Messages composed in Claws Mail and signed using the PGP/inline method can be received in Claws and the message is understood to have a good signature. The mime type icon is marked with the signed/passed emblem and the signature details appear at the bottom of the message. However, the message list attachment column does not indicate a signed message, either by icon or by tooltip.
Works for me. Can you show a screenshot, with the default internal theme?
Created attachment 1305 [details] inline signed message lacking an indicator icon
I think this should show what is happening. The preview pane shows that Claws Mail understands and accepts the inline signature. The message list has no indication of the signature, but shows the signed icon for other messages with the signature in a MIME attachment. I thought the message was from Claws but is apparently from Thunderbird.
Please, if possible, forward-as-attachment, (privately), a message that demonstrates this behaviour.
Forwarded ... When I pressed the forward button, the correct icon appears in the paper-clip column! It stays until I restart Claws, then it is gone again.
Thanks for forwarding the example. Your example works absolutely fine and as expected for me.
I've sent some inline-signed messages to myself and they work fine. I also forwarded the problem message, inline and as an attachment, and that works fine too. So the original message is damaged in some way? Or something in my settings when I received it?
I did find another issue with inline-signed messages. Perhaps should be a separate bug? The signature should verify that the contents of the message are as they were when the message was signed, but if extra text is entered on the blank line between the HASH line and the rest of the message body then it is still declared to be validly signed. Changes anywhere else in the message body result in a bad signature message. The spec states that changes anywhere between the start of the HASH line, or the start of the PGP SIGNED line if there is no HASH line, and the signature should not be tolerated.
(In reply to comment #8) > if extra text is entered > on the blank line between the HASH line and the rest of the message body > then it is still declared to be validly signed. Even gpg used directly will tell you that that's a good sig. It's only when you alter the text below that line that a bad sig is reported.
Since this cannot be reproduced and everything works as expected, closing this as WORKSFORME.
gpg standalone (1.4.12 from Debian Wheezy) returns status code 2 and a message that the armor header is invalid. Return code 1 means bad signature, return code 2 means unexpected error. gpgv does the same. I don't know about the library API that I think Claws must use. I've tried all sorts to reproduce the initial problem, but no joy. It can't be a very common thing, although usually when I say that it turns out to be something painfully obvious.