html email signature causes invalid signature

[GoogleCodeExporter]

What steps will reproduce the problem?
1. use 2 Exchange account in Outlook 2010
2. send a signed eMail from one account to the other
3. verify states "** Invalid signature from xxx with KeyID yyy"

What is the expected output? What do you see instead?
Valid signature.

What version of the product are you using? On what operating system?
My system specs:
* Beta-31
* Outlook 2010
* Windows 7 Pro x64
* GPG4Win 2.1.1 final

Original issue reported on code.google.com by michael....@okadis.de on 17 Jun 2013 at 8:00

[GoogleCodeExporter]

Thanks for the bug report. Investigating.

Original comment by m...@dejavusecurity.com on 17 Jun 2013 at 3:14

[GoogleCodeExporter]

I tested the signing feature with an existing and working key and someone who 
uses automatic signature checking. I don't know what software they use to 
automatically check the signatures but it is definitely no outlook addin. That 
automatic checking also states that that the signature is invalid. So it seems 
as if not the checking is incorrect but the signing.

To further test this I sent an eMail to myself from outlook and from 
thunderbird (enigmail plugin). When verified with your addin the email signed 
by enigmal is valid and the email signed with your addin is invalid. 

--> Verify works fine, signing doesn't

Original comment by Kutd...@googlemail.com on 19 Jun 2013 at 8:40

[GoogleCodeExporter]

sorry, the previous comment was also by me

Original comment by michael....@okadis.de on 19 Jun 2013 at 8:44

[GoogleCodeExporter]

I found the problem. The answer is: html-email. If the email is sent as 
html-email, it get incorrectly signed. Signing a plain text email works just 
fine.

So this error is more or less a duplicate to issue #7. 

Original comment by michael....@okadis.de on 19 Jun 2013 at 8:50

[GoogleCodeExporter]

That makes sense. When you click sign/encrypt does the type automatically
switch for you to plain text?

Original comment by m...@dejavusecurity.com on 19 Jun 2013 at 9:50

[GoogleCodeExporter]

I tested that and yes, it does switch to plain text. But I asked myself how I 
was able to send an html-email without manually changing it back to html (html 
is the default for us). 
So I had a second look, which emails got incorrectly signed: those who contain 
our business signature. The signature gets translated to plain text but some 
element seems to force gpg to incorrectly sign the email ... I tested various 
elements like 5 dashes in a row, pipes, hyperlinks, mailto-hyperlinks but none 
of those test-emails were incorrectly signed.

If you need the signature to further investigate, please leave me a message.

Original comment by michael....@okadis.de on 20 Jun 2013 at 6:49

[GoogleCodeExporter]

Very interesting!  Good bug, please send me your sig so I can
investigate further.  Mike@dejavusecurity.com

On Jun 20, 2013, at 2:50 AM, "outlook-privacy-plugin@googlecode.com"
<outlook-privacy-plugin@googlecode.com> wrote:

Original comment by m...@dejavusecurity.com on 20 Jun 2013 at 7:22

[GoogleCodeExporter]

Original comment by m...@dejavusecurity.com on 25 Jun 2013 at 2:20

• Changed title: html email signature causes invalid signature
• Changed state: Accepted

[GoogleCodeExporter]

I can confirm this.
If another sig is needed, I can provide one.

Manually switching to plain text helps in my case as the sig for plain text is 
different.

Is it possible for the plugin to switch to plain text and get predefined 
signature for plaintext instead of taking the signature an trying to convert it 
to plain text?

Original comment by Arvor...@gmail.com on 12 Jul 2013 at 7:31