AquaMail Forum
English - Android => S/MIME => Topic started by: RadioHead on September 27, 2021, 01:39:57 pm
-
Hi There,
i´m so happy that Auqamail has now s/mime support... but i have the following problem and maybe you can help me.
I Use an Actalis s/mime cert für my mail adress.
If i sign an email, the signature is shown as invalid in Thunderburd, FairMail or even in Aquamail itself. on Manjaro and latest Android.
If i use the same cert in FairMail with the same settings for it.. every client shows the signature as valid. Even Aquamail.. !
Tried different settings for signature 1, 128, 256, 512 bit... but no difference.
In FairMail everything is fine with 256bit. Signature Hash.
Dou you have an idea? i would like to continue the usage of Aquamail. .. With s/mime.
Thank you so much
-
Meanwile i tried other s/mime certificates with the same result..
Every client i tested worked.. only aquamial seams to have a problem at the moment on my device android device.
has anyone a suggestion?
Thanks
-
Hi RadioHead,
Could you send us an email at smime3@mobisystems.com?
Could you include Device model, Android OS version, AquaMail version and sign the email with the certificate you mention and send it from AquaMail app?
Could you send us another mail with valid signature from FairMail signed with the same cert?
Thanks,
Anton.
-
emails are send.
Thank you :)
-
Do you have any new information for me? :)
Best regards
-
Hello RadioHead,
We are able to reproduce the problem, but we are still investigating the source.
I'll let you know when we have progress on that issue.
Thanks,
Anton.
-
Hi,
now i have a aditional Problem...
I switched certificate to sectigo formerly comodo.
Every client works and shows a valid signature... except aquamail. When i try to send an signed mail i always get a network error... and the email stucks at drafts.
What could i do now?
If i send from thunderbird or FairEmail Client.. every other cliend including aqua mail shows the signature as valid.
Working with both on mobile aqua mial and fairemail client is not a real solution.. but for the moment.. it is a workaround...
Any sugestions?
-
Hello RadioHead,
This is interesting because we have instance of Sectigo certificate and have no problems on our end, is it possible to create a log file of the moment you get the error and send it to me at smime3@mobisystems.com?
Thanks,
Anton.
-
now.. i swithed to a class2 cert from sectigo and now.. i am back at the start:
Sending signed emaiils from every client (thunderbird.. fair email) show up as valid in every other client (thunderbird, FairEmail, Aqua-mail).
sending from aquamail: every client shows the signatur as invalid...
Did you find out something about this problem yet?
Let me know if i can help :)
Best regards
-
Hello,
I did some investigation with a Sectigo S/MIME cert and it didn't have such problems. It seems like this issue is happening on specific configurations like yours.
Could you send me a LOG file with the issue reproduced to check for errors?
Here is description how to do that -> https://www.aqua-mail.com/troubleshooting/.
Could you click on "Reset the log file" from the same Debug menu before starting to reproduce the issue, it would help us greatly?
Thanks,
Anton.
-
The Logile is out :)
Best regards
-
Hi RadioHead,
We are not able to reproduce the issue on our end.
There is no errors in the log.
The signature in your email is invalid, but I'm not able to produce such invalid signature on my end to understand what is wrong.
I don't have a Lineage OS device available at the moment, but if I find one I'll check if there is an incompatibility with the OS.
Thanks,
Anton.
-
Hi Anton,
thank you for your investigation. :)
i tried to update to a newer build of LineageOS, but the problem still presists.
Maybe... rooting with magisk may have caused this?
Do you have some other ideas where i may help?
Thanks alot
-
Hi,
I appear to be having this same issue. Signed mail from Thunderbird works fine in both Thunderbird and Aqua Mail, but signed mail from Aqua Mail is invalid in Aqua Mail and Thunderbird.
Thunderbird reports: 'The message included a digital signature, but the signature is invalid. The signature does not match the message content correctly. The message appears to have been altered after the sender signed it'
Aqua Mail reports: 'The digital signature on the message isn't valid or trusted'
Strangely, if I send a message that's signed and encrypted from Aqua Mail, it works fine. 'Message is encrypted. Signature is valid.'.
-
I would like to report same problem. I'm searching for some solutions of email singing and AquaMail on my phone didn;t work as expected.
Emails signed with AquaMail are verified as not valid or trusted by AquaMail, Thunderbird, Outlook 2010/2016 and Roundcube (with some plugin).
My mobile phone is Xiaomi Mi9 (it's Android 10, official ROM without any root - MIUI Global 12.0.4 Stable).
I have installed AquaMail Pro 1.32.1-091.
I'm using certificate from Actalis S.p.A. (Actalis Client Authentication CA G3).
Using same certificate to sign messages in Outlook 2010/2016 works without problem (AquaMail read them as correct).
Same with Thunderbird (AM read them as correct).
-
If i sign an email, the signature is shown as invalid in Thunderburd, FairMail or even in Aquamail itself. on Manjaro and latest Android.
I appear to be having this same issue. Signed mail from Thunderbird works fine in both Thunderbird and Aqua Mail, but signed mail from Aqua Mail is invalid in Aqua Mail and Thunderbird.
Hello guys. I was testing my problem and find out some problems inside Thunderbird too (it appeared only, when digitally signed message had special characters (in Polish language for example there is ę€óąśłżźćń).
The reason in case of Thunderbird, and AquaMail was handling messages by my mailserver itself! You may have same problem.
In my case configuration of amavisd-new was changing email message, so after receiving message was detected with invalid signature (and that was correct, because message was changed between me, and receiver). My amavisd-new configuration was:
# force MTA conversion to 7-bit (e.g. before DKIM signing)
smtpd_discard_ehlo_keywords => ['8BITMIME']
Since conversion is made AFTER singing with S/MIME, then error about digital sign is correct.
To fix it in my case i just disabled whole line by commenting it (just put # before line).
Also in Your scenario it may be Postfix itself (it also have option to convert to 7-bit format).
Check this with Your mail server administrators.