Digital Signature Verification Problem

Question

Level 1

9 points

Digital Signature Verification Problem

Since upgrading to 10.5.3 all messages that contain digital signature now show a header stating "*Unable to verify message signature*". Clicking on "*Show Details*" the message window states "*Unable to verify message signature - There is a problem reading the digital signature for this message*."

Problem with the detail information is that the Mail program was able to read the digital signature since it displays the content of the related signature in the Security header correctly! In addition encrypted emails are decrypted which proofs that the program did read the signature and link the correct certificate.

All digital certificates are valid in the Keychain and since this problem is with all my signed and/or encrypted my messages, most received months ago and none ever had a warning about the signature could not be verified, this is *definitely a 10.5.3 update problem*.

The *good news* is that the security header does display the correct information and Mail will decrypt and encrypt emails, the *bad news* it is annoying to see a header on all those emails with a warning which means really nothing.

Has anyone else encountered this problem?

PowerBook G4 and Mac Minis, Mac OS X (10.5.3)

Posted on Jun 2, 2008 5:08 PM

Reply

Answer 1

deh2k

Level 4

1,890 points

Jun 2, 2008 5:58 PM in response to EDIguru

This happens because the certificate you have for those emails is valid but is no longer trusted. They could have expired or you could have a problem with the root certificate that it is signed with. The Show Details window may give you more of a clue. If necessary, you should be able to go into the keychain and set the trust of the email certifications (or better yet, the root certificate) back on.

Reply

Answer 2

EDIguru Author

Level 1

9 points

Jun 2, 2008 7:35 PM in response to deh2k

deh2k wrote:
This happens because the certificate you have for those emails is valid but is no longer trusted. They could have expired or you could have a problem with the root certificate that it is signed with.

Thanks for your feedback. However, all certificates are valid and trusted, including the related root certificates. As I stated, the problem a showed up immeditally after the 10.5.3. update. I did check all certificate entries in the keychain before posting and found no changes.

Reply

Answer 3

EDIguru Author

Level 1

9 points

Jun 2, 2008 7:53 PM in response to deh2k

I forgot to add that in addition, before the update, if a certificate had expired or was not trusted, clicking the "Show Details" button in the warning header would show either statuses and in the case of not being a trusted certificate or the linked root certificate was not trusted, would allow users to change the trust status immediately. However, as I stated clearly in my original post, the error message makes no sense at all as it tells me something that is not true since Mail is showing the correct security header information and is using the certificate to decrypt or encrypt and the entries in the keychain are all valid and trusted.

As I see it the code in the Mail application has been broken during the upgrade coding.

Message was edited by: EDIguru

Reply

Answer 4

Jun 10, 2008 2:47 PM in response to EDIguru

I think this might be somehow related - my signature in emails is causing my emails to get trapped by spam filters. It didn't happen before the upgrade, but is after.

Messages without signature get through just fine. With signature never get through.

Odd.

Plus, the code for the signature is HORRIBLE. Previous versions of Mail it was pretty short and sweet. Recently it is EVIL. Not sure why.

If you can, compare the code of your signature before and after the upgrade.

Reply