[Users] Signatures don't seem to work

Alexander Harkness me at bearbin.net
Sat Aug 31 16:49:17 CEST 2019


On Sat, 31 Aug 2019 17:12:10 +0300
mlist <mlist at riseup.net> wrote:

> On Sat, 31 Aug 2019 10:07:47 -0000 Paul wrote:
> 
> > Claws Mail's key retrieval does not happen in offline mode.  
> 
> It seems it does. My tests here were all done in offline mode.
> Initially there were no retrieved keys. Pressing 'C' (in offline
> mode) retrieved the keys. (tested with  gpg2 --list-keys)

Looking again it seems that I was mistaken about how Claws validates
signatures.

For most functions, the GPGME library is used to fetch and validate keys
rather than calling the GPG binary directly. The only time the gpg
binary is directly called is when viewing the signature MIME part,
after explicit approval from the dialog window that pops up.

However, GPGME is itself capable of automatically fetching keys from the
keyserver [1]. It seems that this may be the default configuration
going by your test results. I couldn't find any place where the mode
was configured in the code, although I may not have been looking in
the right place. It does also have an offline mode [2], which would
seem easy enough to integrate and stop network accesses.

 [1]:
https://www.gnupg.org/documentation/manuals/gpgme/Key-Listing-Mode.html#Key-Listing-Mode
 [2]:
 https://www.gnupg.org/documentation/manuals/gpgme/Offline-Mode.html#Offline-Mode
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.claws-mail.org/pipermail/users/attachments/20190831/89ec7042/attachment.sig>


More information about the Users mailing list