-
Notifications
You must be signed in to change notification settings - Fork 60
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
No able to verify the key #11
Comments
Mee2! I've attached the decrypted body, Brainwave: there are an awful lot of 3D digraphs including one in the key ID which is Also I think 'ampersand' needs to be URL-encoded or written as 'ampersand amp semicolon'. Attachment link for the decrypted body: I'm assuming that the nonce includes a date and won't last forever, and the most a |
The encoding used is quoted-printable. You can decode for example here: http://www.webatic.com/run/convert/qp.php I think we should use UTF8 encoding instead to better support manual decryption with GPG for the verification emails. |
Here is some info regarding the verification procedure: If a key is uploaded, it is in a pending verification state. As long as it is not verified, all subsequent uploads of the same key will trigger new verification emails. Only the latest verification emails are valid and previous verification emails will be invalidated by a new key upload. A key in pending verification state can be overwritten by uploading the same key to the server multiple times, but also by uploading a different (maybe newly generated key) with the same email address as the previously uploaded key. Once a key is verified (with at least one email address), a subsequent upload of the same key or of a key with identical email address will fail. That means for key update on the key server (e.g. after having changed the key by adding another email address) the key first has to be removed and only after confirming the key removal email from the server, another upload is possible. The key server will send out verification emails for all email addresses attached to a key. Lookup by email address will only succeed for emails that have been verified. You can choose to not verify all emails on the key in order to prevent that a key can be found by a certain email address. But the key server does not strip UserIDs from the key which are not verified, that means a successful lookup will always return the complete key as it was initially uploaded. For key upload, lookup and removal: https://keys.mailvelope.com/demo.html Email verification emails are sent out encrypted in order to not only verify that the user has access to the email account but also that they are in possession of the private key of the key that was uploaded to the key server. Verification emails are in PGP/MIME format. Should your webmail or other PGP-enabled mail client not be able to decrypt the email correctly the following workaround can be applied: download the encrypted.asc file attached to the verification email, open in text editor, copy the armored text and paste into email that you send to yourself. Use Mailvelope to decrypt the email and click on verification link. Errors from the server:
|
The URL link from decripted file it gives me an error - "Invalid request.", when I access it. |
@S3TH76 I updated #11 (comment) with explanations of error codes from the server. |
You don't understand! I followed all steps correctly, until the phase where after I received the encrypted file and decrypt it with mailvelope add-on from Mozilla Firefox. I'm curious if this service even function correctly.... I let it the tray to see browser, OS, time and file that was decrypted. |
http://www.webatic.com/run/convert/qp.php |
@S3TH76 @eric1357a Problem is that line breaks in the URL must not be modified before decoding. I updated #11 (comment) once again. |
@toberndo I know and I already finish verification |
Yeah, I ran into this issue as well. When the attachment is decrypted — I did this manually, GPGTools isn't working on macOS Sierra yet — it looks like this:
So, I've got a URL of keys.mailvelope.com/api/v1/key?op=3Dverify&keyId=3Daa42caa60faf27f1= Note that in addition to the three errant instances of "3D", there's also an errant equal sign between the keyID value and the ampersand preceding the Took me a few minutes to sort this out, but the correct URL ends up being: keys.mailvelope.com/api/v1/key?op=verify&keyId=aa42caa60faf27f1 |
There is nothing wrong with this output, the message is just encoded for email. import email, sys
with open(sys.argv[1]) as f:
m = email.message_from_string(f.read())
if m.is_multipart():
for p in m.get_payload():
print(p.get_payload(decode = True).decode('utf8'))
else:
print(m.get_payload(decode = True).decode('utf8')) This is not a valid issue :p |
Not a developer on this project, just a user. When I tried to verify my key, the verification window appeared blank. Then I re-sized the window and everything appeared. Hope this helps. |
I ran into the same issue. I solved it using the online qp converter. I don't find it a satisfactory solution. This should not be an issue if the goal is to be "secure, easy" and "just as painless as modern messengers". |
Verification emails use now PGP/Inline with plaintext, therefore encoding issues of that kind should not arise anymore. |
After I decrypt the link from the email provided by encrypted.asc
The api reply with "Invalid request!"
The text was updated successfully, but these errors were encountered: