KMail tries to use X.509 certificate for PGP-only identities
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
kdepim (Ubuntu) |
Expired
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: kdepim
I'm using Ubuntu 9.10 (amd64), the kmail package version is 4.3.5-0ubuntu1~
I have configured two identities in KMail. One has an X.509 certificate assigned for signature and encryption, the other one has an OpenPGP key assigned for the same purposes. Both keys are listed in Kleopatra in the "trusted certificates" tab.
For the identity with the X.509 certificate, signing, verifying, and en-/decrypting e-mails works as expected.
The identity with the OpenPGP key causes some trouble:
1. When composing an e-mail, I can check the option to sign it. But when I press the send button, I get the following warning message: "You have requested to sign this message, but no valid signing keys have been configured for this identity."
2. If I want to encrypt an e-mail, I get a similar warning message when hitting the send button: "You have requested to encrypt this message, and to encrypt a copy to yourself, but no valid trusted encryption keys have been configured for this identity."
3. KMail correctly verifies the signatures of previously sent mails in my sent folder.
4. KMail correctly decrypts previously encrypted mails in my sent folder.
To narrow down the problem, I was looking at the gpg log file and realized, that KMail seems to query gpgsm before sending the mail, even though no X.509 certificate is associated with this identity, even though the "Preferred crypto message format" is set to "OpenPGP/MIME".
To verify that KMail always tries to use an S/MIME format with an X.509 certificate, I assigned the X.509 certificate to the PGP-only identity but kept the crypto format as "OpenPGP/MIME". Having that done and trying to send a signed mail, KMail warns me about the wrong certificate subject and then asks me for the X.509 certificate passphrase. Thus, I suspect that KMail ALWAYS tries to encrypt the message in S/MIME format even if the identity is configured to use a PGP key only.
ProblemType: Bug
Architecture: amd64
Date: Mon Apr 26 12:50:44 2010
DistroRelease: Ubuntu 9.10
ExecutablePath: /usr/bin/kontact
NonfreeKernelMo
Package: kontact 4:4.3.5-
ProcEnviron:
SHELL=/bin/bash
PATH=(custom, user)
LANGUAGE=
ProcVersionSign
SourcePackage: kdepim
Uname: Linux 2.6.31-21-generic x86_64
XsessionErrors:
(/usr/
(polkit-
(gnome-
(gnome-
(firefox:4420): GLib-WARNING **: g_set_prgname() called multiple times
tags: | added: patch |
I was able to find the root cause for this behavior. As the X.509 enabled identity is the default, new messages initially have this identity set. This sets the per-message crypto format to S/MIME. Now when I change the identity to the PGP-only ID, the crypto format for this message stays as S/MIME, causing this strange behavior I previously described.
I created a patch that solves this issue by setting the crypto format to the default format of an identity if a different identity is selected in the message composer.