https://bugs.kde.org/show_bug.cgi?id=427091
Bug ID: 427091 Summary: Kmail gpg bad signature if From header contains non-ascii characters Product: kmail2 Version: 5.15.1 Platform: Archlinux Packages OS: Linux Status: REPORTED Severity: normal Priority: NOR Component: crypto Assignee: kdepim-b...@kde.org Reporter: andre.vma...@gmail.com Target Milestone: --- SUMMARY I was getting GPG Bad signature on my own sent messages (to my self, as a test), and also upon saving with Sign on save option set. After a lot of debugging, I could identify that if (at least) the From field contains non-ascii characters (in my case, my name), Kmail did change the field encoding **after** it got signed, giving that error on any client which would try to verify the OpenPGP/MIME attached signature. >From setting some debug options in GnuPG dialog, and created "dbgmd-00001.sign" and "dbgmd-00001.verify" files, I can see they differ in the former containing "From: =?UTF-8?B?QW5kcsOp?= Vitor de Lima Matos <andre.vma...@gmail.com>" header, while the final mail body and verify header got changed to "From: =?ISO-8859-1?Q?Andr=E9?= Vitor de Lima Matos <andre.vma...@gmail.com>" (the issue here then is on the "é" character). The issue doesn't happen if e.g. Subject header contains the non-ascii character, with both signed and final versions ending in the UTF-8 version. Workaround for now is to remove non-ascii characters from my identity's name. Not sure if it matters, but my Composer's charset list is set to [utf-8, iso-8859-1, us-ascii] STEPS TO REPRODUCE 1. Have given set of charset in that order in config 2. Create a new mail and set some non-ascii character in From field 3. Save/sign and/or send the email 4. See Bad signature error. OBSERVED RESULT Final email body (used to verify signature) re-encodes the From field AFTER it got signed, making signature verification fail. EXPECTED RESULT Any [re-]encoding (if needed) should be done BEFORE signing, and the body/headers should NEVER be touched after gpg signing was performed. SOFTWARE/OS VERSIONS Linux/KDE Plasma: Arch Linux testing (available in About System) KDE Plasma Version: 5.19.90 KDE Frameworks Version: 5.74.0 Qt Version: 5.15.1 ADDITIONAL INFORMATION -- You are receiving this mail because: You are watching all bug changes.