Ubuntu
kdepim package

KMail tries to use X.509 certificate for PGP-only identities

Bug #570117 reported by Christian
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
kdepim (Ubuntu)
Expired
Undecided
Unassigned

Bug Description

Binary package hint: kdepim

I'm using Ubuntu 9.10 (amd64), the kmail package version is 4.3.5-0ubuntu1~karmic1.

I have configured two identities in KMail. One has an X.509 certificate assigned for signature and encryption, the other one has an OpenPGP key assigned for the same purposes. Both keys are listed in Kleopatra in the "trusted certificates" tab.

For the identity with the X.509 certificate, signing, verifying, and en-/decrypting e-mails works as expected.

The identity with the OpenPGP key causes some trouble:
1. When composing an e-mail, I can check the option to sign it. But when I press the send button, I get the following warning message: "You have requested to sign this message, but no valid signing keys have been configured for this identity."
2. If I want to encrypt an e-mail, I get a similar warning message when hitting the send button: "You have requested to encrypt this message, and to encrypt a copy to yourself, but no valid trusted encryption keys have been configured for this identity."
3. KMail correctly verifies the signatures of previously sent mails in my sent folder.
4. KMail correctly decrypts previously encrypted mails in my sent folder.

To narrow down the problem, I was looking at the gpg log file and realized, that KMail seems to query gpgsm before sending the mail, even though no X.509 certificate is associated with this identity, even though the "Preferred crypto message format" is set to "OpenPGP/MIME".

To verify that KMail always tries to use an S/MIME format with an X.509 certificate, I assigned the X.509 certificate to the PGP-only identity but kept the crypto format as "OpenPGP/MIME". Having that done and trying to send a signed mail, KMail warns me about the wrong certificate subject and then asks me for the X.509 certificate passphrase. Thus, I suspect that KMail ALWAYS tries to encrypt the message in S/MIME format even if the identity is configured to use a PGP key only.

ProblemType: Bug
Architecture: amd64
Date: Mon Apr 26 12:50:44 2010
DistroRelease: Ubuntu 9.10
ExecutablePath: /usr/bin/kontact
NonfreeKernelModules: nvidia
Package: kontact 4:4.3.5-0ubuntu1~karmic1
ProcEnviron:
 SHELL=/bin/bash
 PATH=(custom, user)
 LANGUAGE=de_DE:de:en_GB:en
ProcVersionSignature: Ubuntu 2.6.31-21.59-generic
SourcePackage: kdepim
Uname: Linux 2.6.31-21-generic x86_64
XsessionErrors:
 (/usr/lib/beagle/Beagle.Search.exe:3100): GLib-WARNING **: g_set_prgname() called multiple times
 (polkit-gnome-authentication-agent-1:3172): GLib-CRITICAL **: g_once_init_leave: assertion `initialization_value != 0' failed
 (gnome-settings-daemon:3211): GLib-CRITICAL **: g_propagate_error: assertion `src != NULL' failed
 (gnome-settings-daemon:3211): GLib-CRITICAL **: g_propagate_error: assertion `src != NULL' failed
 (firefox:4420): GLib-WARNING **: g_set_prgname() called multiple times

Revision history for this message
Christian (mail-chrschn) wrote :
Revision history for this message
Christian (mail-chrschn) wrote :

I was able to find the root cause for this behavior. As the X.509 enabled identity is the default, new messages initially have this identity set. This sets the per-message crypto format to S/MIME. Now when I change the identity to the PGP-only ID, the crypto format for this message stays as S/MIME, causing this strange behavior I previously described.

I created a patch that solves this issue by setting the crypto format to the default format of an identity if a different identity is selected in the message composer.

Revision history for this message
Christian (mail-chrschn) wrote :
Lorenzo De Liso (blackz)
tags: added: patch
Revision history for this message
Maarten Bezemer (veger) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better.

The issue you are reporting is an upstream one, so do you still have the problem (without your patch) with a more up-to-date version?

If so, it would be nice if somebody having it could send the bug (including the patch!) to the developers of the software by following the instructions at https://wiki.ubuntu.com/Bugs/Upstream/KDE. If you have done so, please tell us the number of the upstream bug (or the link), so we can add a bugwatch that will inform us about its status.

If you want me to send the upstream report, that is not a problem, let me know!
Thanks in advance.

Changed in kdepim (Ubuntu):
status: New → Incomplete
Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for kdepim (Ubuntu) because there has been no activity for 60 days.]

Changed in kdepim (Ubuntu):
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.