Hi again, I think I nailed this bug. Basically, Mail.app improperly changes the MIME content headers upon receiving from the mail server. In particular, the following in the signed message body:
""" Content-Type: text/plain; charset=us-ascii """ gets changed to: """ Content-Type: text/plain; charset=us-ascii """ i.e. "charset=..." gets moved to the next line, with a TAB character. Since the signature was generated with the content-type header on a single line, this change invalidates the signature. I found this out by looking at the detailed log from GPGME, see the bottom of this mail for a copy. Basically this shows that the mail was generated/sent with the header on a single line, which I can also confirm by looking at the e-mail on the IMAP server directly (using a different client). Strangely when keeping the mails on the IMAP server, the header is modified on the local copy but not on the server. Thunderbird/Enigmail also leaves the header untouched, that's why the signature verifies with it. I checked with GPGMail disabled (not in the Bundles directory), and I see that Mail.app still breaks the content header with GPGMail disabled. So this behavior seems not specific to GPGMail. Now that said, I hear that some other people using Mail.app can actually validate my sigs. Is there a setting in Mail.app to prevent this handling of content headers? Also, could we work around this in GPGMail by trying (once) to re-format the content headers the first time signature verification fails? Thanks Output from GPGME: - Log data when generating the sig: GPGME 2011-02-03 03:17:53 <0x7fff7020eca0> _gpgme_io_write: check: 436f6e74656e742d 5472616e73666572 Content-Transfer GPGME 2011-02-03 03:17:53 <0x7fff7020eca0> _gpgme_io_write: check: 2d456e636f64696e 673a20376269740d -Encoding: 7bit. GPGME 2011-02-03 03:17:53 <0x7fff7020eca0> _gpgme_io_write: check: 0a436f6e74656e74 2d547970653a2074 .Content-Type: t GPGME 2011-02-03 03:17:53 <0x7fff7020eca0> _gpgme_io_write: check: 6578742f706c6169 6e3b206368617273 ext/plain; chars GPGME 2011-02-03 03:17:53 <0x7fff7020eca0> _gpgme_io_write: check: 65743d75732d6173 6369690d0a0d0a66 et=us-ascii....f GPGME 2011-02-03 03:17:53 <0x7fff7020eca0> _gpgme_io_write: check: 6f6f0d0a0d0a626c 61680d0a0d0a oo....blah.... ... GPGME 2011-02-03 03:17:59 <0x7fff7020eca0> _gpgme_io_read: check: 2d2d2d2d2d424547 494e205047502053 -----BEGIN PGP S GPGME 2011-02-03 03:17:59 <0x7fff7020eca0> _gpgme_io_read: check: 49474e4154555245 2d2d2d2d2d0a5665 IGNATURE-----.Ve GPGME 2011-02-03 03:17:59 <0x7fff7020eca0> _gpgme_io_read: check: 7273696f6e3a2047 6e7550472f4d6163 rsion: GnuPG/Mac GPGME 2011-02-03 03:17:59 <0x7fff7020eca0> _gpgme_io_read: check: 475047322076322e 302e313720284461 GPG2 v2.0.17 (Da GPGME 2011-02-03 03:17:59 <0x7fff7020eca0> _gpgme_io_read: check: 7277696e290a436f 6d6d656e743a2068 rwin).Comment: h GPGME 2011-02-03 03:17:59 <0x7fff7020eca0> _gpgme_io_read: check: 747470733a2f2f77 77772e6269676c75 ttps://www.biglu GPGME 2011-02-03 03:17:59 <0x7fff7020eca0> _gpgme_io_read: check: 6d6265722e636f6d 2f782f7765623f70 mber.com/x/web?p GPGME 2011-02-03 03:17:59 <0x7fff7020eca0> _gpgme_io_read: check: 6b3d394233323930 4142323937324339 k=9B3290AB2972C9 GPGME 2011-02-03 03:17:59 <0x7fff7020eca0> _gpgme_io_read: check: 3242424146414236 3943323336453445 2BBAFAB69C236E4E GPGME 2011-02-03 03:17:59 <0x7fff7020eca0> _gpgme_io_read: check: 3530353032344641 45330a0a69455945 505024FAE3..iEYE GPGME 2011-02-03 03:17:59 <0x7fff7020eca0> _gpgme_io_read: check: 4152454441415946 416b314b45466341 AREDAAYFAk1KEFcA GPGME 2011-02-03 03:17:59 <0x7fff7020eca0> _gpgme_io_read: check: 43676b51526f4f74 654c576456686f6b CgkQRoOteLWdVhok GPGME 2011-02-03 03:17:59 <0x7fff7020eca0> _gpgme_io_read: check: 55774366644f584e 4236347762745245 UwCfdOXNB64wbtRE GPGME 2011-02-03 03:17:59 <0x7fff7020eca0> _gpgme_io_read: check: 5070727043456767 557675460a663467 PprpCEggUvuF.f4g GPGME 2011-02-03 03:17:59 <0x7fff7020eca0> _gpgme_io_read: check: 416e5242444d4741 5271794743704731 AnRBDMGARqyGCpG1 GPGME 2011-02-03 03:17:59 <0x7fff7020eca0> _gpgme_io_read: check: 2b6e62546a495148 72493459530a3d52 +nbTjIQHrI4YS.=R GPGME 2011-02-03 03:17:59 <0x7fff7020eca0> _gpgme_io_read: check: 434e550a2d2d2d2d 2d454e4420504750 CNU.-----END PGP GPGME 2011-02-03 03:17:59 <0x7fff7020eca0> _gpgme_io_read: check: 205349474e415455 52452d2d2d2d2d0a SIGNATURE-----. - Log data when validating the sig: GPGME 2011-02-03 03:18:38 <0x7fff7020eca0> _gpgme_io_write: check: 2d2d2d2d2d424547 494e205047502053 -----BEGIN PGP S GPGME 2011-02-03 03:18:38 <0x7fff7020eca0> _gpgme_io_write: check: 49474e4154555245 2d2d2d2d2d0d0a56 IGNATURE-----..V GPGME 2011-02-03 03:18:38 <0x7fff7020eca0> _gpgme_io_write: check: 657273696f6e3a20 476e7550472f4d61 ersion: GnuPG/Ma GPGME 2011-02-03 03:18:38 <0x7fff7020eca0> _gpgme_io_write: check: 6347504732207632 2e302e3137202844 cGPG2 v2.0.17 (D GPGME 2011-02-03 03:18:38 <0x7fff7020eca0> _gpgme_io_write: check: 617277696e290d0a 436f6d6d656e743a arwin)..Comment: GPGME 2011-02-03 03:18:38 <0x7fff7020eca0> _gpgme_io_write: check: 2068747470733a2f 2f7777772e626967 https://www.big GPGME 2011-02-03 03:18:38 <0x7fff7020eca0> _gpgme_io_write: check: 6c756d6265722e63 6f6d2f782f776562 lumber.com/x/web GPGME 2011-02-03 03:18:38 <0x7fff7020eca0> _gpgme_io_write: check: 3f706b3d39423332 3930414232393732 ?pk=9B3290AB2972 GPGME 2011-02-03 03:18:38 <0x7fff7020eca0> _gpgme_io_write: check: 4339324242414641 4236394332333645 C92BBAFAB69C236E GPGME 2011-02-03 03:18:38 <0x7fff7020eca0> _gpgme_io_write: check: 3445353035303234 464145330d0a0d0a 4E505024FAE3.... GPGME 2011-02-03 03:18:38 <0x7fff7020eca0> _gpgme_io_write: check: 6945594541524544 41415946416b314b iEYEAREDAAYFAk1K GPGME 2011-02-03 03:18:38 <0x7fff7020eca0> _gpgme_io_write: check: 4546634143676b51 526f4f74654c5764 EFcACgkQRoOteLWd GPGME 2011-02-03 03:18:38 <0x7fff7020eca0> _gpgme_io_write: check: 56686f6b55774366 644f584e42363477 VhokUwCfdOXNB64w GPGME 2011-02-03 03:18:38 <0x7fff7020eca0> _gpgme_io_write: check: 6274524550707270 4345676755767546 btREPprpCEggUvuF GPGME 2011-02-03 03:18:38 <0x7fff7020eca0> _gpgme_io_write: check: 0d0a663467416e52 42444d4741527179 ..f4gAnRBDMGARqy GPGME 2011-02-03 03:18:38 <0x7fff7020eca0> _gpgme_io_write: check: 47437047312b6e62 546a495148724934 GCpG1+nbTjIQHrI4 GPGME 2011-02-03 03:18:38 <0x7fff7020eca0> _gpgme_io_write: check: 59530d0a3d52434e 550d0a2d2d2d2d2d YS..=RCNU..----- GPGME 2011-02-03 03:18:38 <0x7fff7020eca0> _gpgme_io_write: check: 454e442050475020 5349474e41545552 END PGP SIGNATUR GPGME 2011-02-03 03:18:38 <0x7fff7020eca0> _gpgme_io_write: check: 452d2d2d2d2d0d0a E-----.. GPGME 2011-02-03 03:18:38 <0x7fff7020eca0> _gpgme_io_write: check: 436f6e74656e742d 5472616e73666572 Content-Transfer GPGME 2011-02-03 03:18:38 <0x7fff7020eca0> _gpgme_io_write: check: 2d456e636f64696e 673a20376269740d -Encoding: 7bit. GPGME 2011-02-03 03:18:38 <0x7fff7020eca0> _gpgme_io_write: check: 0a436f6e74656e74 2d547970653a2074 .Content-Type: t GPGME 2011-02-03 03:18:38 <0x7fff7020eca0> _gpgme_io_write: check: 6578742f706c6169 6e3b0d0a09636861 ext/plain;...cha GPGME 2011-02-03 03:18:38 <0x7fff7020eca0> _gpgme_io_write: check: 727365743d75732d 61736369690d0a0d rset=us-ascii... GPGME 2011-02-03 03:18:38 <0x7fff7020eca0> _gpgme_io_write: check: 0a666f6f0d0a0d0a 626c61680d0a0d0a .foo....blah.... As this shows the signed data is different the 2nd time, a CR-LF-TAB sequence was inserted. _______________________________________________ gpgtools-users mailing list gpgtools-users@lists.gpgtools.org FAQ: http://www.gpgtools.org/faq.html Changes: http://lists.gpgtools.org/mailman/listinfo/gpgtools-users Unsubscribe: http://lists.gpgtools.org/mailman/options/gpgtools-users/arch...@mail-archive.com?unsub=Unsubscribe&unsubconfirm=1 This email sent to: arch...@mail-archive.com