Re: KMail, pgp5 and gpg
-----BEGIN PGP SIGNED MESSAGE-----
On Tuesday 08 October 2002 12:20, Pablo de Vicente wrote:
> El Martes 8 de Octubre de 2002 12:02, David Pashley escribió:
> > On Tuesday 08 October 2002 10:49 am, Pablo de Vicente wrote:
> > > Hello,
> > >
> > > I have run into some trouble with KMail, gpg and pgp5i. I will
> > > expose the case:
> > >
> > > I usually use pgp5i and have exported my public key to a
> > > keyserver. Before doing that I checked that using PGP5i in
> > > different machines and with different identities KMail worked
> > > fine, detecting the validity of signatures.
> > >
> > > The problem arises when people who only use GnuPG import my
> > > public key from the keyserver. All emails from my address appear
> > > in Red in their Mail folders and with a "Warning: The signature
> > > is bad" message. These people use, under KMail -> Settings ->
> > > Security -> OpenPGP option "Select encryption tool to use:
> > > GnuPG".
> > I can confirm that this does happen in KDE 3.1beta2.
Unfortunately, it's not possible to fix this incompatibility between
PGP5i and GnuPG. The problem is that PGP5 doesn't create proper
clearsigned messages. We work around this problem by creating the
clearsigned messages in KMail by combining the message text and the
signature PGP5 returns. This works with all versions of PGP which I
have tested (2.6, 5, 6.5.8). Unfortunately GnuPG barfs on these
messages. But PGP5i is anyway very broken and you should really not use
it anymore. You should consider using GnuPG instead.
> > > If the previous option is set to: "Autodetect", then the email
> > > will appear in yellow with a "The validity of the signature can't
> > > be verified" message.
> > >
> > > However if one only uses KMail with PGP5 (for which one imports
> > > my public key from the keyserver) the emails appear in green and
> > > with a "The signature is valid and the key is fully trusted"
> > > message.
> > >
> > > Is there some kind of incompatibilty between GnuPG and PGP5i?.
Yes. See above.
> > > Is this a KMail problem which, when using GnuPG does not
> > > recognize the validity of messages signed with PGP5i?.
See above. ;-)
> "....PGP 5.0i isn't able to clearsign a message if this message
> contains 8-bit characters (like german umlauts). Therefore the
> developers of KMail programmed a work around. The message is first
> signed with a detached signature and then a clearsigned message is
> composed as follows:...."
Hmm, that's more or less what I wrote above. ;-)
> "... If a mail (or something else) you want to sign contains 8-bit
> characters PGP 5.0i always generates a type 0x00 signature (a
> signature of a binary document). Therefore GnuPG can't handle it
> correctly (and it doesn't have to)...."
Hmm, that sounds familiar. I guess it does because I wrote it. :-)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)
-----END PGP SIGNATURE-----