invalid signature when signed message contains another signed message embedded within

Edit

gpg_dude

05 Feb, 2026 06:40 AM

I'm not sure if this is expected, but I recently noticed that GPGMail reports invalid signature for signed messages that contain another signed message embedded in. For example:

send yourself a message with subject test1
compose a new message to yourself with subject test2
embed first message into the second message by dragging and dropping it into the body
send the second message to yourself
open the message (in your inbox or your sent folder) and note the invalid signature reported

I've attached redacted screenshots showing this behavior in action. I could reproduce it in GPGMail stable 2023.2 on Ventura as well as the latest nightly 2024.1 (3592n) on Sequoia. I also noticed in the latest nightly on Sequoia the invalid signature icon & message are not displayed in the security line like they were in the stable version on Ventura.

test1.png 50.3 KB
test2-with-test1-embedded.png 90.5 KB
invalid-signature-not-shown-in-security-line-on-sequoia.png 64.9 KB

Reply to this discussion

Internal reply

Name

Email

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attaching KB article:

»

Already uploaded files

test1.png 50.3 KB

test2-with-test1-embedded.png 90.5 KB

invalid-signature-not-shown-in-security-line-on-sequoia.png 64.9 KB

Attached Files

Remove

Attach File: You can attach files up to 10MB

Verify Human: If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

New Issue
Conversation Started

A conversation has been started with the GPGTools staff to resolve this discussion.
Close the discussion Close the discussion

Private Permissions

This discussion is private. Only you and GPGTools support staff can see and reply to it.

Public Permissions

This discussion is public. Everyone can see and reply to it.

Comments Feed

Keyboard shortcuts

Generic

?	Show this help
ESC	Blurs the current field

Comment Form

r	Focus the comment reply box
^ + ↩	Submit the comment

You can use Command ⌘ instead of Control ^ on Mac

Recent Discussions

	06 Feb, 2026 12:42 AM	GPG Keychain: GPG Key Chian Selection issue
	05 Feb, 2026 06:40 AM	invalid signature when signed message contains another signed message embedded within
	27 Jan, 2026 03:12 AM	I lost my paraphrase — is there any way to retrieve my previous paraphrased
	24 Jan, 2026 09:20 PM	Please consider adding support for creating and using PQC keychains
	23 Dec, 2025 10:48 PM	Regarding the need for GPG decryption passwords

Recent Articles

	How to verify the downloaded GPG Suite?
	How to decrypt an email when no internet connectivity is available
	What does the status bubble in GPGMail indicate?
	Modification Detection Code (MDC) Errors
	OpenPGP solutions for all operating systems

GPGTools Support