On 2018-01-15 at 10:44 +0100, Gijs Peskens wrote: > I have a GPG key containing multiple UID's for a few of my mail > adresses. > In sending some test mails from the various accounts I notice that > Evolution seems to only regard the first UID for signature verification > purposes, it seems that the mail is correctly signed as checking with > another mail client (Thunderbird+Enigmail) does result in a correctly > verified signature. > Is this working as designed? > > Gijs Peskens
No, it should take all the ids into account. I am seeing two things here (although I haven't tested with the latest version): The first one is that evolution is not taking into account the value of the from: header (I made a copy of your email changing it to "spoo...@example.com", and the GPG signature is shown the same). The second one is that the bar states who signed it, but only shows the first UID (you can view the full GPG output, where all of them are listed, clicking on the button). I'm unsure how to treat it. On the one hand, it *is* showing you who signed the message, and that should be enough data if properly taken into account by the user. On the other hand, it seems wrong to ignore such mismatch (even though it's not so uncommon that in the field emailsl end up encrypted with the wrong key, mailing lists change the From:, etc). The second issue actually depends on the expected behavior regarding the first. I looked at the available documentation for the feature, but it would need some love: https://help.gnome.org/users/evolution/stable/mail-encryption-gpg-decrypting.html.en Regards PS: you should revoke your 2014 key, that I assume you have replaced with this one. _______________________________________________ evolution-list mailing list evolution-list@gnome.org To change your list options or unsubscribe, visit ... https://mail.gnome.org/mailman/listinfo/evolution-list
