Problem with validating s/mime signature from kmail

Andreas Petzold ap396088 at rcs.urz.tu-dresden.de
Sat Jun 24 00:33:27 CEST 2006 

Hi,
 
I have a strange problem with signing emails with my s/mime cert. Encrypting and
decrypting emails works fine though.
 
When I sign a message in kmail, a signature is created. At least that is what
the logs claim:
 
 ......
   6 - 2006-06-22 03:20:59 gpg-agent[2718.0x85c99f8] DBG: <- PKSIGN
   6 - 2006-06-22 03:20:59 gpg-agent[2718]: starting a new PIN Entry
   6 - 2006-06-22 03:20:59 gpg-agent[2718]: DBG: connection to PIN entry
 established
   6 - 2006-06-22 03:21:28 gpg-agent[2718.0x85c99f8] DBG: -> [ 44 20 28 37 3a
73
 69 67 2d 76 61 6c 28 33 3a 72 73 61 28 31 3a 73 31 32 38 3a 7a f9 ab d7 b6 c9
 c5 56 38 ed fd 3b fd 59 04 0b 2f 85 3d b0 58 6b d8 79 03 2d 04 bb 40 18 e5 f9
 db ed 92 fb 1f b1 d6 d8 d6 a0 e1 f3 72 be a8 e4 d2 a7 e6 f0 5d af 70 3c 5d 2c
 14 01 e0 37 b8 6d 46 47 3c 67 f8 ed d9 b0 7c a9 94 54 07 03 2b 8b 5b 13 a4 4c
 8a 8c 21 b8 06 7e 74 d5 44 1f 96 ff e5 21 33 7d 98 ed 94 14 73 ec 21 99 32 38
 70 cc 79 25 32 35 13 43 71 a9 12 fe 8a d5 34 d2 50 8b bc ac 29 29 29 ]
   6 - 2006-06-22 03:21:28 gpg-agent[2718.0x85c99f8] DBG: -> OK
   4 - 2006-06-22 03:21:28 gpgsm[3477.0x8baffb8] DBG: -> S SIG_CREATED D 1 2 00
 20060622T012059 {FINGERPRINT DELETED}
   4 - 2006-06-22 03:21:28 gpgsm[3477]: signature created
   4 - 2006-06-22 03:21:28 gpgsm[3477.0x8baffb8] DBG: -> OK
   4 - 2006-06-22 03:21:28 gpgsm[3477.0x8baffb8] DBG: <- BYE
   6 - 2006-06-22 03:21:28 gpg-agent[2718.0x85c99f8] DBG: <- [EOF]
   6 - 2006-06-22 03:21:28 gpg-agent[2718]: handler 0x85cabf0 for fd 0
 terminated
   4 - 2006-06-22 03:21:28 gpgsm[3477.0x8baffb8] DBG: -> OK closing connection
 [client at fd 4 disconnected]
 
So far so good. Something is appended to the email that is sent and it looks
very much like an s/mime signature, but alas when I read the email, the
signature can't be verified:
 
 [client at fd 4 connected]
   4 - 2006-06-22 03:22:00 gpgsm[3488.0x9f17fb8] DBG: -> Home: ~/.gnupg
   4 - 2006-06-22 03:22:00 gpgsm[3488.0x9f17fb8] DBG: -> Config:
 /home/petzold/.gnupg/gpgsm.conf
   4 - 2006-06-22 03:22:00 gpgsm[3488.0x9f17fb8] DBG: -> AgentInfo:
 /tmp/gpg-rA6gYA/S.gpg-agent:2718:1
   4 - 2006-06-22 03:22:00 gpgsm[3488.0x9f17fb8] DBG: -> DirmngrInfo: [not set]
   4 - 2006-06-22 03:22:00 gpgsm[3488.0x9f17fb8] DBG: -> GNU Privacy Guard's
S/M
 server 1.9.20 ready
   4 - 2006-06-22 03:22:00 gpgsm[3488.0x9f17fb8] DBG: <- OPTION display=:0
   4 - 2006-06-22 03:22:00 gpgsm[3488.0x9f17fb8] DBG: -> OK
   4 - 2006-06-22 03:22:00 gpgsm[3488.0x9f17fb8] DBG: <- OPTION
 lc-ctype=en_US.UTF-8
   4 - 2006-06-22 03:22:00 gpgsm[3488.0x9f17fb8] DBG: -> OK
   4 - 2006-06-22 03:22:00 gpgsm[3488.0x9f17fb8] DBG: <- OPTION
 lc-messages=en_US.UTF-8
   4 - 2006-06-22 03:22:00 gpgsm[3488.0x9f17fb8] DBG: -> OK
   4 - 2006-06-22 03:22:00 gpgsm[3488.0x9f17fb8] DBG: <- INPUT FD=39
   4 - 2006-06-22 03:22:00 gpgsm[3488.0x9f17fb8] DBG: -> OK
   4 - 2006-06-22 03:22:01 gpgsm[3488.0x9f17fb8] DBG: <- MESSAGE FD=45
   4 - 2006-06-22 03:22:01 gpgsm[3488.0x9f17fb8] DBG: -> OK
   4 - 2006-06-22 03:22:01 gpgsm[3488.0x9f17fb8] DBG: <- VERIFY
   4 - 2006-06-22 03:22:01 gpgsm[3488]: detached signature
   4 - 2006-06-22 03:22:01 gpgsm[3488.0x9f17fb8] DBG: -> S NEWSIG
   4 - 2006-06-22 03:22:01 gpgsm[3488]: no signature value available
   4 - 2006-06-22 03:22:01 gpgsm[3488.0x9f17fb8] DBG: -> OK
   4 - 2006-06-22 03:22:01 gpgsm[3488.0x9f17fb8] DBG: <- BYE
   4 - 2006-06-22 03:22:02 gpgsm[3488.0x9f17fb8] DBG: -> OK closing connection
 [client at fd 4 disconnected]
 
 "no signature value available" doesn't sound OK to me :-).
 
I have checked that I can actually vvalidate my cert, so I guess I did install
my certs correctly in kleopatra. If I send the email from Thunderbird, kmail
has no trouble verifying the signature :-(. When I compared the message sent by
kmail to the one sent by Thunderbird, I noticed that the signature in the
Thunderbird message is about twice as big as the signature in the kmail
message. To make matters even more interesting other people have reported that
they can successfully verify the signature with kmail that my kmail can't
verify. Also Thunderbird can verify the signature.
 
I'm really out of ideas as to where to look for the cause of the problem. The
gpgsm logs are completely error free (at least to me). Anyone out there with a
similar problem and a solution or anyone able to sign mails successfully with
s/mime certs?
 
Let me know if more information is needed to track down the problem.
 
Cheers,
 
Andreas
 
p.s. I'm using kde 3.5.3, kmail 1.9.3, kleopatra 0.4.0 and all the latest gnupg*
packages on fc5

More information about the Gpa-dev mailing list