GNU bug report logs - #26587
26.0.50; Gnus signs with false S/MIME key

Previous Next

Packages: gnus, emacs;

Reported by: Torsten Bronger <bronger <at> physik.rwth-aachen.de>

Date: Fri, 21 Apr 2017 11:42:02 UTC

Severity: normal

Tags: fixed, security

Found in version 26.0.50

Fixed in version 27.1

Done: Lars Ingebrigtsen <larsi <at> gnus.org>

Bug is archived. No further changes may be made.

Full log

Message #13 received at 26587 <at> debbugs.gnu.org (full text, mbox):

From: Torsten Bronger <bronger <at> physik.rwth-aachen.de>
To: Lars Ingebrigtsen <larsi <at> gnus.org>
Cc: 26587 <at> debbugs.gnu.org
Subject: Re: bug#26587: 26.0.50; Gnus signs with false S/MIME key
Date: Wed, 9 Oct 2019 10:58:24 +0200

Hallöchen!

Lars Ingebrigtsen writes:

> Torsten Bronger <bronger <at> physik.rwth-aachen.de> writes:
>
>> If I have keys for different email addresses in my gpgsm keyring, Gnus
>> signs an outgoing email using S/MIME with the first one listed by "gpgsm
>> --list-secret-keys" instead of the one actually associated with the
>> "From:" mail address.
>
> I'm unable to reproduce this bug.
>
> Could you describe, step by step, how you are composing the message to
> be signed?

When writing the message, I call (mml-secure-message-sign-smime).
The "From:" field contains "Torsten Bronger
<bronger <at> physik.rwth-aachen.de>".  My secret keys are:

bronger <at> brad:~/kfa/Zertifikate/juliabase$ gpgsm --list-secret-keys
/home/bronger/.gnupg/pubring.kbx
--------------------------------
           ID: 0x416092ED
          S/N: 1CDCFCFE038E7AD34DF1C3FC
       Issuer: /CN=DFN-Verein Global Issuing CA/OU=DFN-PKI/O=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V./C=DE
      Subject: /CN=Torsten Bronger/O=Forschungszentrum Juelich GmbH/C=DE
          aka: t.bronger <at> fz-juelich.de

[...]

           ID: 0x4A86AFDB
          S/N: 213C2509C6CA74A7ED7133B8
       Issuer: /CN=DFN-Verein Global Issuing CA/OU=DFN-PKI/O=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V./C=DE
      Subject: /CN=Torsten Bronger/OU=Fachgruppe Physik/O=RWTH Aachen/C=DE
          aka: bronger <at> physik.rwth-aachen.de
     validity: 2019-07-03 13:02:55 through 2022-07-02 13:02:55
     key type: 2048 bit RSA
    key usage: digitalSignature nonRepudiation keyEncipherment
ext key usage: clientAuth (suggested), emailProtection (suggested)
     policies: 1.3.6.1.4.1.22177.300.1.1.4:N:,1.3.6.1.4.1.22177.300.1.1.4.4:N:,1.3.6.1.4.1.22177.300.2.1.4.4:N:
  fingerprint: CD:BF:CA:E9:F3:83:B9:DC:00:E4:A2:B1:8F:D8:E0:78:4A:86:AF:DB

I would like the second key to be used.  But Gnus signs the email
with the first certificate.

Regards,
Torsten.

-- 
Torsten Bronger
This bug report was last modified 4 years and 296 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.