By RFC 3156 Point 6.1 and 6.2 - two formats are allowed for signcryption.

1) First sign the Content, and than encrypt the Content
2) Sign AND Encrypt the content in one process.


Enigmail is only able to use Point 2).

Signcrypted Messages, which are first signed and THAN encrypted - only identify in Enigmail as "Decrypted" - they should however identify as "Decrypted, Signed by...".

Enigmail even parses the signature away and only shows the original content of the message, so there seems to be some signature handling here - but it is not displayed.

The way enigmail should handle this message should be : First Decrypt Data, and second - look if a signature is embedded in the decrypted data - and than verify this data.

Further Information : Format of Point 1 :

(taken from RFC)
Content-Type: multipart/encrypted;
            protocol="application/pgp-encrypted"; boundary=foo

         --foo
         Content-Type: application/pgp-encrypted

         Version: 1

         --foo
         Content-Type: application/octet-stream

         -----BEGIN PGP MESSAGE-----
      & Content-Type: multipart/signed; micalg=pgp-md5
      &     protocol="application/pgp-signature"; boundary=bar
      &
      & --bar
      & Content-Type: text/plain; charset=us-ascii
      &
      & This message was first signed, and then encrypted.
      &
      & --bar
      & Content-Type: application/pgp-signature
      &
      & -----BEGIN PGP MESSAGE-----
      & Version: 2.6.2
      &
      & iQCVAwUBMJrRF2N9oWBghPDJAQE9UQQAtl7LuRVndBjrk4EqYBIb3h5QXIX/LC//
      & jJV5bNvkZIGPIcEmI5iFd9boEgvpirHtIREEqLQRkYNoBActFBZmh9GC3C041WGq
      & uMbrbxc+nIs1TIKlA08rVi9ig/2Yh7LFrK5Ein57U/W72vgSxLhe/zhdfolT9Brn

      & HOxEa44b+EI=
      & =ndaj
      & -----END PGP MESSAGE-----
      &
      & --bar--
        -----END PGP MESSAGE-----

        --foo--

(& = identifies encrypted data)

What version of Enigmail do you use? I'm asking because this should have been
fixed in Enigmail v0.83.0.

Sorry, im using Enigmail, version 0.83.3

Can you attach such a message, encrypted to me (patrick.brunschwig@gmx.net) and
to barry (barry@bpuk.net)?

As I said, this was addressed in v0.83.0, so without the message I wouldn't know
what to do.

I just had an idea: do you automatically decrypt/verify messages or do you
click
on the Decrypt button for decrypting/verifying a message. I believe you'd have
to click the Decrypt button twice for getting the signature status correctly,
first for decrypting the message, and then for verifying the signature.

I decrypt automatically, clicking on the decrypt button again does nothing.

I will attach the signcrypted mail soon.

Created an attachment (id=1904) [details]
The public key, for signature checking (bonelabs_public.asc)

Created an attachment (id=1905) [details]
signcrypted message for patrick.brunschwig@gmx.net

Created an attachment (id=1906) [details]
signcrypted message for barry@bpuk.net.txt

weird ... this used to work, but now it doesn't anymore.

Created an attachment (id=1907) [details]
Patch fixing the bug

I wonder how this could ever work. There is clearly a test missing so that the
message was simply re-decrypted instead of signature checked.

*** Bug 5830 has been marked as a duplicate of this bug. ***

It seems I see this, too.
I have sent a signed and encrypted mail with Evolution 1.4.6. In german Mozilla
1.5 with Enigmail version 0.82.6.0 the mail is decrypted correctly, but the
signature is only shown as an attachment named signature.asc.

There is a blocking bug that makes the function unusable for large messages,
therefore I have disabled it in the past. I have now found that with message
sizes up to ca. 40 kB it works OK. I have therefore re-enabled the verification
for messages of sizes up to 40000 bytes. A test version can be found at
http://enigmail.mozdev.org/nightly.html

Thats good to hear, i changed our software anyway to create signcrypted 
messages with the format enigmail uses (sign+crypt in one process) a while ago 
to be compatible with enigmail.

There are only a few clients who speak PGP/MIME anyway and with the 40k mails 
bug fix it should work 99,9% of the time i believe.

fixed in v0.86.0 as mentioned in comment #13 (leaving bug open)

This bug seems to be related to a problem I'm seeing, so I'm adding this
comment.

In exchanging encrypted and signed messages between a Mozilla-Thunderbird 1.0.2
for Windows client using Enigmail 0.91.0.0 (windows binary currently linked
from
enigmail web page) running on XPP and Evolution 2.2.1.1 running on a Gento ppc
linux machine, I have some problems with Evolution properly parsing the
messages
sent from tbird/enigmail.  Looking at
http://bugzilla.ximian.com/show_bug.cgi?id=32458 shows me that others have had
some similar problems and reported them as bugs to the Evolution maintainers,
but the Evolution maintainers say, "we only support the method of pgp signing
described in rfc3156 (which is the standard)."

The specific problem I have is that when I compose a message in tbird/enigmail
and sign and encrypt it and send it to a user using Evolution 2.2.1.1 (me in
both cases), when I view the message in Evolution, Evolution sees the message
as
encrypted only (not encrypted and signed).  When I view the very same message
in
tbird/enigmail (message stored on an IMAP server and accessible using several
different clients), tbird does see it as both encrypted and signed.  I have the
checkbox checked in tbird/enigmail prefs for "Always use PGP/MIME."

It seems there is a problem with tbird/enigmail's compliance with rfc3156, but
me not being well-versed in such details, I can only say, "seems."

Could someone look into this?  I'd be happy to help by viewing any messages in
Evolution 2.2.1.1.  Send mail to lists at gnosysllc dot com.

Even worse in a way is that when I use Thunderbird 1.0.2 (running and built
from
sources on Gentoo linux ppc) and enigmail 0.90.2 (also built from source
simultaneously through the Gentoo mozilla-thunderbird-1.0.2 ebuild), it seems
that tbird/enigmail are missing big portions of OpenPGP compliance:

When I compose a message, the only security options (for signing/encrypting)
are
those of S/MIME.

When I use tbird 1.0.2 for ppc/linux to view a message that was composed in
Evolution 2.2.1.1 for ppc/linux or that was composed in tbird/enigmail
1.0.2/0.91 for winxpp (released binaries in both cases) and that was signed and
encrypted, tbird 1.0.2 for ppc/linux demonstrates no awareness that this
message
has any security features.  It fails to parse the message as a signed and
encrypted message entirely.

This in spite of the fact that I have enabled OpenPGP security (Enigmail) for
the identity in question using Edit->Account Settings->OpenPGP Security.

This is true for messages composed in tbird 1.0.2 for windows using either the
PGP/MIME method or the older method.

I can reproduce this bug using Enigmail 0.95.7 with Thunderbird 2.0.0.19 on a
Gentoo Linux system. Mails were sent sent with KMail/1.11.0.

Please change the “Hardware” and “OS” fields to “All”, and add
“0.95.x” to the “Version” field. Thanks.

A small miracle happened: fixed on trunk :-)