Re: Wrong Signature with GPG - gpg.rc
Hello Thorsten, On Thursday, July 11, 2002 at 11:24:36 PM +0200, Thorsten Haude wrote: [-- PGP output follows (current time: Don 11 Jul 2002 23:06:04 CEST) --] gpg: Warnung: Sensible Daten könnten auf Platte ausgelagert werden. gpg: Unterschrift vom Son 09 Jun 2002 19:12:09 CEST, DSA Schlüssel ID 7B9F4700 gpg: FALSCHE Unterschrift von David T-G [EMAIL PROTECTED] [-- Ende der PGP-Ausgabe --] Found this one list message, and it verifies correctly here. Please copy it to a temporary mailbox, gzip it and send it to me privately attached. I also see another error, where Mutt displays an empty line between the (correct) GPG output and the marker: '[-- Ende der PGP-Ausgabe --]' and won't verify the mail. Happens only, but always, with traditional PGP? Then setting $pgp_good_sign correctly should solve it. Otherwise, try the wrapper script given in [EMAIL PROTECTED] some monthes ago. Bye!Alain.
Re: Wrong Signature with GPG - gpg.rc
Hi, * Alain Bench [02-07-15 23:15:53 +0200] wrote: On Thursday, July 11, 2002 at 11:24:36 PM +0200, Thorsten Haude wrote: I also see another error, where Mutt displays an empty line between the (correct) GPG output and the marker: '[-- Ende der PGP-Ausgabe --]' and won't verify the mail. Happens only, but always, with traditional PGP? Then setting $pgp_good_sign correctly should solve it. I was pointed to bug #856 which makes mutt think a signature is bad if $pgp_good_sign didn't match. But it cannot match if it is empty (other regexp implementations return a match of an empty regexp against a non-empty string; mutt doesn't). This only affects $pgp_check_traditional which should be fixed by the attached patch (not by me and untested but it made into the debian package for mutt). The bug report was rejected with the hint to set $pgp_good_sign correctly. But IMO it should work without setting it, too. bye, Rocco --- pgp.c-orig Sun Nov 25 15:09:03 2001 +++ pgp.c Sun Nov 25 15:09:08 2001 -384,9 +384,13 rc = pgp_copy_checksig (pgperr, s-fpout); if (rc == 0) have_any_sigs = 1; - if (rc || rv) + /* Sig is bad if gpg_good_sign-pattern did not match || + * pgp_decode_command returned not 0 + * Sig _is_ correct if gpg_good_sign= pgp_decode_command + * returned 0 */ + if (rc==-1 || rv) maybe_goodsig = 0; } safe_fclose (pgperr);
Re: Wrong Signature with GPG - gpg.rc
Hi, * Rocco Rutte [EMAIL PROTECTED] [02-07-13 15:56]: We have two cases: One is verified by GPG but not by Mutt, the other one is rejected by both GPG and Mutt. The second case is solved for me since those mails made the broken GMX mbox parser react. Oh well, so I have the same problem with a different reason. Shouldn't this discussion be off list? I'm not sure. As I said, Mutt seems to be involved more than other MUAs. I also don't know where else to look, as I don't have other systematic problems with my mails. Thorsten -- Sometimes it seems things go by too quickly. We are so busy watching out for what's just ahead of us that we don't take the time to enjoy where we are. - Calvin
Re: Wrong Signature with GPG - gpg.rc
Moin, * Rocco Rutte [EMAIL PROTECTED] [02-07-13 20:17]: * Thorsten Haude [02-07-13 15:24:58 +0200] wrote: We have two cases: One is verified by GPG but not by Mutt, Well, I've been asking in a de.ALL newsgroup for help on this issue. The solution (which works, whhooo! ;-) is: + set pgp_good_sign=^\\[GNUPG:\\] VALIDSIG + add '--status-fd=2' to the following commands: pgp_decode_command pgp_verify_command pgp_decrypt_command Doesn't work here. I get the additional status line, but still no verification. I'll subscribe with an address from another subscriber to see if there's any difference. Thorsten -- Violence is the last refuge of the incompetent - Isaac Asimov
Re: Wrong Signature with GPG - gpg.rc
Hi, * Phil Gregory [EMAIL PROTECTED] [02-07-12 01:55]: * Thorsten Haude [EMAIL PROTECTED] [2002-07-11 23:24 +0200]: A lot of the mails i have problems with are form David (no GMX). IIRC, the last time a thread came up where people were having problems in David's emails not verifying, the problem was traced to an MTA that was improperly quoting/unquoting the leading dots in his attribution line. Could you point me to the thread or could you suggest some keywords to google for? Thorsten -- Sometimes it seems things go by too quickly. We are so busy watching out for what's just ahead of us that we don't take the time to enjoy where we are. - Calvin
Re: Wrong Signature with GPG - gpg.rc
Hi, * Rocco Rutte [EMAIL PROTECTED] [02-07-11 23:41]: * Thorsten Haude [02-07-11 23:25:41 +0200] wrote: * Rocco Rutte [EMAIL PROTECTED] [02-07-11 22:29]: * Thorsten Haude [02-07-11 22:10:53 +0200] wrote: * Rocco Rutte [EMAIL PROTECTED] [02-07-11 21:33]: A lot of the mails i have problems with are form David (no GMX). I checked some others with the same problem, also no GMX. To clear things up: GMX on the receiving and not on the sending side. I see. That's no problem here. I sure tried to follow that thread but David's mails are much harder to read than the others. Because of the quoting? ;-) His tips entirely dealed with GPG. I can look it up and tell you the message-id. Yup, the quoting. I read mails by color, and David's are uncolored but much more bumpy than the average tofu mail. You can easily add '%' to the list of known quoting character to make his mails colored, too. I know. What I don't know is why he is doing it in the first place, esp. because otherwise he doesn't seem to try to be a pita, quite the contrary. What I see is this: [-- PGP output follows (current time: Don 11 Jul 2002 23:06:04 CEST) --] gpg: Warnung: Sensible Daten könnten auf Platte ausgelagert werden. gpg: Unterschrift vom Son 09 Jun 2002 19:12:09 CEST, DSA Schlüssel ID 7B9F4700 gpg: FALSCHE Unterschrift von David T-G [EMAIL PROTECTED] [-- Ende der PGP-Ausgabe --] Same here (in English, of course). After repairing what GMX broke I don't get any of these anymore. What I still have is that GPG says it's okay while mutt claims it isn't. I can't see how this could happen (according to the documented GPG return codes). So I seem to have the GMX problem without GMX. Could you tell me what exactly I should be looking for in the mboxes? Could you send be your solution? What are the effects of the problem you still have? All I could see here is that the status column is not changed from 's' to 'S'. It would be really interesting to compare the raw message of one you can't verify to one somebody else can. What raw message? So nothing about verbose GPG output. With 'verbose' I mean what we get. S/MIME produces only a one-liner. What would be verbose the way you think of? We have two cases: One is verified by GPG but not by Mutt, the other one is rejected by both GPG and Mutt. In the first case, you can verify the signature yourself with the verbose output of GPG displayed by Mutt, in the second case you can't. Thanks for your time, Thorsten -- When bad men combine, the good must associate; else they will fall one by one, an unpitied sacrifice in a contemptible struggle. - Edmund Burke
Re: Wrong Signature with GPG - gpg.rc
Hi, * Derrick 'dman' Hudson [EMAIL PROTECTED] [02-07-12 21:03]: On Thu, Jul 11, 2002 at 10:29:47PM +0200, Rocco Rutte wrote: | * Thorsten Haude [02-07-11 22:10:53 +0200] wrote: | Could you tell more about this? How did you identify the | broken MTA and what did you do to fix it? | | Someone else found out that GMX escapes 'from' at the | beginning of a line to 'from' which was the reason why I | could not verify a few mails. It's a short sed/python/perl | solution to remove it again. As I said, a few still remain. Actually, that MDA MUST do that mangling, or else your mbox will be corrupted. That's the problem with mbox. As a workaround, the PGP/MIME RFCs recommend that the sending MUA use quoted-printable, and escape all From_ lines before transmitting the message. So the sending MUA (Mutt) doesn't? I use maildir as my delivery format, so no message mangling is needed. I tried Maildir once, but it was abysmally slow here. Thorsten -- I say, if your knees aren't green by the end of the day, you ought to seriously re-examine your life. - Calvin
Re: Wrong Signature with GPG - gpg.rc
Hi, * Thorsten Haude [02-07-13 15:24:58 +0200] wrote: * Rocco Rutte [EMAIL PROTECTED] [02-07-11 23:41]: So I seem to have the GMX problem without GMX. Could you tell me what exactly I should be looking for in the mboxes? Could you send be your solution? My solution is to run the body of every mail through: sed 's/^from/from' and sed 's/^From/From' But that won't help you. If you like I can post Gerhard Häring's Python solution, too (he tracked the problem down to GMX). What are the effects of the problem you still have? All I could see here is that the status column is not changed from 's' to 'S'. Right, that's the only effect left after commenting out the two lines of code. It would be really interesting to compare the raw message of one you can't verify to one somebody else can. What raw message? The part of the mbox because allthough the decoded messages may be the same, the raw encoded need not. We have two cases: One is verified by GPG but not by Mutt, the other one is rejected by both GPG and Mutt. The second case is solved for me since those mails made the broken GMX mbox parser react. The first case is what I'm talking about. What I have to mention is that I noticed (when I first noticed the problem) all such mails to non- PGP/MIME mails. Maybe this is important. I had a procmail rule (from mutt documentation) which removes the content- type 'plain' and sets something more suitable. I removed it (because of pgp_check_traditional) but the majority still has inline signatures. Shouldn't this discussion be off list? bye, Rocco
Re: Wrong Signature with GPG - gpg.rc
Hi, * Derrick 'dman' Hudson [02-07-13 00:12:42 +0200] wrote: On Thu, Jul 11, 2002 at 10:29:47PM +0200, Rocco Rutte wrote: | * Thorsten Haude [02-07-11 22:10:53 +0200] wrote: | Could you tell more about this? How did you identify the | broken MTA and what did you do to fix it? | Someone else found out that GMX escapes 'from' at the | beginning of a line to 'from' which was the reason why I | could not verify a few mails. It's a short sed/python/perl | solution to remove it again. As I said, a few still remain. Actually, that MDA MUST do that mangling, or else your mbox will be corrupted. No, the parser is just broken. No matter why a piece of software changes message bodies, changing bodies is always a bad idea since it breaks more things than it attempts to repair. That's the problem with mbox. I don't think GMX uses mbox internally. But even if they did, there're other possibilities than to change bodies. The 'Content-Length' header is just one. Not to store mails in mbox another. The most simple solution is, IMHO, just to set a Content- Length header and further parse a From_ line in the message body. As a workaround, the PGP/MIME RFCs recommend that the sending MUA use quoted-printable, and escape all From_ lines before transmitting the message. Well, such issues require software authors to have lots of knowledge of what exactly they're dealing with. There're MUA which even can't handle threading or header encoding. Not talking about escaping From_ lines in bodies. Mutt not only is great from an ordinary user's point of view because of its configurability. It also does correct header encoding, threading and MIME handling. Including such cool features like escaping From_ lines and leading dots. bye, Rocco
Re: Wrong Signature with GPG - gpg.rc
Hi, * Thorsten Haude [02-07-13 15:24:59 +0200] wrote: [ QP encode mails if From_ lines in body ] So the sending MUA (Mutt) doesn't? Mutt does if $encode_from is set. bye, Rocco
Re: Wrong Signature with GPG - gpg.rc
Hi, * Thorsten Haude [02-07-13 15:24:58 +0200] wrote: We have two cases: One is verified by GPG but not by Mutt, Well, I've been asking in a de.ALL newsgroup for help on this issue. The solution (which works, whhooo! ;-) is: + set pgp_good_sign=^\\[GNUPG:\\] VALIDSIG + add '--status-fd=2' to the following commands: pgp_decode_command pgp_verify_command pgp_decrypt_command The disadvantage is that this extends the GPG output with status output. This contains [GNUPG:] VALIDSIG ... if a signature is valid and this output matches $pgp_good_sign. Maybe this isn't new since the value for $pgp_good_sign is Debian-only, what I didn't know is that I have to add '--status-fd=2' to those commands. I'm thinking about sending a mail to mutt-dev with a patch to suggest including it in the official release. It definitely looks better than the ugly hack: ,[ /tmp/mutt-1.4/contrib/gpg.rc ]- | # pattern for good signature - may need to be adapted to locale! | | # set pgp_good_sign=^gpg: Good signature from | | # OK, here's a version which uses gnupg's message catalog: | set pgp_good_sign=`gettext -d gnupg -s 'Good signature from ' | tr -d ''` `- Left are mails which cannot be verified at all. And I guess this is not mutt-related. bye, Rocco
Re: Wrong Signature with GPG - gpg.rc
Hi, * Phil Gregory [02-07-12 18:48:10 +0200] wrote: * Thorsten Haude [EMAIL PROTECTED] [2002-07-11 23:24 +0200]: A lot of the mails i have problems with are form David (no GMX). IIRC, the last time a thread came up where people were having problems in David's emails not verifying, the problem was traced to an MTA that was improperly quoting/unquoting the leading dots in his attribution line. I remember that but can't recall who it was. But IIRC it was an local MTA/mail configuration so it was only the reason for one user. Thorsten and I (maby others, too) still have problems. bye, Rocco
Re: Wrong Signature with GPG - gpg.rc
On Thu, Jul 11, 2002 at 10:29:47PM +0200, Rocco Rutte wrote: | * Thorsten Haude [02-07-11 22:10:53 +0200] wrote: | Could you tell more about this? How did you identify the | broken MTA and what did you do to fix it? | | Someone else found out that GMX escapes 'from' at the | beginning of a line to 'from' which was the reason why I | could not verify a few mails. It's a short sed/python/perl | solution to remove it again. As I said, a few still remain. Actually, that MDA MUST do that mangling, or else your mbox will be corrupted. That's the problem with mbox. As a workaround, the PGP/MIME RFCs recommend that the sending MUA use quoted-printable, and escape all From_ lines before transmitting the message. (though if that GMX MDA was actually manging 'from' lines, then I'll agree that it is broken) | Since some people don't have problems at all, I don't | believe in a mutt problem anymore but in an MTA and MDA | issue (MTAs, fetchmail, procmail and the like). Right. I use maildir as my delivery format, so no message mangling is needed. | David provided some other tips which didn't help for me. | | I sure tried to follow that thread but David's mails are | much harder to read than the others. | | Because of the quoting? ;-) Yeah, but this didn't work for me : au FileType mail set comments+=n:\|,n:% My quoting is colored properly. When I run :set comments?, I see the % added as a comment character, but the coloring doesn't change. Any ideas on that? (using vim as the pager, btw) -D -- Piracy is not a technological issue. It's a behavior issue. --Steve Jobs http://dman.ddts.net/~dman/ msg29589/pgp0.pgp Description: PGP signature
Re: Wrong Signature with GPG - gpg.rc
Hi, * Sven Guckes [EMAIL PROTECTED] [02-07-11 01:30]: * Thorsten Haude [EMAIL PROTECTED] [2002-07-10 21:19]: For quite some time I have a problem veryfying PGP signatures. I get 'Falsche Unterschrift' (wrong signature) messages on these mails though others seem to be able to verify them. [...] I use GnuPG 1.0.6. :source contrib/gpg.rc does it help? Nope. feedback, please! Sure; let me know if you come up with other things that could clear this up. Thorsten -- Alles ist richtig, auch das Gegenteil. - Kurt Tucholsky
Re: Wrong Signature with GPG - gpg.rc
Hi, * Thorsten Haude [02-07-11 21:28:53 +0200] wrote: * Sven Guckes [EMAIL PROTECTED] [02-07-11 01:30]: :source contrib/gpg.rc does it help? Nope. That was one of the first things I did when I discovered those problems. Now that I know that a MTA in my mailpath has a broken mbox parser I can verify a few of those bad mails. A few which I can't verify remain. David provided some other tips which didn't help for me. So I just commented out the code producing the message in mutt (Signature could NOT be verified). It's ugly but it works for me. bye, Rocco
Re: Wrong Signature with GPG - gpg.rc
Hi, * Rocco Rutte [EMAIL PROTECTED] [02-07-11 21:33]: * Thorsten Haude [02-07-11 21:28:53 +0200] wrote: * Sven Guckes [EMAIL PROTECTED] [02-07-11 01:30]: :source contrib/gpg.rc does it help? Nope. That was one of the first things I did when I discovered those problems. Now that I know that a MTA in my mailpath has a broken mbox parser I can verify a few of those bad mails. A few which I can't verify remain. Could you tell more about this? How did you identify the broken MTA and what did you do to fix it? David provided some other tips which didn't help for me. I sure tried to follow that thread but David's mails are much harder to read than the others. So I just commented out the code producing the message in mutt (Signature could NOT be verified). It's ugly but it works for me. Errr.. That means you disabled verifying? Thorsten -- The true danger is when liberty is nibbled away for expedients. - Edmund Burke
Re: Wrong Signature with GPG - gpg.rc
Hi, * Thorsten Haude [02-07-11 22:10:53 +0200] wrote: * Rocco Rutte [EMAIL PROTECTED] [02-07-11 21:33]: That was one of the first things I did when I discovered those problems. Now that I know that a MTA in my mailpath has a broken mbox parser I can verify a few of those bad mails. A few which I can't verify remain. Could you tell more about this? How did you identify the broken MTA and what did you do to fix it? Someone else found out that GMX escapes 'from' at the beginning of a line to 'from' which was the reason why I could not verify a few mails. It's a short sed/python/perl solution to remove it again. As I said, a few still remain. Since some people don't have problems at all, I don't believe in a mutt problem anymore but in an MTA and MDA issue (MTAs, fetchmail, procmail and the like). A start would be to compare the raw messages affected with the orignal by the author (those discussions should be moved off list) and to collect some information about the mail configurations involved. David provided some other tips which didn't help for me. I sure tried to follow that thread but David's mails are much harder to read than the others. Because of the quoting? ;-) His tips entirely dealed with GPG. I can look it up and tell you the message-id. So I just commented out the code producing the message in mutt (Signature could NOT be verified). It's ugly but it works for me. Errr.. That means you disabled verifying? No. I just stoped mutt reporting about the verification. The GPG output I see is verbose enough, IMO. Someone could easily fool me with faked GPG reports this way... I know. bye, Rocco
Re: Wrong Signature with GPG - gpg.rc
Hi, * Rocco Rutte [EMAIL PROTECTED] [02-07-11 22:29]: * Thorsten Haude [02-07-11 22:10:53 +0200] wrote: * Rocco Rutte [EMAIL PROTECTED] [02-07-11 21:33]: That was one of the first things I did when I discovered those problems. Now that I know that a MTA in my mailpath has a broken mbox parser I can verify a few of those bad mails. A few which I can't verify remain. Could you tell more about this? How did you identify the broken MTA and what did you do to fix it? Someone else found out that GMX escapes 'from' at the beginning of a line to 'from' which was the reason why I could not verify a few mails. It's a short sed/python/perl solution to remove it again. As I said, a few still remain. A lot of the mails i have problems with are form David (no GMX). I checked some others with the same problem, also no GMX. David provided some other tips which didn't help for me. I sure tried to follow that thread but David's mails are much harder to read than the others. Because of the quoting? ;-) His tips entirely dealed with GPG. I can look it up and tell you the message-id. Yup, the quoting. I read mails by color, and David's are uncolored but much more bumpy than the average tofu mail. So I just commented out the code producing the message in mutt (Signature could NOT be verified). It's ugly but it works for me. Errr.. That means you disabled verifying? No. I just stoped mutt reporting about the verification. The GPG output I see is verbose enough, IMO. I think we are talking about two different things here. What I see is this: [-- PGP output follows (current time: Don 11 Jul 2002 23:06:04 CEST) --] gpg: Warnung: Sensible Daten könnten auf Platte ausgelagert werden. gpg: Unterschrift vom Son 09 Jun 2002 19:12:09 CEST, DSA Schlüssel ID 7B9F4700 gpg: FALSCHE Unterschrift von David T-G [EMAIL PROTECTED] [-- Ende der PGP-Ausgabe --] Warning: Sensitive data could be swapped to disk. Signature from (...) WRONG Signature from (...) So nothing about verbose GPG output. I also see another error, where Mutt displays an empty line between the (correct) GPG output and the marker: '[-- Ende der PGP-Ausgabe --]' and won't verify the mail. Is this the one you see? Thorsten -- Question Authority!
Re: Wrong Signature with GPG - gpg.rc
Hi, * Thorsten Haude [02-07-11 23:25:41 +0200] wrote: * Rocco Rutte [EMAIL PROTECTED] [02-07-11 22:29]: * Thorsten Haude [02-07-11 22:10:53 +0200] wrote: * Rocco Rutte [EMAIL PROTECTED] [02-07-11 21:33]: A lot of the mails i have problems with are form David (no GMX). I checked some others with the same problem, also no GMX. To clear things up: GMX on the receiving and not on the sending side. I sure tried to follow that thread but David's mails are much harder to read than the others. Because of the quoting? ;-) His tips entirely dealed with GPG. I can look it up and tell you the message-id. Yup, the quoting. I read mails by color, and David's are uncolored but much more bumpy than the average tofu mail. You can easily add '%' to the list of known quoting character to make his mails colored, too. No. I just stoped mutt reporting about the verification. The GPG output I see is verbose enough, IMO. I think we are talking about two different things here. Not really, see below. What I see is this: [-- PGP output follows (current time: Don 11 Jul 2002 23:06:04 CEST) --] gpg: Warnung: Sensible Daten könnten auf Platte ausgelagert werden. gpg: Unterschrift vom Son 09 Jun 2002 19:12:09 CEST, DSA Schlüssel ID 7B9F4700 gpg: FALSCHE Unterschrift von David T-G [EMAIL PROTECTED] [-- Ende der PGP-Ausgabe --] Same here (in English, of course). After repairing what GMX broke I don't get any of these anymore. What I still have is that GPG says it's okay while mutt claims it isn't. I can't see how this could happen (according to the documented GPG return codes). It would be really interesting to compare the raw message of one you can't verify to one somebody else can. So nothing about verbose GPG output. With 'verbose' I mean what we get. S/MIME produces only a one-liner. What would be verbose the way you think of? bye, Rocco
Re: Wrong Signature with GPG - gpg.rc
* Thorsten Haude [EMAIL PROTECTED] [2002-07-11 23:24 +0200]: A lot of the mails i have problems with are form David (no GMX). IIRC, the last time a thread came up where people were having problems in David's emails not verifying, the problem was traced to an MTA that was improperly quoting/unquoting the leading dots in his attribution line. -- [EMAIL PROTECTED] / DNRC / UMBC-LUG: http://lug.umbc.edu PGP: ID: D8C75CF5 print: 0A7D B3AD 2D10 1099 7649 AB64 04C2 05A6 --- -- Lennier, get us the hell out of here. Initiating 'getting the hell out of here' maneuver. -- Ivanova and Lennier (Babylon 5, The Hour of the Wolf) --- --
Re: Wrong Signature with GPG - gpg.rc
* Thorsten Haude [EMAIL PROTECTED] [2002-07-10 21:19]: For quite some time I have a problem veryfying PGP signatures. I get 'Falsche Unterschrift' (wrong signature) messages on these mails though others seem to be able to verify them. [...] I use GnuPG 1.0.6. :source contrib/gpg.rc does it help? feedback, please! Sven