GNU bug report logs -
#26587
26.0.50; Gnus signs with false S/MIME key
Previous Next
Reported by: Torsten Bronger <bronger <at> physik.rwth-aachen.de>
Date: Fri, 21 Apr 2017 11:42:02 UTC
Severity: normal
Tags: fixed, security
Found in version 26.0.50
Fixed in version 27.1
Done: Lars Ingebrigtsen <larsi <at> gnus.org>
Bug is archived. No further changes may be made.
Full log
Message #22 received at 26587 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Hallöchen!
Lars Ingebrigtsen writes:
> Torsten Bronger <bronger <at> physik.rwth-aachen.de> writes:
>
>> I would like the second key to be used. But Gnus signs the email
>> with the first certificate.
>
> If I understand the code correctly, `epg-start-sign' is run here,
> and gpgsm is started with the parameters looking like
>
> "--detach-sign" "-u" "4A44812B553ACE6D" "-u" "4A44812B553ACEetc"
>
> with as many "-u"s as there are in your gpgsm store that matches
> whatever you've set up in that list that lists all your identities
> you want to use.
>
> Could you edebug that function to see if that's really what
> happens? Because if it is, we're leaving the decision to gpgsm
> itself which user ID to use, and that seems very sub-optimal.
I don’t know how to edebug, so before learning this, I wrote a
wrapper for gpgsm, logging the parameters. When sending the
message, gpgsm is called once, with the parameters
gpgsm --no-tty --status-fd 1 --yes --output /tmp/epg-outputmEnG08 --detach-sign
In particular, I don’t see "-u"s here.
Regards,
Torsten.
--
Torsten Bronger
[smime.p7s (application/pkcs7-signature, attachment)]
This bug report was last modified 4 years and 296 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.