[RCD] RC 1.2.1 - Enigma signed e-mail validation failure

Andrea Brancatelli abrancatelli at schema31.it
Thu Jul 28 15:29:20 CEST 2016


Hello Alec, 

just as a confirm of your hypothesis, if you look at the raw source of
the message within Roundcube (Action -> show source) it's layout is
different from the one that gets thrown at gpg. 

This is the very same mail: 

RAW SOURCE: 

[....]

Message-ID: <5d3b75e68692f4a51fa1d361fdc6d1f1 at brancatelli.it>
X-Sender: andrea at brancatelli.it
User-Agent: Roundcube Webmail/1.2.1

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)

--=_ad16315c31f34b75fe12de9a5f6ff9c3
Content-Type: multipart/mixed;
 boundary="=_0c2026a878accfb67f4729bf2f2a522d"

--=_0c2026a878accfb67f4729bf2f2a522d
Content-Type: multipart/alternative;
 boundary="=_4f6a45d8f3d31b8528676bb2b9630c46"

--=_4f6a45d8f3d31b8528676bb2b9630c46
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=US-ASCII

[...] 

CONSOLE LOG: 

[...] 

[28-Jul-2016 15:19:22 +0200]: <s4r01i4d>
---------------------------------
[28-Jul-2016 15:19:22 +0200]: <s4r01i4d> VERIFY INPUT
[28-Jul-2016 15:19:22 +0200]: <s4r01i4d> CONTENT-TYPE: MULTIPART/MIXED;
BOUNDARY="=_0C2026A878ACCFB67F4729BF2F2A522D"^M
^M
--=_0c2026a878accfb67f4729bf2f2a522d^M
Content-Type: multipart/alternative;^M
 boundary="=_4f6a45d8f3d31b8528676bb2b9630c46"^M
^M
--=_4f6a45d8f3d31b8528676bb2b9630c46^M
Content-Transfer-Encoding: 7bit^M
Content-Type: text/plain; charset=US-ASCII^M
^M
Mail firmata mandata tramite potassio.^M
--=_4f6a45d8f3d31b8528676bb2b9630c46^M
Content-Transfer-Encoding: quoted-printable^M
Content-Type: text/html; charset=UTF-8^M 

[...]

---

Andrea Brancatelli
Schema31 S.p.a.
Responsabile IT

ROMA - BO - FI - PA 
ITALY
Tel: +39.06.98.358.472
Cell: +39.331.2488468
Fax: +39.055.71.880.466
Società del Gruppo SC31 ITALIA

Il 2016-07-28 11:28 A.L.E.C ha scritto:

> On 07/28/2016 10:54 AM, sgironella at schema31.it wrote: 
> 
>> Enabled IMAP and SMTP debug (see attachments) and tested against a
>> DBMail internal mail server and an external one (GMail to simplify test
>> repeatability).
>> 
>> Attached files are related to the GMail session.
>> 
>> As you can see, IMAP response differs on main mime part headers
>> structure, so i think that's the reason for sign verification failure.
> 
> I created a ticket for this issue
> https://github.com/roundcube/roundcubemail/issues/5371
> 
> I don't see a simple workaround now, we'd need to get the whole signed
> message body and parse it instead of fetching headers and body of the
> first part separately. I'll take a look at this over the weekend.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.roundcube.net/pipermail/dev/attachments/20160728/3e02b2a4/attachment.html>


More information about the dev mailing list