Re: KMail, pgp5 and gpg

To: debian-kde@lists.debian.org
Cc: kmail@mail.kde.org
Subject: Re: KMail, pgp5 and gpg
From: Pablo de Vicente <pvicentea@wanadoo.es>
Date: Tue, 8 Oct 2002 12:20:11 +0200
Message-id: <[🔎] 200210081220.13109.pvicentea@wanadoo.es>
Reply-to: pvicentea@wanadoo.es
In-reply-to: <[🔎] 200210081102.32891.david@davidpashley.com>
References: <[🔎] 200210081149.55848.pvicentea@wanadoo.es> <[🔎] 200210081102.32891.david@davidpashley.com>

-----BEGIN PGP SIGNED MESSAGE-----

El Martes 8 de Octubre de 2002 12:02, David Pashley escribió:
> On Tuesday 08 October 2002 10:49 am, Pablo de Vicente wrote:
> > Hello,
> >
> >   I have run into some trouble with KMail, gpg and pgp5i. I will expose
> > the case:
> >
> > I usually use pgp5i and have exported my public key to a keyserver.
> > Before doing that I checked that using PGP5i in different machines and
> > with different identities KMail worked fine, detecting the validity of
> > signatures.
> >
> >  The problem arises when people who only use GnuPG import my public key
> > from the keyserver. All emails from my address appear in Red in their
> > Mail folders and with a "Warning: The signature is bad" message. These
> > people use, under KMail  -> Settings -> Security -> OpenPGP option
> > "Select encryption tool to use: GnuPG".
>
> I can confirm that this does happen in KDE 3.1beta2.
>
> >  If the previous option is set to: "Autodetect", then the email will
> > appear in yellow with a "The validity of the signature can't be verified"
> > message.
> >
> > However if one only uses KMail with PGP5 (for which one imports my public
> > key from the keyserver) the emails appear in green and with a "The
> > signature is valid and the key is fully trusted" message.
> >
> >  Is there some kind of incompatibilty between GnuPG and PGP5i?. Is this a
> > KMail problem which, when using GnuPG does not recognize the validity of
> > messages signed with PGP5i?.
> >
> > On the other hand Kmail works fine the other way round, that is messages
> > signed with GnuPG are correctly verified.
> >
> > Any ideas?
>
> Have you emailed kmail@mail.kde.org? They are the KMail developers. they
> should be able to help you more.

 No, I have not mailed them, but I am going to CC them this message. but  I
have found looking for it at Google that there IS a compatibility problem:

 "....PGP 5.0i isn't able to clearsign a message if this message contains
8-bit characters (like german umlauts). Therefore the developers of KMail
programmed a work around. The message is first signed with a detached
signature and then a clearsigned message is composed as follows:...."

"... If a mail (or something else) you want to sign contains 8-bit characters
PGP 5.0i always generates a type 0x00 signature (a signature of a binary
document). Therefore GnuPG can't handle it correctly (and it doesn't
have to)...."

 Conclusion:
 - This is off-topic, but how can I migrate my keys to GnuPG?
 - Do I need to revoke my keys in the public keyserver and create new ones?.

 thanks in advance,

Pablo de Vicente.

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
MessageID: O/nROO2dr1O4AtY5KFE9Uc5HLEeTk4PA

iQA/AwUBPaKxW0iLVKR5epCREQIGdgCeM7azjj1oFLP4u+uKPF35GIdl4IwAoKyR
WJ/wmInc0sqm+dNTf5igbHru
=QqhG
-----END PGP SIGNATURE-----

Reply to:

Follow-Ups:
- Re: KMail, pgp5 and gpg
  - From: Ingo Klöcker <kloecker@kde.org>

References:
- KMail, pgp5 and gpg
  - From: Pablo de Vicente <pvicentea@wanadoo.es>
- Re: KMail, pgp5 and gpg
  - From: David Pashley <david@davidpashley.com>

Prev by Date: Re: KMail, pgp5 and gpg
Next by Date: kdevelop
Previous by thread: Re: KMail, pgp5 and gpg
Next by thread: Re: KMail, pgp5 and gpg
Index(es):
- Date
- Thread