<html><head> <title></title> <meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=no"> </head> <body style="font-family:Helvetica;color:#000000;font-size:13px;"> <div id="CanaryBody"> <div> Hi,</div><div><br></div><div>The Enigmail is able to produce encrypted and signed message that is of this format:</div><div><br></div><div><div># off=0 ctb=85 tag=1 hlen=3 plen=268</div><div>:pubkey enc packet: version 3, algo 1, keyid 99DC3902ACFB3F2D</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>data: [2048 bits]</div><div># off=271 ctb=85 tag=1 hlen=3 plen=268</div><div>:pubkey enc packet: version 3, algo 1, keyid A93E9DF0C89796BC</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>data: [2046 bits]</div><div># off=542 ctb=d2 tag=18 hlen=2 plen=0 partial new-ctb</div><div>:encrypted data packet:</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>length: unknown</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>mdc_method: 2</div><div># off=563 ctb=a3 tag=8 hlen=1 plen=0 indeterminate</div><div>:compressed packet: algo=2</div><div># off=565 ctb=90 tag=4 hlen=2 plen=13</div><div>:onepass_sig packet: keyid 4CAB945543809C83</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>version 3, sigclass 0x01, digest 8, pubkey 1, last=1</div><div># off=580 ctb=cb tag=11 hlen=2 plen=0 partial new-ctb</div><div>:literal data packet:</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>mode t (74), created 1512950823, name="",</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>raw data: unknown length</div></div> <div><br></div><div><br></div><div>I’m not able to create this format by hand. What I’m curious about is missing signature packet after the literal packet. Whenever I try to encrypt and sign, there is onepass_sig and and signature packet at the end (as expected)</div><div><br></div><div><br></div><div>gpg validate this message as valid. gpg —decrypt</div><div><br></div><div><div>gpg: Signature made Mon Dec 11 01:07:03 2017 CET</div><div>gpg: using RSA key ADFB5525AC0262620BBED93C4CAB945543809C83</div><div>gpg: Good signature from "BobEnzevalos <bob@enzevalos.de>" [unknown]</div><div>gpg: WARNING: This key is not certified with a trusted signature!</div><div>gpg: There is no indication that the signature belongs to the owner.</div><div>Primary key fingerprint: ADFB 5525 AC02 6262 0BBE D93C 4CAB 9455 4380 9C83</div></div><div></div><div><br></div><div>my question is… where is this signature from? why this is a valid message?</div><div><br></div><div>Thank you in advance.</div><div><br></div><div>--</div><div>Regards.</div></div><div id="CanarySig"><div><div style="font-family:Helvetica;color:#000;font-size:13px;">Marcin</div> <div><br></div> </div> </div> <div id="CanaryDropbox"> </div> <img id="7C3040E579B4890341A0BBA71D4A21FD" width="1px" src="http://pixels.canarymail.io:8100/track/683B5977389262DFE4876EC57DFF012B_7C3040E579B4890341A0BBA71D4A21FD.png" height="1px"></body></html>