Maniphest T8116

Draft: Kleopatra: For S/MIME verification do not use "fingerprint" in messages
Open, NormalPublic
Actions

Assigned To
ebo
Authored By
ebo
Feb 20 2026, 3:59 PM
Tags
Subscribers
ebo
ikloecker

Description

Though we use internally "fingerprints" of S/MIME certificates, those are nothing you can reliably identify a certificate with. They are defined by issuer and serial number.

Therefore we should identify them in the messages to the user with these.
Especially if the certificate is not available as at that point no "fingerprint" can be calculated.
And without issuer and S/N the certificate can not be searched for.

This information can be seen with --debug x509:

gpgsm --debug x509 --verify <signed-message>

Related Objects
Search...

Event Timeline

ebo triaged this task as Normal priority.Feb 20 2026, 3:59 PM
ebo created this task.
ebo created this object with edit policy "Contributor (Project)".
ebo mentioned this in Unknown Object (Maniphest Task).Feb 23 2026, 9:57 AM
ebo updated the task description. (Show Details)Feb 23 2026, 1:43 PM
ebo added a project: needs discussion.Mar 27 2026, 10:01 AM
ebo added a subscriber: ikloecker.Tue, May 19, 11:08 AM

@ikloecker pointed out that an S/MIME certificate should always be included in the signature and we should therefore always have the certificate available and never show a message without an not defined fingerprint/key-ID.
The case I found where this is not true is if a self-signed certificate is used which is it's own Root-certificate. This is not a normal usecase. But verification without the certificate looks then like this in vsd3.3.7:

and in gpd5.0.2 (I've marked the missing fingerprint.) :

ebo claimed this task.Wed, May 20, 11:35 AM

I'd like another text in this (uncommon) case, that no certificate is available for an S/MIME signature.
I'll come up with one…