Author Topic: Invalid Signature shown if signing with s/mime in Aquamail  (Read 11252 times)

RadioHead

  • Newbie
  • *
  • Posts: 8
Invalid Signature shown if signing with s/mime in Aquamail
« on: September 27, 2021, 01:39:57 pm »
Hi There,
i´m so happy that Auqamail has now s/mime support... but i have the following problem and maybe you can help me.

I Use an Actalis s/mime cert für my mail adress.

If i sign an email, the signature is shown as invalid in Thunderburd, FairMail or even in Aquamail itself. on Manjaro and latest Android.

If i use the same cert in FairMail with the same settings for it.. every client shows the signature as valid. Even Aquamail.. !

Tried different settings for signature 1, 128, 256, 512 bit... but no difference.

In FairMail everything is fine with 256bit. Signature Hash.

Dou you have an idea? i would like to continue the usage of Aquamail. .. With s/mime.

Thank you so much

« Last Edit: September 27, 2021, 01:47:10 pm by RadioHead »

RadioHead

  • Newbie
  • *
  • Posts: 8
Re: Invalid Signature shown if signing with s/mime in Aquamail
« Reply #1 on: September 29, 2021, 08:12:55 am »
Meanwile i tried other s/mime certificates with the same result..
Every client i tested worked.. only aquamial seams to have a problem at the moment on my device android device.
has anyone a suggestion?

Thanks

Anton Donchev

  • Newbie
  • *
  • Posts: 32
Re: Invalid Signature shown if signing with s/mime in Aquamail
« Reply #2 on: September 29, 2021, 08:59:49 am »
Hi RadioHead,

Could you send us an email at smime3@mobisystems.com?

Could you include Device model, Android OS version, AquaMail version and sign the email with the certificate you mention and send it from AquaMail app?
Could you send us another mail with valid signature from FairMail signed with the same cert?

Thanks,
Anton.
   AquaMail Developer

RadioHead

  • Newbie
  • *
  • Posts: 8
Re: Invalid Signature shown if signing with s/mime in Aquamail
« Reply #3 on: September 29, 2021, 09:07:18 am »
emails are send.
Thank you :)

RadioHead

  • Newbie
  • *
  • Posts: 8
Re: Invalid Signature shown if signing with s/mime in Aquamail
« Reply #4 on: October 02, 2021, 11:30:41 am »
Do you have any new information for me?  :)
Best regards

Anton Donchev

  • Newbie
  • *
  • Posts: 32
Re: Invalid Signature shown if signing with s/mime in Aquamail
« Reply #5 on: October 04, 2021, 08:12:12 am »
Hello RadioHead,

We are able to reproduce the problem, but we are still investigating the source.
I'll let you know when we have progress on that issue.

Thanks,
Anton.
   AquaMail Developer

RadioHead

  • Newbie
  • *
  • Posts: 8
Re: Invalid Signature shown if signing with s/mime in Aquamail
« Reply #6 on: October 10, 2021, 06:59:45 pm »
Hi,
now i have a aditional Problem...
I switched certificate to sectigo formerly comodo.
Every client works and shows a valid signature... except aquamail. When i try to send an signed mail i always get a network error... and the email stucks at drafts.
What could i do now?
If i send from thunderbird or FairEmail Client.. every other cliend including aqua mail shows the signature as valid.

Working with both on mobile aqua mial and fairemail client is not a real solution.. but for the moment.. it is a workaround...

Any sugestions?

Anton Donchev

  • Newbie
  • *
  • Posts: 32
Re: Invalid Signature shown if signing with s/mime in Aquamail
« Reply #7 on: October 11, 2021, 09:13:11 am »
Hello RadioHead,

This is interesting because we have instance of Sectigo certificate and have no problems on our end, is it possible to create a log file of the moment you get the error and send it to me at smime3@mobisystems.com?

Thanks,
Anton.
   AquaMail Developer

RadioHead

  • Newbie
  • *
  • Posts: 8
Re: Invalid Signature shown if signing with s/mime in Aquamail
« Reply #8 on: October 13, 2021, 11:15:38 am »
now.. i swithed to a class2 cert from sectigo and now.. i am back at the start:

Sending signed emaiils from every client (thunderbird.. fair email) show up as valid in every other client (thunderbird, FairEmail, Aqua-mail).
sending from aquamail: every client shows the signatur as invalid...

Did you find out something about this problem yet?
Let me know if i can help :)

Best regards

Anton Donchev

  • Newbie
  • *
  • Posts: 32
Re: Invalid Signature shown if signing with s/mime in Aquamail
« Reply #9 on: October 13, 2021, 03:59:06 pm »
Hello,

I did some investigation with a Sectigo S/MIME cert and it didn't have such problems. It seems like this issue is happening on specific configurations like yours.
Could you send me a LOG file with the issue reproduced to check for errors?

Here is description how to do that -> https://www.aqua-mail.com/troubleshooting/.
Could you click on "Reset the log file" from the same Debug menu before starting to reproduce the issue, it would help us greatly?

Thanks,
Anton.
   AquaMail Developer

RadioHead

  • Newbie
  • *
  • Posts: 8
Re: Invalid Signature shown if signing with s/mime in Aquamail
« Reply #10 on: October 13, 2021, 04:24:16 pm »
The Logile is out :)

Best regards

Anton Donchev

  • Newbie
  • *
  • Posts: 32
Re: Invalid Signature shown if signing with s/mime in Aquamail
« Reply #11 on: October 18, 2021, 03:49:35 pm »
Hi RadioHead,

We are not able to reproduce the issue on our end.
There is no errors in the log.

The signature in your email is invalid, but I'm not able to produce such invalid signature on my end to understand what is wrong.
I don't have a Lineage OS device available at the moment, but if I find one I'll check if there is an incompatibility with the OS.

Thanks,
Anton.
   AquaMail Developer

RadioHead

  • Newbie
  • *
  • Posts: 8
Re: Invalid Signature shown if signing with s/mime in Aquamail
« Reply #12 on: October 18, 2021, 05:34:55 pm »
Hi Anton,
thank you for your investigation. :)
i tried to update to a newer build of LineageOS, but the problem still presists.
Maybe... rooting with magisk may have caused this?
Do you have some other ideas where i may help?
Thanks alot

StevenKinloch

  • Newbie
  • *
  • Posts: 1
Re: Invalid Signature shown if signing with s/mime in Aquamail
« Reply #13 on: November 02, 2021, 12:15:24 am »
Hi,

I appear to be having this same issue. Signed mail from Thunderbird works fine in both Thunderbird and Aqua Mail, but signed mail from Aqua Mail is invalid in Aqua Mail and Thunderbird.

Thunderbird reports: 'The message included a digital signature, but the signature is invalid. The signature does not match the message content correctly. The message appears to have been altered after the sender signed it'

Aqua Mail reports: 'The digital signature on the message isn't valid or trusted'

Strangely, if I send a message that's signed and encrypted from Aqua Mail, it works fine. 'Message is encrypted. Signature is valid.'.

Nicram

  • Newbie
  • *
  • Posts: 4
  • Little boy
    • Homepage
Re: Invalid Signature shown if signing with s/mime in Aquamail
« Reply #14 on: December 09, 2021, 04:48:41 am »
I would like to report same problem. I'm searching for some solutions of email singing and AquaMail on my phone didn;t work as expected.
Emails signed with AquaMail are verified as not valid or trusted by AquaMail, Thunderbird, Outlook 2010/2016 and Roundcube (with some plugin).
My mobile phone is Xiaomi Mi9 (it's Android 10, official ROM without any root - MIUI Global 12.0.4 Stable).
I have installed AquaMail Pro 1.32.1-091.
I'm using certificate from Actalis S.p.A. (Actalis Client Authentication CA G3).
Using same certificate to sign messages in Outlook 2010/2016 works without problem (AquaMail read them as correct).
Same with Thunderbird (AM read them as correct).
Happy AquaMail Pro user!