OpenPGP: Verify should be able to understand if a message was encrypted and signed
Reported by Luke Le | August 15th, 2013 @ 08:54 PM
In some cases, a message is encrypted and signed, using the sign
feature
of OpenPGP: Encrypt. Some users expect OpenPGP: Verify to handle
that case correctly.
It indeed should.
Comments and changes to this ticket
-
-
steve August 15th, 2013 @ 09:03 PM
- Milestone cleared.
-
steve March 26th, 2014 @ 02:40 PM
from duplicate "Better error msg: GPGServices shows misleading verify results if encrypted and signed files are verified"
Repro:
encrypt + sign a file right click encrypted file and select Services > OpenPGP: Verify signature of fileVerification FAILED. No signatures found. That is a little misleading. (screenshot attached)
Not sure about the best solution. We could try to decrypt the file first in such case (but need to make sure user understands what happens, because if they click "verify" and end up with encrypted files, that could be misleading as well and a potential security problem).
Else we could at least show some more info, e.g. that the file first needs to be decrypted to do the verification. decrypt now? after decryption proceed with verification.
-
verify-error.png
43.2 KB
-
verify-error.png
Please Sign in or create a free account to add a new ticket.
With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.
Create new ticket
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป
People watching this ticket
Alex (via GPGTools)
Luke Le
steve
Attachments
-
verify-error.png
43.2 KB
Referenced by
-
182
Better error msg: GPGServices shows misleading verify results if encrypted and signed files are verified
dupe of #165