified just
fine by Enigmail (which uses gnupg-1.4.9 internally, ie. a "new" version)
even without any of the "--rfc2440" or "--rfc2440-text" parameters.

It's only the mails you send from your Mac using Apple Mail that show up
with a bad signature in TB/Enigmail, although Apple Mail uses gnupg-1.4.8
internally (ie. also a "new" version, just like the one Enigmail uses).
But even with "--rfc2440" or "--rfc2440-text", Enigmail is still unable
to verify the signature.

Mutt, OTOH, using the very same gnupg-1.4.9 that Enigmail uses internally,
is perfectly happy and able to verify the signatures from both Evolution
and Apple Mail, without any additional parameters modifying gpg's default
behaviour.

According to gnupg-1.4.9's ChangeLog, the only change that might be related
to this problem is the following:

| 2008-03-07  David Shaw  <dshaw at jabberwocky.com>
| 
|         * configure.ac: Darwin's /bin/sh has a builtin echo that doesn't
|         understand '-n'.  Use tr to trim the carriage return instead.

I have no idea whether gnupg actually relies on /bin/sh to do any of its
stuff, or if this is only relevant for ./configure. Oh well ... it's not a
big problem anyway, so I don't want to waste your precious time that you'd
probably rather spend getting dovecot-1.1 out the door. :-)

Thanks anyway,
Thomas

More information about the dovecot mailing list