I have a very curious and interesting oddity somewhere in my mail chain. So I have been going back and forth with the GPG folks for months now, racked up over 40 posts trying to solve this issue. And I think it’s time I brought you guys in and got your input as well.
Problem: Sending email signed with GPG on Apples mail.app fails with invalid signature when it is received. My current email transit looks like this: Mail is composed by mail.app, signed and sent. The mail then travels from my macbook pro to a local FreeBSD NAS box with spiped installed. It is one end of a spiped tunnel that forwards SMTP to my public server open-systems.net <http://open-systems.net/>. The first tunnel terminates there on port 26, where a second tunnel is created to forward port 26 to port 25 locally. Postfix picks up my mail sent from the macbook pro at this point and uses lmtp to send it to archiveopteryx. I then use my macbook pro to check open-systems.net <http://open-systems.net/> for mail and retrieve that mail. Whereby mail.app continues to tell me my gpg signature is invalid. The interesting thing here is if I click the exact same email in my “Sent” folder the signature is valid. Something happens to said email between postfix and retrieving it from archiveropteryx. Someone is mangling or changing something that is causing that signature to be invalid. Ive been dealing with this for almost a year now. The different between the sent mail whose signature is valid and the email I retrieve from archiveopteryx is the addition of the “Received From” header. Something is going on that is invalidating my gpg signature in mail.app.I am leaning now to ruling out gpg because it is being signed correctly, and it is valid if I click on it in the sent mail folder of mail.app. So it is during mail processing that something is happening that shouldn’t be causing my signature to be invalidated. Below I have attached the two RAW headers of the email in question. The first is the validly signed email that never leaves the macbook pro. The second header is the one that goes through postfix and archiveopteryx that results in an invalid signature with gpg in mail.app. From: Chris Watson <[email protected]> X-Pgp-Agent: GPGMail Content-Type: multipart/signed; boundary="Apple-Mail=_B4401E44-E54E-4C5E-8809-0D673F36F97B"; protocol="application/pgp-signature"; micalg=pgp-sha512 X-Smtp-Server: 8E456E59-5826-4131-A31B-BAD6010A63EB X-Universally-Unique-Identifier: E83EEDFA-E14F-4D6B-9FC9-2FE4790CF663 Subject: test 934589348593458349854 Date: Mon, 22 Feb 2016 17:48:26 -0600 Message-Id: <[email protected]> To: Chris Watson <[email protected]> Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3120\)) --Apple-Mail=_B4401E44-E54E-4C5E-8809-0D673F36F97B Content-Type: multipart/alternative; boundary="Apple-Mail=_A550BC6A-81C6-408E-9A41-B48934176EA5" --Apple-Mail=_A550BC6A-81C6-408E-9A41-B48934176EA5 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii pgp wheee Chris Watson, Open Systems [email protected] PGP Fingerprint: BE67 ED60 6BB0 6B1E 2EB8 95D0 4A35 6B4D F529 1D0 --Apple-Mail=_A550BC6A-81C6-408E-9A41-B48934176EA5 Content-Transfer-Encoding: 7bit Content-Type: text/html; charset=us-ascii <html><head><meta http-equiv="Content-Type" content="text/html charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">pgp wheee<div class=""><br class=""><div class=""> <div style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div class="">Chris Watson, Open Systems</div><div class=""><a href=“mailto:[email protected]"; class="">[email protected]</a></div><div class="">PGP Fingerprint: BE67 ED60 6BB0 6B1E 2EB8 95D0 4A35 6B4D F529 1D0</div></div></div> </div> <br class=""></div></body></html> --Apple-Mail=_A550BC6A-81C6-408E-9A41-B48934176EA5-- --Apple-Mail=_B4401E44-E54E-4C5E-8809-0D673F36F97B Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJWy55QAAoJEEo1a031KR0NrvkP/28a2goTv7Kkp/pRW2pc5xts sj8Yg+LK8913Ln9DfHOuOTgAt9LFQJqcvG5HRrS/5vu/CTTylLcxldmzJMk/y1at SfF7o7AuZvJ21LmliWuiBgOE6UQMARq5kBKiTRzj38pvWS/MH6LunJMEX03Q6H7f CCsSJF1tb8QlzWb/dHZgQX4kwfeisJg2ipwNH7gjLVba4P8BILppTNhxyebE9Dg2 CEgzSCtrMw0epye5mR3jgmBRrdKxTbw+/UHuEQJ5CNU+VWI17pUkXS6+jlWgryPU QGeOcPw7W8MtutLIcWhW57JzNLSrIi9xwUzGNvtTC6Vxi0uv4xti1PuOpd9vi4d8 tGtuyTOC0GtG5Z4mYzVu0V9MvGz3hHITTSzubndi7LFLQIq3EiLWP372wHwZJOv6 D8hOgVOOLLxuKwRaSiOuEJnlKecUwklplK2upeTy2nRZ7o2THFcSvxVPmLrwbCDq k8w0FsS2dTCF+vdU7mXgef9d68EAZWWX4cbq6Ufb4V61vCPfBdfILqy9F+nA+LO3 eEHZsn9PoDnAvPfV67ki9eamOfkUxYVbuDSFMl8Ec1ea0aSGs6GG/JPyWFnM61EF G4DbkBabgjrHi3Wc5z0elBX6iXZcUIQZZ9iXjo5Fm++VqZcoQySV5QeckBKEUxi0 sWCXzI5xefvuVNKM/jMz =oYmv -----END PGP SIGNATURE----- --Apple-Mail=_B4401E44-E54E-4C5E-8809-0D673F36F97B-- And now the one that is invalid: Return-Path: <[email protected]> Received: from 127.0.0.1 (HELO xxxx-xxxxxxx.net) by xxxx-xxxxxxx.net (Archiveopteryx 3.2.0) with lmtp id 1456180517-38651-967/8/18 for [email protected]; Mon, 22 Feb 2016 22:35:17 +0000 Received: from macbookpro.home.lan (localhost [127.0.0.1]) by open-systems.net (Postfix) with ESMTP id 18A522B657 for <[email protected]>; Mon, 22 Feb 2016 17:35:16 -0500 (EST) From: Chris Watson <[email protected]> X-Pgp-Agent: GPGMail Content-Type: multipart/signed; protocol="application/pgp-signature"; boundary="Apple-Mail=_B4401E44-E54E-4C5E-8809-0D673F36F97B"; micalg=pgp-sha512 Subject: test 934589348593458349854 Date: Mon, 22 Feb 2016 17:48:26 -0600 Message-Id: <[email protected]> To: Chris Watson <[email protected]> Mime-Version: 1.0 X-Mailer: Apple Mail (2.3120) --Apple-Mail=_B4401E44-E54E-4C5E-8809-0D673F36F97B Content-Type: multipart/alternative; boundary="Apple-Mail=_A550BC6A-81C6-408E-9A41-B48934176EA5" --Apple-Mail=_A550BC6A-81C6-408E-9A41-B48934176EA5 pgp wheee Chris Watson, Open Systems [email protected] PGP Fingerprint: BE67 ED60 6BB0 6B1E 2EB8 95D0 4A35 6B4D F529 1D0 --Apple-Mail=_A550BC6A-81C6-408E-9A41-B48934176EA5 Content-Transfer-Encoding: quoted-printable Content-Type: text/html <html><head><meta http-equiv=3D"Content-Type" content=3D"text/html = charset=3Dus-ascii"></head><body style=3D"word-wrap: break-word; = -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" = class=3D"">pgp wheee<div class=3D""><br class=3D""><div class=3D""> <div style=3D"color: rgb(0, 0, 0); letter-spacing: normal; orphans: = auto; text-align: start; text-indent: 0px; text-transform: none; = white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke= -width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-lin= e-break: after-white-space;" class=3D""><div style=3D"color: rgb(0, 0, = 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent= : 0px; text-transform: none; white-space: normal; widows: auto; word-spac= ing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; = -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" = class=3D""><div class=3D"">Chris Watson, Open Systems</div><div class=3D"= "><a href=3D”mailto:[email protected]"; class=3D"">chris@xxxx-xxxxxxx= .net</a></div><div class=3D"">PGP Fingerprint: BE67 ED60 6BB0 6B1E = 2EB8 95D0 4A35 6B4D F529 1D0</div></div></div> </div> <br class=3D""></div></body></html> --Apple-Mail=_A550BC6A-81C6-408E-9A41-B48934176EA5-- --Apple-Mail=_B4401E44-E54E-4C5E-8809-0D673F36F97B Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0NCkNvbW1lbnQ6IEdQR1Rvb2xzIC0gaHR0 cHM6Ly9ncGd0b29scy5vcmcNCg0KaVFJY0JBRUJDZ0FHQlFKV3k1NVFBQW9KRUVvMWEwMzFL UjBOcnZrUC8yOGEyZ29UdjdLa3AvcFJXMnBjNXh0cw0Kc2o4WWcrTEs4OTEzTG45RGZIT3VP VGdBdDlMRlFKcWN2RzVIUnJTLzV2dS9DVFR5bExjeGxkbXpKTWsveTFhdA0KU2ZGN283QXVa dkoyMUxtbGlXdWlCZ09FNlVRTUFScTVrQktpVFJ6ajM4cHZXUy9NSDZMdW5KTUVYMDNRNkg3 Zg0KQ0NzU0pGMXRiOFFseldiL2RIWmdRWDRrd2ZlaXNKZzJpcHdOSDdnakxWYmE0UDhCSUxw cFROaHh5ZWJFOURnMg0KQ0VnelNDdHJNdzBlcHllNW1SM2pnbUJScmRLeFRidysvVUh1RVFK NUNOVStWV0kxN3BVa1hTNitqbFdncnlQVQ0KUUdlT2NQdzdXOE10dXRMSWNXaFc1N0p6TkxT cklpOXh3VXpHTnZ0VEM2VnhpMHV2NHh0aTFQdU9wZDl2aTRkOA0KdEd0dXlUT0MwR3RHNVo0 bVl6VnUwVjlNdkd6M2hISVRUU3p1Ym5kaTdMRkxRSXEzRWlMV1AzNzJ3SHdaSk92Ng0KRDho T2dWT09MTHh1S3dSYVNpT3VFSm5sS2VjVXdrbHBsSzJ1cGVUeTJuUlo3bzJUSEZjU3Z4VlBt THJ3YkNEcQ0Kazh3MEZzUzJkVENGK3ZkVTdtWGdlZjlkNjhFQVpXV1g0Y2JxNlVmYjRWNjF2 Q1BmQmRmSUxxeTlGK25BK0xPMw0KZUVIWnNuOVBvRG5BdlBmVjY3a2k5ZWFtT2ZrVXhZVmJ1 RFNGTWw4RWMxZWEwYVNHczZHRy9KUHlXRm5NNjFFRg0KRzREYmtCYWJnanJIaTNXYzV6MGVs Qlg2aVhaY1VJUVpaOWlYam81Rm0rK1ZxWmNvUXlTVjVRZWNrQktFVXhpMA0Kc1dDWHpJNXhl ZnZ1Vk5LTS9qTXoNCj1vWW12DQotLS0tLUVORCBQR1AgU0lHTkFUVVJFLS0tLS0NCg== --Apple-Mail=_B4401E44-E54E-4C5E-8809-0D673F36F97B-- Any thoughts? Ideas? Ways to debug wtf is going on to invalidate the pgp signature? Chris Watson, Open Systems [email protected] PGP Fingerprint: BE67 ED60 6BB0 6B1E 2EB8 95D0 4A35 6B4D F529 1D0
signature.asc
Description: Message signed with OpenPGP using GPGMail
