GNU bug report logs - #26587
26.0.50; Gnus signs with false S/MIME key

Previous Next

Packages: emacs, gnus;

Reported by: Torsten Bronger <bronger <at> physik.rwth-aachen.de>

Date: Fri, 21 Apr 2017 11:42:02 UTC

Severity: normal

Tags: fixed, security

Found in version 26.0.50

Fixed in version 27.1

Done: Lars Ingebrigtsen <larsi <at> gnus.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Lars Ingebrigtsen <larsi <at> gnus.org>
To: Torsten Bronger <bronger <at> physik.rwth-aachen.de>
Cc: 26587 <at> debbugs.gnu.org
Subject: bug#26587: 26.0.50; Gnus signs with false S/MIME key
Date: Wed, 09 Oct 2019 22:42:21 +0200

Torsten Bronger <bronger <at> physik.rwth-aachen.de> writes:

> I would like the second key to be used.  But Gnus signs the email
> with the first certificate.

If I understand the code correctly, `epg-start-sign' is run here, and
gpgsm is started with the parameters looking like 

"--detach-sign" "-u" "4A44812B553ACE6D" "-u" "4A44812B553ACEetc"

with as many "-u"s as there are in your gpgsm store that matches
whatever you've set up in that list that lists all your identities you
want to use.

Could you edebug that function to see if that's really what happens?
Because if it is, we're leaving the decision to gpgsm itself which user
ID to use, and that seems very sub-optimal.

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no
This bug report was last modified 4 years and 296 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.