hydroxide
hydroxide copied to clipboard
emersion
Support signed outgoing messages
ProtonMail is capable of sending PGP-signed messages (tested with Android app). However signed messages sent with Hydroxide get mangled on the way.
As a result:
- signatures are not recognised by MUAs (tested with K-9 Mail and NeoMutt)
- manual verification results in
BAD signature.
Example: What was sent by MUA to Hydroxide???s SMTP server (sniffed with Wireshark):
From: {email address}
To: {email address}
Subject: sign test watched
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature"; boundary="p4hhyhz6uanwonvv"
Content-Disposition: inline
User-Agent: NeoMutt/20180716
--p4hhyhz6uanwonvv
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
sign test
--=20
Adam Pioterek
--p4hhyhz6uanwonvv
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEElPPQXqHLfrlrrE+/JELid3bgpXgFAltTbBwACgkQJELid3bg
pXiTugf/bf8dHUtmfOHgFe4rumOcTf1rw4goQX/xK4lBpVuaxrVEflNyeWY40s6J
6Ah8Om9IQZ7WCxs7s76D+8QQVCPmjrrKLBW71qJY2eUr2wZREZoTF4BY3N9flRSV
YOiMm/UQuyO6s15B5YROq+o/0SXMEKxx56bbprRIWS7lXJYC0LQyNLgUliB8btL1
eMjSQBwZ+2nf0FxIdTdXwe6bpYq8/dNT6ZouvlYsjeyjUUyrEXCiTbacM3Wyk/MR
MpxUUmbTdZpFNKKnGpIpZld7oGU80bM3Qty+huuPP3UIfXckjwn/YZ4vn1aZsu01
C4r/MuCeLfxa6TJ6U8YDj5BWYTyqMw==
=slx2
-----END PGP SIGNATURE-----
--p4hhyhz6uanwonvv--
What was sent by ProtonMail (what lies in my Sent folder):
X-Pm-Origin: internal
X-Pm-Content-Encryption: end-to-end
Subject: sign test watched
To: {email address}
From: Adam Pioterek <{email address}>
Date: Sat, 21 Jul 2018 13:23:56 -0400
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="---------------------5431deeefc95158512b875cffd20fe39"
X-Attached: signature.asc
Message-Id: <7VlPHNPCzHlNg4x3Od1sq0WvVWLGVWR9PVpda_aEiPMP0eQsdxQnTwT41QDWYEBfHwgndTUeI7P2zt-ekzIH_-lYD5336rAq_NnVeYNM2XE=@protonmail.ch>
X-Pm-Recipient-Authentication: {email address}=none
X-Pm-Recipient-Encryption: {email address}=none
-----------------------5431deeefc95158512b875cffd20fe39
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;charset=utf-8
sign test
-- =
Adam Pioterek
-----------------------5431deeefc95158512b875cffd20fe39
Content-Type: application/pgp-signature; name="signature.asc"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="signature.asc"
LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KCmlRRXpCQUVCQ0FBZEZpRUVsUFBRWHFITGZy
bHJyRSsvSkVMaWQzYmdwWGdGQWx0VGJCd0FDZ2tRSkVMaWQzYmcKcFhpVHVnZi9iZjhkSFV0bWZP
SGdGZTRydW1PY1RmMXJ3NGdvUVgveEs0bEJwVnVheHJWRWZsTnllV1k0MHM2Sgo2QWg4T205SVFa
N1dDeHM3czc2RCs4UVFWQ1BtanJyS0xCVzcxcUpZMmVVcjJ3WlJFWm9URjRCWTNOOWZsUlNWCllP
aU1tL1VRdXlPNnMxNUI1WVJPcStvLzBTWE1FS3h4NTZiYnByUklXUzdsWEpZQzBMUXlOTGdVbGlC
OGJ0TDEKZU1qU1FCd1orMm5mMEZ4SWRUZFh3ZTZicFlxOC9kTlQ2Wm91dmxZc2pleWpVVXlyRVhD
aVRiYWNNM1d5ay9NUgpNcHhVVW1iVGRacEZOS0tuR3BJcFpsZDdvR1U4MGJNM1F0eStodXVQUDNV
SWZYY2tqd24vWVo0dm4xYVpzdTAxCkM0ci9NdUNlTGZ4YTZUSjZVOFlEajVCV1lUeXFNdz09Cj1z
bHgyCi0tLS0tRU5EIFBHUCBTSUdOQVRVUkUtLS0tLQo=
-----------------------5431deeefc95158512b875cffd20fe39--
You're not supposed to encrypt/sign your messages when using hydroxide. Hydroxide will encrypt and sign for you with your ProtonMail key.
Then messages sent outside ProtonMail are not PGP-signed (while Android app is able to do it)
You're not supposed to encrypt/sign your messages when using hydroxide. Hydroxide will encrypt and sign for you with your ProtonMail key.
I came here specifically looking for a way to use a ProtonMail account with keys I alone control (on a smartcard). Bridge rejects email that has already been encrypted with a key it doesn't control. It would be fantastic if hydroxide could simply allow signed / encrypted email to pass through (rather than mangling / rejecting it).
