[RCD] RC 1.2.1 - Enigma signed e-mail validation failure

sgironella at schema31.it sgironella at schema31.it
Wed Jul 27 16:11:27 CEST 2016


Hi. I'm facing a strange behaviour on latest RC version.

I've enabled Enigma plugin and I'm able to create my key pairs, sign and
encrypt messages.

The strange thing is I couldn't verify signed messages at all, even if
decryption in perfectly working.

I've debugged GPG class
(vendor/pear-pear.php.net/Crypt_GPG/Crypt/GPG.php) to verify what he was
doing and why sign validation always fails. 

Within _SIGN() method, I've added following lines to log what he was
going to sign:

_$rc = rcmail::get_instance();_
_$rc->console('---------------------------------');_
_$rc->console('SIGN INPUT');_
_$rc->console($input);_
_$rc->console('---------------------------------');_ 

Same thing within _VERIFY() method, to log what is going to verify:

_$rc = rcmail::get_instance();_
_$rc->console('---------------------------------');_
_$rc->console('VERIFY INPUT');_
_$rc->console($input);_
_$rc->console('---------------------------------');_
_$rc->console('VERIFY SIGNATURE');_
_$rc->console($signature);_
_$rc->console('---------------------------------');_ 

Here is my full output for the sequence: 

 	* user send a new signed email to himself
 	* user goes to inbox and open signed e-mail

I've noticed that the signed message has an extra newline between main
headers and body (take a look at the highlited rows) so I thing that's
why sign verification fails (content doesn't match with original
message). 

_[27-Jul-2016 15:10:38 +0200]: <cmnloql4>
---------------------------------_
_[27-Jul-2016 15:10:38 +0200]: <cmnloql4> SIGN INPUT_
_[27-JUL-2016 15:10:38 +0200]: <CMNLOQL4> CONTENT-TYPE:
MULTIPART/ALTERNATIVE;_
_ BOUNDARY="=_944CBD90B0D51928FF049222817A4B03"_

_--=_944CBD90B0D51928FF049222817A4B03_
_Content-Transfer-Encoding: 7bit_
_Content-Type: text/plain; charset=US-ASCII_

_This is an HTML content..._
_--=_944cbd90b0d51928ff049222817a4b03_
_Content-Transfer-Encoding: quoted-printable_
_Content-Type: text/html; charset=UTF-8_

_<html><head><meta http-equiv=3D"Content-Type" content=3D"text/html;
charset=_
_=3DUTF-8" /></head><body style=3D'font-size: 10pt; font-family:
Verdana,Gen=_
_eva,sans-serif'>_
_<p>This is an HTML content...</p>_
_</body></html>_

_--=_944cbd90b0d51928ff049222817a4b03--_

_[27-Jul-2016 15:10:38 +0200]: <cmnloql4>
---------------------------------_
_[27-Jul-2016 15:10:45 +0200]: <cmnloql4>
---------------------------------_
_[27-Jul-2016 15:10:45 +0200]: <cmnloql4> VERIFY INPUT_
_[27-JUL-2016 15:10:45 +0200]: <CMNLOQL4> CONTENT-TYPE:
MULTIPART/ALTERNATIVE;_
_ BOUNDARY="=_944CBD90B0D51928FF049222817A4B03"_

_--=_944CBD90B0D51928FF049222817A4B03_
_Content-Transfer-Encoding: 7bit_
_Content-Type: text/plain; charset=US-ASCII_

_This is an HTML content..._
_--=_944cbd90b0d51928ff049222817a4b03_
_Content-Transfer-Encoding: quoted-printable_
_Content-Type: text/html; charset=UTF-8_

_<html><head><meta http-equiv=3D"Content-Type" content=3D"text/html;
charset=_
_=3DUTF-8" /></head><body style=3D'font-size: 10pt; font-family:
Verdana,Gen=_
_eva,sans-serif'>_
_<p>This is an HTML content...</p>_
_</body></html>_

_--=_944cbd90b0d51928ff049222817a4b03--_

_[27-Jul-2016 15:10:45 +0200]: <cmnloql4>
---------------------------------_
_[27-Jul-2016 15:10:45 +0200]: <cmnloql4> VERIFY SIGNATURE_
_[27-Jul-2016 15:10:45 +0200]: <cmnloql4> -----BEGIN PGP SIGNATURE-----_
_Version: GnuPG v1_

_iQEcBAEBAgAGBQJXmLLOAAoJEB1v3mO3A8Wpz6QH/015jrt7YkfGT8pE1nyjpHHe_
_JoCEmugkpmEgJ6wjTgU1SHQos5l1mKqFhsrzpdNghO11yqB/NxOjxOpqSkE9c9c1_
_dXr/H53cLfqPULMD5dqGBFua180BUdLAQ0Nvyll7kD8Y/irU5ccrwA1e3Cb9RYp0_
_sGplLYcD7pPKthCGQfFzPslL9Fj82MBJigm46cKa7pqYhJDNkM4q4zsqtNXcTUqB_
_HcFhEL3+Q21bAbie+B8hDw2SUYGEZORf+sLUrW1oQLLG5ld6XZywCDDKdpq6F+ET_
_OzVaXta8cMIg5dwP/10VALlqYavlzjY/0h7lBmEgm5W/ehs7XuReur45LsS1KJg=_
_=Q6j9_
_-----END PGP SIGNATURE-----_

_[27-Jul-2016 15:10:45 +0200]: <cmnloql4>
--------------------------------_

Anyone is facing the same issue? 

Maybe it's not an Enigma related issue but a Roundcube behaviour because
it happes even on not signed e-mails (but in this case it doesn't bother
at all).

Any help would be really appreciate.

Thanks. 

Stefano
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.roundcube.net/pipermail/dev/attachments/20160727/8088fe8d/attachment.html>


More information about the dev mailing list