Enigmail fails to validate detached attachment signatures that it creates

You're writing a signed HTML message in Inline format. This causes trouble and is not recommended. Maybe this affects signature verification of the attachments. Please try again with a plaintext message or PGP/MIME format.

Maybe I did not understood things good but why would message body have anything to do with the attachments encrypted separately? Looks to me that for each attachment there is detached signature (.sig files in attachments) which should allow atachment validation independently of message body. I will inspect .sig files and get back with more info.

You can check the signatures of the sent message. Are the signatures valid there?

Yes but the setting says "sign each attachment separately" i.e. validation of inline body signature doesn't mean that attachment signatures are valid because they are not included in inline body signature calculation at all. It is possible that attachments are replaced or altered, and the inline message body will still validate against its signature. Attachments in the message have separate signature files (.sig files) attached to mail message, which represent detached signatures(thats the thing I will check) and those should be used to vlidate signature of attachments in message.

We may put things other way: What is the purpose of "Verify signature" enigmail context menu item, that you get when you right click attachment or sig file next to it in message with attachments, signed using "sign each attachment separately" option.

Thanks for the discussion,
Velja

.sig files are indeed detached signatures of attachments. Furthermore, they validate.

Output of commands executed on attachment and sig file from my screencast in the first message:

C:\Users\User>gpg --list-packets "D:\DOKUMENTI\work\epgp\enigmail_atts\Chrysanthemum.jpg.sig"
:signature packet: algo 1, keyid D0AC4BBEA7ECFC22
version 4, created 1443707840, md5len 0, sigclass 0x00
digest algo 2, begin of digest e5 1f
hashed subpkt 2 len 4 (sig created 2015-10-01)
subpkt 16 len 8 (issuer key ID D0AC4BBEA7ECFC22)
data: [4095 bits]

which shows that sig files contain signature packet.

C:\Users\User>gpg --verify "D:\DOKUMENTI\work\epgp\enigmail_atts\Chrysanthemum.jpg.sig" "D:\DOKUMENTI\work\epgp\enigmail_atts\Chrysanthemum.jpg"
gpg: Signature made 10/01/15 15:57:20 Central Europe Daylight Time using RSA key ID A7ECFC22
gpg: Good signature from "Velja Radenkovic velja@l.lh" [ultimate]

which shows that signature validates i.e. file is intact.

Command that Enigmail executes after which it diaplays "BAD SIGNATURE" copied from enigmail console:

enigmail> "D:\Program Files (x86)\GNU\GnuPG\pub\gpg2.exe" --charset utf-8 --display-charset utf-8 --batch --no-tty --status-fd 2 --verify C:\Users\User\AppData\Local\Temp\Chrysanthemum.jpg.sig C:\Users\User\AppData\Local\Temp\Chrysanthemum-1.jpg

I couldn't execute that command because there are no Chrysanthemum-1.jpg and no Chrysanthemum.jpg.sig in Temp dir. They do not exist. It is possible that they existed and Enigmail deletes temp files after trying to validate signature. Or it didint copy attachment and signature before executing command. I can't tell for sure why is that context menu command failing if i dont look at code which is not something I can afford now.

Thank you,
Velja

Attachment and sig from 1st message screen cast.

I can confirm that attaching a plaintext file and signing with 'Sign each attachment seperately and send the message using inline PGP' results in an email that can have the attachment tampered but will still show a good signature.

To reproduce:

1. Send email with plaintext attachment, signed as above.
2. Save received email as .eml file
3. edit .eml file and modify attachment text
4. open modified .eml file and observe "good" signature

Of course, attachment signatures can be checked independantly, but from a 'normal' end user experience, this situation is very misleading.

The problem is that attachment signatures can not be checked individually so its also broken for very advanced user. See my first post and screencast.

I think we have a misunderstanding. We're obviously using different language: Was I meant when saying " check the signature": Look whether the signature is good or bad. You probably meant: "Proove a good signature".

Obviously the signature is already bad in the sent folder. Thanks for checking that. Please give us a debug log (https://www.enigmail.net/support/bugs.php). Please also give us the saved messages (sent folder and Inbox) and your public key. Please mail it directly to patrick at enigmail dot net and to ludwig at enigmail dot net. Thanks.

Signature is good. It validates fine against attachment using GPG from command line. Its in the post above. I will send log as soon as I can.

mails + pub key + log (sent to email to)

Thanks for the files. I could reproduce the problem with your saved messages and Enigmail 1.8.2. However, using a nightly version of Enigmail everything is well and I get good signatures for both attachments on both messages (inbox and sent). So this bug is already fixed on master. A review showed, that [#517] is most likely also your problem. Would you please install a nightly build of Enigmail (https://www.enigmail.net/download/nightly.php) and test again? Thanks!

Duplicate to bug 517