Open GoogleCodeExporter opened 9 years ago
Thanks for the bug report. Investigating.
Original comment by m...@dejavusecurity.com
on 17 Jun 2013 at 3:14
I tested the signing feature with an existing and working key and someone who
uses automatic signature checking. I don't know what software they use to
automatically check the signatures but it is definitely no outlook addin. That
automatic checking also states that that the signature is invalid. So it seems
as if not the checking is incorrect but the signing.
To further test this I sent an eMail to myself from outlook and from
thunderbird (enigmail plugin). When verified with your addin the email signed
by enigmal is valid and the email signed with your addin is invalid.
--> Verify works fine, signing doesn't
Original comment by Kutd...@googlemail.com
on 19 Jun 2013 at 8:40
sorry, the previous comment was also by me
Original comment by michael....@okadis.de
on 19 Jun 2013 at 8:44
I found the problem. The answer is: html-email. If the email is sent as
html-email, it get incorrectly signed. Signing a plain text email works just
fine.
So this error is more or less a duplicate to issue #7.
Original comment by michael....@okadis.de
on 19 Jun 2013 at 8:50
That makes sense. When you click sign/encrypt does the type automatically
switch for you to plain text?
Original comment by m...@dejavusecurity.com
on 19 Jun 2013 at 9:50
I tested that and yes, it does switch to plain text. But I asked myself how I
was able to send an html-email without manually changing it back to html (html
is the default for us).
So I had a second look, which emails got incorrectly signed: those who contain
our business signature. The signature gets translated to plain text but some
element seems to force gpg to incorrectly sign the email ... I tested various
elements like 5 dashes in a row, pipes, hyperlinks, mailto-hyperlinks but none
of those test-emails were incorrectly signed.
If you need the signature to further investigate, please leave me a message.
Original comment by michael....@okadis.de
on 20 Jun 2013 at 6:49
Very interesting! Good bug, please send me your sig so I can
investigate further. Mike@dejavusecurity.com
On Jun 20, 2013, at 2:50 AM, "outlook-privacy-plugin@googlecode.com"
<outlook-privacy-plugin@googlecode.com> wrote:
Original comment by m...@dejavusecurity.com
on 20 Jun 2013 at 7:22
Original comment by m...@dejavusecurity.com
on 25 Jun 2013 at 2:20
I can confirm this.
If another sig is needed, I can provide one.
Manually switching to plain text helps in my case as the sig for plain text is
different.
Is it possible for the plugin to switch to plain text and get predefined
signature for plaintext instead of taking the signature an trying to convert it
to plain text?
Original comment by Arvor...@gmail.com
on 12 Jul 2013 at 7:31
Original issue reported on code.google.com by
michael....@okadis.de
on 17 Jun 2013 at 8:00