Page MenuHome GnuPG
Create Task
Maniphest T6643

GnuPG: ERRSIG for non compliant signatures in de_vs mode
Open, WishlistPublic
Actions

Description

There seems to be a regression in 2.2.41 at least I think the behavior was different in the past.

Instead of getting a verify result with de_vs=false i get an error "Invalid public key algorithm"

echo foo | gpg -s | ~/Downloads/gnupg-vs-desktop-3.1.26.0-x86_64.AppImage -c gpg --status-fd 1 --verify --auto-key-import 

[GNUPG:] ERRSIG 2978E9D40CBABA5C 22 10 00 1691669111 4 7093194AADBB8A2D14D3C9172978E9D40CBABA5C
gpg: Can't check signature: Invalid public key algorithm

This results in GpgOL treating such mails as if they are unsigned, while they should be presented as "Trust Level 2" (Reported to me by @ebo as a GpgOL issue)

Related Objects

Event Timeline

aheinecke triaged this task as High priority.Aug 10 2023, 2:10 PM
aheinecke created this task.
aheinecke mentioned this in T6644: GnuPG: Allow non compliant signatures in compliance mode.Aug 10 2023, 2:36 PM
aheinecke added a comment.Aug 10 2023, 2:55 PM

Mmh, ok this does not seem like a regression, at least if I go back to one of my oldest appimages with 3.1.21 I still get ERRSIG.

werner added a comment.Aug 10 2023, 5:41 PM

We have no dedicated error to tell that the verification failed due to an non-compliant algorithm. Thus we return invalid public key algorithms as best approximation. You could use --override-compliance-check, though. We discussed things thing once at the Gutenbergweg.

werner edited projects, added vsd, Feature Request; removed gnupg22 (gnupg-2.2.42).Aug 10 2023, 5:43 PM
aheinecke lowered the priority of this task from High to Wishlist.Aug 14 2023, 2:22 PM

I think that might have been some idea we had before we added --require-compliance and proper display of non compliant signatures in KMail and Kleopatra and wanted to ensure that non compliant signatures are not "Green".
But since this is not a regression we might even consider not changing this in 2.2 anymore but instead do some relaxation how we treat non compliant signatures both for creation and verification in 2.4 I see T6644 as related.