Signature invalid

graham.mitchell's Avatar

graham.mitchell

11 Jan, 2017 09:51 PM

This comment was split from the discussion: First Beta of GPGMail for macOS Sierra out now!

The invalid signature error is appearing - in my case - for all sent messages. It may be (I'm testing using an Apple provided mac.com account) that the body of the message is being altered by Apple as soon as it hits their server, and it may be that I'm viewing that sent message as it exists on their server rather than on my local machine (I'm not sure how to check that). However, if that is the case, the error message that I'm seeing is confusing as it suggests to me that my signature is broken in some way, where there's nothing wrong with the signature as applied to the message, rather that the message has been altered post-signing. Perhaps the warning message should/could state this?

  1. 1 Posted by Robert Vaessen on 11 Jan, 2017 11:13 PM

    Robert Vaessen's Avatar

    Alright let's see if we can troubleshoot this problem and figure out what's going wrong.

    First. I've been able to send test messages From: a private '@vaessen.ws' domain/address, To: my @mac.com address. The message was signed (not encrypted) and sent using Mail.app version 10.2 (3259). No errors were noted. I did not get a 'signature invalid' error message, and the email (as received) showed a 'Security:' header with a checkmark, the word 'signed' and the email address that I used to send the email.

    The body was identical to that sent: "A signed message - Any errors?' (without quotes).

    In past experience (before and after this recent beta release), the only time I've had 'signature invalid' errors was when the message/content had been altered by one of the email servers that handled the email. In my case it was easy to see that additional text had been added by one of the email or mailing list servers that handled the message.

    An error message which states 'signature invalid' is what you should expect when this happens. The GPG software doesn't know why the signature/hashing value is invalid. To know that, it would have to 'read' the content of the message, and I don't think many people would advocate for that.

    Could you send me a 'signed' message so that I can take a look at the message? Please send your test to 'robert at vaessen dot ws' (email address munged here due to concern over web scraping spiders/uncertainty regarding appearance of email addresses in this forum and general security precautions)

    I would propose that any further troubleshooting for this issue take place off the discussion forum. We/you could post an update if/when a reason for the failure is discovered.

  2. 2 Posted by Robert Vaessen on 18 Jan, 2017 10:23 AM

    Robert Vaessen's Avatar

    Graham -

    Have you made any further progress regarding your issues with GPG mail? I have found that there may be an issue with Apple's Mail.app and message threading/aka 'Converstion' view. See this article: https://gpgtools.tenderapp.com/discussions/beta-feedback/1264-gpgmail-gmail-mailapp-gpg-suite-201612b1-invalid-signatures for additional details.

    In general, I too note that many of my messages show ‘Invalid signature’ after they are moved to the ‘Sent’ or other folders. I believe that this has something to do with the way that Apple’s Mail.app stores the messages and relational code (that you can't readily see) that it inserts into the message in order to do ‘Message Threading’. In order to determine where messages are stored and what other messages the message is related to…

    In all cases (in my experience) if you drag the message to the desktop, and view the message (using Mail.app) as a .eml document, you should note that the signature is valid.

    I hope this helps.

  3. Support Staff 3 Posted by Luke Le on 18 Jan, 2017 10:29 AM

    Luke Le's Avatar

    Hi all,

    we've found the bug creating the invalid signatures and hope to have it fixed in b2. Unfortunately it's deep in Apple's frameworks and happens without GPGMail installed for some S/MIME messages as well.

  4. Support Staff 4 Posted by Steve on 18 Jan, 2017 07:35 PM

    Steve's Avatar

    Hey Graham and Robert,

    welcome to the GPGTools support platform. Sorry you are having problems using GPG Suite.

    Thanks for the feedback about GPGMail beta for macOS Sierra 10.12.

    We think we fixed the problem you are seeing. Could you please install GPG Suite from our nightlies page and see if the problem then persists.

    Looking forward to your feedback.

    All the best,
    steve

  5. 5 Posted by Robert Vaessen on 19 Jan, 2017 12:29 AM

    Robert Vaessen's Avatar

    Steve -
    I'm still seeing some odd behavior. I checked the SHA1 fingerprint and the installer matched. I quit Mail.app and System Preferences, Installed new GPG Tools suite from nightlies build (GPG Suite 2016.10 28n (1726625), relaunched Mail.app and System Preferences. Upon checking a few messages (in my Sent mail folder) I saw some messages were still marked as 'Invalid' although I suspect that they are NOT. I move a copy of the suspect message to my Desktop. Open the Desktop copy, and it appears valid. Go back to my Sent folder deselect the message (click on a different message), then go back to the original message. Now it's magically valid... There's some weird Apple voodoo going on here.

    I'm attaching a screen capture (static jpg), but I also made a recording, available at: https://storagemadeeasy.com/files/8b337744f479cf2dfc2e5087f7005946.mov Let me know when you've had a chance to view/download the video, so I can delete it from the server - I'd prefer not to leave it out there for too long.

    Video recording made available on 18 Jan, 2017 was removed on the 24th of Jan, 2017.

  6. 6 Posted by Robert Vaessen on 19 Jan, 2017 12:30 AM

    Robert Vaessen's Avatar

    Screen capture didn't take... Trying again.

  7. Support Staff 7 Posted by Luke Le on 19 Jan, 2017 12:32 AM

    Luke Le's Avatar

    Hi Robert,

    unfortunately what you're seeing is expected.
    The bugfix will only work on new messages. The old one were already broken when written to disk by Mail. If you copy them somewhere, or for example view the raw source of the message, they will be force re-fetched from IMAP. As a result, the broken eml on disk is replaced with the valid one, and your messages will validate.

    It's quite the nasty bug and we'll report it to Apple tomorrow, since it also affects their S/MIME implementation.

  8. 8 Posted by Robert Vaessen on 19 Jan, 2017 12:46 AM

    Robert Vaessen's Avatar

    Luke -

    O.k. I sent myself two different test messages (new messages), from two different accounts, to two different accounts. I even replied to one of the test messages, then replied to the reply. All the different accounts showed valid signatures in my Inbox and my Sent folder. I'm not seeing any Invalid signatures at this time. I'll continue testing and let you know if I see any invalid signatures - 90% of my sent email is signed, and about 5% of the received email is signed. Can't seem to get people to using digital signatures (outside of work).

    • Robert
  9. Support Staff 9 Posted by Steve on 19 Jan, 2017 12:22 PM

    Steve's Avatar

    Hey Robert,

    thanks for helping us test the fix. Sounds good. 5% of all incoming mail sounds like a really great state to be in (:

    I can assure you more and more people are adopting secure communication. But humans don't like change nor do they like adjusting habits. So it's a slow process. Offering help with the setup can work wonders.

    Glad, this is solved for you. I'm closing this discussion. Should you need further assistance or have questions you can re-open this discussion here or open a new one any time.

    Best, steve

  10. Steve closed this discussion on 19 Jan, 2017 12:22 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac