Force signing even if "Only sign then encrypt" is enabled

Hi,

I normally do not want all outgoing mails to be signed with my S/MIME
certificate but only if I add a special tag to the subject (e.g.
"[sign]"). So I have enabled the "Only sign when encrypt" option.
However, it seems that even I add the tag to my subject, the mail will
NOT be signed.

Is there a possibility to sign the message without encryption just on a
case by case basis?

The reason is, that I want to sign a message explicitly if I want to
send a recipient my S/MIME key before we both have exchanged the keys
and would be able to encrypt the message.

Thanks,
Michael

I normally do not want all outgoing mails to be signed with my S/MIME
certificate but only if I add a special tag to the subject (e.g.
"[sign]"). So I have enabled the "Only sign when encrypt" option.
However, it seems that even I add the tag to my subject, the mail will
NOT be signed.

We have use a similar setup, i.e., sign message if the subject contains
the force sign keyword.

I just tested it with a fresh install of the gateway and it works. Are
you certain you checked "Enabled" under the "Signing subject trigger"
settings?

Can you provide the "Signing subject trigger" settings you use (Trigger,
Regular expr.)?

The MPA log might provide more information. As to why signing was not
triggered.

Kind regards,

Martijn Brinkers

···

On 21-02-19 09:26, Michael Urspringer via Users wrote:

Is there a possibility to sign the message without encryption just on a
case by case basis?

The reason is, that I want to sign a message explicitly if I want to
send a recipient my S/MIME key before we both have exchanged the keys
and would be able to encrypt the message.

Thanks,
Michael

_______________________________________________
Users mailing list
Users(a)lists.ciphermail.com
https://lists.ciphermail.com/mailman/listinfo/users

--
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

Ok, I found the issue.

My Signing subject trigger is set to "(?i)(\[sign\]|\[signed\])" with
"Regular expr." enabled. If I send a mail with subject "test [sign]" the
message is correctly signed, with subject "test [signed]" the message is
not signed. However the subject is changed and the trigger keyword is
deleted.

The reason why "[signed]" is not workjing is that I defined "[signed]"
in the "Subject filter" which is set to "/\[(decrypted|signed|signed
by:.*|mixed content|invalid signature!)\]/".

So it seems that this filter is put on before and deletes the "[signed]"
keyword first and so the signing task never sees that keyword.

I guess that is working as designed?

Thanks,
Michael

···

On 21.02.2019 09:53, Martijn Brinkers via Users wrote:

On 21-02-19 09:26, Michael Urspringer via Users wrote:

I normally do not want all outgoing mails to be signed with my S/MIME
certificate but only if I add a special tag to the subject (e.g.
"[sign]"). So I have enabled the "Only sign when encrypt" option.
However, it seems that even I add the tag to my subject, the mail will
NOT be signed.

We have use a similar setup, i.e., sign message if the subject contains
the force sign keyword.

I just tested it with a fresh install of the gateway and it works. Are
you certain you checked "Enabled" under the "Signing subject trigger"
settings?

Can you provide the "Signing subject trigger" settings you use
(Trigger,
Regular expr.)?

The MPA log might provide more information. As to why signing was not
triggered.

Kind regards,

Martijn Brinkers

Is there a possibility to sign the message without encryption just on
a
case by case basis?

The reason is, that I want to sign a message explicitly if I want to
send a recipient my S/MIME key before we both have exchanged the keys
and would be able to encrypt the message.

Thanks,
Michael

_______________________________________________
Users mailing list
Users(a)lists.ciphermail.com
https://lists.ciphermail.com/mailman/listinfo/users

Ok, I found the issue.

My Signing subject trigger is set to "(?i)(\[sign\]|\[signed\])" with
"Regular expr." enabled. If I send a mail with subject "test [sign]" the
message is correctly signed, with subject "test [signed]" the message is
not signed. However the subject is changed and the trigger keyword is
deleted.

The reason why "[signed]" is not workjing is that I defined "[signed]"
in the "Subject filter" which is set to "/\[(decrypted|signed|signed
by:.*|mixed content|invalid signature!)\]/".

So it seems that this filter is put on before and deletes the "[signed]"
keyword first and so the signing task never sees that keyword.

Good find! This is kind of a corner case :slight_smile: The subject filtering (if
enabled) is done before the signing trigger. The easiest workaround is
to either change the subject filter or the signing trigger. Another
option is to postpone the subject filter (defined in config.xml) to a
later stage. Moving it to a later stage is in principle easy. However
making sure that the subject is filtered at all stages might require
multiple filters (that is the reason why the filtering is done early in
the process).

I guess that is working as designed?

Yes and no :slight_smile: ... subject filtering early in the process is by design.
The side effect however is not by design :slight_smile:

Kind regards,

Martijn Brinkers

···

On 21-02-19 19:25, Michael Urspringer via Users wrote:

On 21.02.2019 09:53, Martijn Brinkers via Users wrote:

On 21-02-19 09:26, Michael Urspringer via Users wrote:

I normally do not want all outgoing mails to be signed with my S/MIME
certificate but only if I add a special tag to the subject (e.g.
"[sign]"). So I have enabled the "Only sign when encrypt" option.
However, it seems that even I add the tag to my subject, the mail will
NOT be signed.

We have use a similar setup, i.e., sign message if the subject contains
the force sign keyword.

I just tested it with a fresh install of the gateway and it works. Are
you certain you checked "Enabled" under the "Signing subject trigger"
settings?

Can you provide the "Signing subject trigger" settings you use (Trigger,
Regular expr.)?

The MPA log might provide more information. As to why signing was not
triggered.

Kind regards,

Martijn Brinkers

Is there a possibility to sign the message without encryption just on a
case by case basis?

The reason is, that I want to sign a message explicitly if I want to
send a recipient my S/MIME key before we both have exchanged the keys
and would be able to encrypt the message.

Thanks,
Michael

_______________________________________________
Users mailing list
Users(a)lists.ciphermail.com
https://lists.ciphermail.com/mailman/listinfo/users

_______________________________________________
Users mailing list
Users(a)lists.ciphermail.com
https://lists.ciphermail.com/mailman/listinfo/users

--
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.