Thread

Index > Scribe > GPG plugin - signature checking
Author/Date GPG plugin - signature checking
Mike Green
11/12/2004 9:01pm
Hi Matthew,

I've just noticed that the plugin does not seem to 'do' anything with the gpg output from a bad signature! ie. in the 'manual' plugin, if I receive a gpg-signed mail which has been altered, and thus has a 'bad' signature - when I click the decrypt / verify button the signature is stripped away, but there is nothing (nothing I've noticed) which informs me that the signature was invalid!!!

Is this just me or is there an omission in Scribe's processing here?

Thanks,

Mike
Mike Green
13/12/2004 7:47pm
Hi,

I've been doing some testing with the PGP plugins and have some comments which I'd appreciate your thoughts on the following. I may well have missed something in a setting so this is not intended as negative criticism but rather as questions and, if working as designed, suggestions for different ways of behaviour within Scribe.

1. The comment in this thread about signature checking. It's not obvious to me that any signature checking is being done as I cannot cause an error to appear either manually or automatically when sending (to myself) 'bad' signatures. This is quite a big problem as it stands - unless I'm missing something, which is entirely possible!

2. With AutoPGP on
- the error messages are, IMHO, superfluous. Specifically 'Already encrypted/signed' does not add any value and is in fact a nuisance since it just adds an extra click - if it's already done, why bother to alert the user to this?
- the error window 'No begin/end block' is a serious problem since it results in ANY mail not actually encrypted failing to process and being placed in the Outbox. Surely such mail should simply be handled 'normally' - i.e. the AutoPGP plugin should be transparent to it? As it stands it makes the AutoPGP plugin (again, IMHO) unusable.

3. Various conditions to do with absent keys cause errors and crashes (none of these are a big deal as it's just a case of getting the keys right!)

4. If the passphrase is entered incorrectly then Scribe must be re-started in order to 'have another go' - re-trying would be good!

This implementation is so close to being almost there but the above, mainly 1 and 2, are serious issues and make comparison to Thunderbird unfavourable - whereas apart from this Scribe is excellent and much better than Thunderbird (the obvious comparitor, I would suggest).

Mike
Mike
Mike Green
13/12/2004 7:55pm
p.s. I should have pointed out that the 'No begin/end block' error is only a problem for those senders associated with the AutoPGP plugin of course.
fret
13/12/2004 8:40pm
Ok, I've starting looking at the issues you've listed. Firstly the error code during signature checking was indeed wrong. I've fixed that to display the right error when the signature is bad.
fret
13/12/2004 9:49pm
I've removed these error messages as well. So this should completely address 1) and 2).

As for 3) can you provide more detail about this?

4) I'll have a think about this, it's not immediately obvious to Scribe that the password is wrong. Only gpg knows that.
Mike Green
13/12/2004 11:37pm
I've removed these error messages as well. So this should completely address 1) and 2).

As for 3) can you provide more detail about this?

4) I'll have a think about this, it's not immediately obvious to Scribe that the password is wrong. Only gpg knows that.
Reply

RE 3) - if it happens again then I'll post details. But it was to do with keys being absent when called for and was quite possible due to my having an unnecessarily complex keyring (set of keyrings) for testing purposes so I don't think it's a particulary serious issue.

RE 4) OK - so scribe is passing control to GPG and then handling the output. I suppose the only way to handle it would be to look for the error code that comes back from GPG - again, not especially important but a definite nice to have!

Thanks for fixing the other problems!

Mike
Mike Green
14/12/2004 4:27pm
Hi Matthew,

When do you think you might release a version with the various error messages on removed / fixed?

Mike
fReT
14/12/2004 11:45pm
Few days...
Reply