sup-heliotrope
encrypted detached signatures claim to be unsigned
In some messages, I see the following confusing sequence of reports:
x This message has been decrypted for display
x Encrypted message wasn't signed
+ Good signature from [redacted]
The combination of "wasn't signed" and "good signature" is very odd. The explanation for this behavior is as follows:
- When you encrypt a chunk of data, PGP optionally allows you to simultaneously sign the data. When decrypting a chunk of data, sup reports that it was decrypted and whether it was simultaneously signed.
- Another mechanism for signing a chunk of data is to use detached signatures -- that is, to have some data, and a separate file containing signature information. In email, these two chunks are separated with MIME. If sup notices a MIME message that includes a signature file, it will check the signature and report whether it was correct or not.
- Some clients choose not to use PGP's method to simultaneously encrypt and sign data when sending an encrypted, signed message; instead, they create a MIME message with a detached signature, and encrypt the entire thing.
The outcome of these three facts is that sup decrypts a chunk of data, noting that it was encrypted and not simultaneously signed, then processes the MIME stuff inside and notes that there's a good signature inside.
For security purposes, there isn't really a difference between the two methods of signing encrypted data, so complaining to the user in this way is probably a bug. Instead, sup should wait to complain that an encrypted message isn't signed until it has checked for a possible detached signature inside the encrypted chunk of data.
