Broken signatures with Thunderbird/Enigmail since 1.4.0?

John Clizbe JPClizbe at comcast.net
Fri Dec 17 06:46:59 CET 2004 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Chris De Young wrote:
> Hi,
> 
> Since upgrading to 1.4.0 on Linux, Thunderbird/Enigmail seems to be
> having trouble verifying signatures (so far mostly on messages I have
> sent and CC: myself).  The output is difficult to paste from
> Thunderbird, but it's normal looking GPG output for "BAD Signature
> from ...".
> 
> This seems to be an enigmail problem, because Mutt reports a good
> signature on the same copy of the same message.
> 
> Has anyone else run into this, or have any guesses about any subtle
> behavior change in 1.4.0 that might be giving Enigmail indigestion?

Hi all,

Had the opportunity to test this with David Shaw a bit ago. Until there is
 an Enigmail fix ready, the work around is to fall back to GnuPG 1.3.92 or
1.2.6.

Regards,

The Enigmail team

- -------- Original Message --------
Subject: Re: First mail
Date: Thu, 16 Dec 2004 23:50:59 -0500
From: David Shaw <dshaw at jabberwocky.com>

Okay, this is interesting.  Your 1.4.0 message only works with 1.4.0,
and your 1.3.92 message only works with the modified 1.4.0. (same as
1.3.92 in the end of line code).

My messages verify with either 1.4.0 and 1.3.92 on your side.

So.... I'm thinking text canonicalization.  The PGP/MIME spec requires
end-of-line whitespace to be protected by MIME encoding.  It seems
mutt is doing this, which is why you can verify my messages with
either version.  It seems Enigmail isn't doing this which is why your
1.4 messages only work with 1.4 here and your 1.3.92 messages only
work with the modified 1.4 here.

The reason why it suddenly stopped working with 1.4 is that the
revision to the OpenPGP spec changed the end-of-line rules slightly.
In the past, the rule was to remove spaces and tabs then canonicalize
the line ending to CR+LF.  The new rule is just to canonicalize the
line ending.

It seems that Enigmail is relying on GnuPG to handle the end-of-line
whitespace and isn't protecting or removing it internally like mutt
does.  Since GnuPG doesn't do it any longer, we have breakage.
- -------- End Original Message --------

- --
John P. Clizbe                   Inet:   JPClizbe(a)comcast DOT nyet
Golden Bear Networks             PGP/GPG KeyID: 0x608D2A10
"Be who you are and say what you feel because those who mind don't matter
and those who matter don't mind." - Dr Seuss, "Oh the Places You'll Go"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0a (Windows 2000 SP4)
Comment: When cryptography is outlawed, b25seSBvdXRsYXdzIHdpbGwgdXNlIG
Comment: It's YOUR right - for the time being.
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFBwnLRHQSsSmCNKhARAhH3AJ42QLFi8ZRPqfOx8WQV2VYqy19CwACg121O
ejXo+wZqxHEjpRIorUsIrGw=
=nXCz
-----END PGP SIGNATURE-----

More information about the Gnupg-users mailing list