search

Meddington / OutlookPrivacyPlugin

A PGP encryption plugin for Outlook 2010, 2013 and 2016.
BSD 3-Clause "New" or "Revised" License
272 stars 60 forks source link

Invalid clear sig with unicode and sha256 #97

Open grfilho opened 9 years ago

grfilho commented 9 years ago

When signing messages with SHA-1 I get valid signatures. However when using SHA-256 I get invalid ones.

See messages below:

VALID SIGNATURE -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Vou tentar mais uma vez. Quem sabe funciona...

-----BEGIN PGP SIGNATURE----- Version: Outlook Privacy Plugin

iQFsBAEBAgBWBQJV0yO5TxxHaWxiZXJ0byBSZWlzIEZpbGhvIChTYW50YW5kZXIg UEdQIEtleSkgPGdpbGJlcnRvLnJlaXMuZmlsaG9Ac2FudGFuZGVyLmNvbS5icj4A CgkQFtxrHx+NsySUSAgAui+jEvaaAPR+2oLH4wJ7aEgVLbKDPkra8iCu1NG12pxR rHg0P3lnN/ApYiVDdf0ks0lFgYsSis/1tZQgTrMw0n26qR9LZU9QgzM0SnZWctim WE9ebjqlr87OGR9kklqeRjpz/b5W7eAo8qFq44Sy9ZaGIn/Vyl583RFPzk52e8/z zVy+zMvggK2DWyxkxl23y9AEFVdL9lqTG5vKGcXbU7XYv+2yRXqp7b612bS/ej7C Y3IeYRGEi3SiOU1UwcUgUC1U3V/bpEAsMY5GnbMAjWho0KSOwwfTNFIzdHHGXfPY Okomxs1LZWGc2XA66odo8mshDf+Uw4NAN+i0MU2nKg== =hYdX -----END PGP SIGNATURE-----

INVALID SIGNATURE -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

Vamos tentar mais uma vez só que com criptografia mais forte...

-----BEGIN PGP SIGNATURE----- Version: Outlook Privacy Plugin

iQFsBAEBCABWBQJV0yQZTxxHaWxiZXJ0byBSZWlzIEZpbGhvIChTYW50YW5kZXIg UEdQIEtleSkgPGdpbGJlcnRvLnJlaXMuZmlsaG9Ac2FudGFuZGVyLmNvbS5icj4A CgkQFtxrHx+NsySyaAf5AXsbzZ1ezhuzFhsTST9la3l4Su4+2fgkp3lGfEfSEVlr nmrTueW/I3D+SeVISdOPxwCMgN+URzvyF/IY2YZgKK7HFKO0nBv74PPwKFtJ4Biw TptW1rPRIFsrs/99SVFFrqIpgFRay0xgsPlYte5xy/8AZPq0UpFGM6KHLtr8+TOL xybrShrPUu64Fk7p/St5Yb347q6BpAyOcTK9PRy7l7y0MHnyiYtyPmpJnRIfVtwC Y0MeXCO2AyYUMsbP7w1bAAflrAIWHRzovJAW4uc46gV2Es1wuGGaOqehbOCu/UF4 ++OLV5dz9c3oQWMKS05gTfNJWe+H86EQ+lePrFarxA== =yNqO -----END PGP SIGNATURE-----

PUBLIC KEY TO VALIDATE THE SIGNATURES -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v2

mQENBFVbRn4BCADJ2WeQO6YHKabyGkKwYxsqilydQ2TzWRk7jJDyR843G134wzLp E+hcC85NJvPBOlJ2Sv9htUZKsaHgsX1o1UCyQyrIKPT03Z1Rh9+CKZjom8aohu3S JcEeFvSu56Qzj8g2NzdyVEdISY2v/45UbjNfo1DlvsrMczHZkF7Dsc1nJKgq+eq7 SREqdUjOHOeYQ0q/byi4pRTonrDDC6dJpElDgdH56pAyPiPUuI1Kmg30erVX0ZEE mCwfKbT/vOLA2wrhMv1MR9MkzMDFequvM4jnnvmsI4YlMdrzON2ClNl2PjlrRcfE 5i5hdE7OVqD9vZAXT1pf+VN/qu6oPCYmSAmPABEBAAG0TkdpbGJlcnRvIFJlaXMg RmlsaG8gKFNhbnRhbmRlciBQR1AgS2V5KSA8Z2lsYmVydG8ucmVpcy5maWxob0Bz YW50YW5kZXIuY29tLmJyPokBOQQTAQgAIwUCVVtGfgIbDwcLCQgHAwIBBhUIAgkK CwQWAgMBAh4BAheAAAoJEBbcax8fjbMkXP4IALjIxXNl1vgs0VQSmLrFeOnN6XX4 Uu97BKketgZCt7zGgEuKFcI4dIhWvpVN5Laz2DytaR/GfvhOqgzsCOWnYYLe3XfV QQNsfb843sO624RQGmSuELfS2KYqUfGaPJUq1CxtGCI7jfs5p7emzt6CyA6rTtZS Oo3dFEFp8krF3TdnkSjnBuLa8wD8gnFG+eynXyrPxSQQ7iAIR1QfZLJMQebdR0X9 2BwYS8hHtIgLXebiHF4Yu72Yocbv+zrNl10PV29VARvkkVl18Y6nOZX7f3wtQfW2 7DkIA4J3yy6FkrXQPIVAhHOzIUsaaM8ahA83MrNsh3jVN1MWxgx3n/VeD/U= =9Y1x -----END PGP PUBLIC KEY BLOCK-----

grfilho commented 9 years ago

Sorry to bump this but is this issue confirmed or am I doing something wrong?

Meddington commented 8 years ago

My testing has this working A-OK. Could you please try again but use only ASCII. Perhaps this is an issue with unicode.

Meddington commented 8 years ago

Tested with Outlook -> Thunderbird w/enigmail

Perhaps the issue was related to another bug about selecting correct keys for signing

x-ticker commented 8 years ago

I have the same issue. If I include accent like "é" and only sign the email it's invalid. If there is no accent everything goes well.

If I sign and encrypt, everything work as expected even with accent.

andrewgdotcom commented 8 years ago

I've noticed this problem on pretty much any mail that uses "=XX" encoding, even if it's just an "=20" for a hard space. Is verification being invoked on the raw source?