From a8a4b7904f4f1b18a32665193d9dea98395af2ac Mon Sep 17 00:00:00 2001
From: Dylan Baker <dylan@pnwbakers.com>
Date: Fri, 22 Sep 2017 10:00:29 -0700
Subject: crypto: Handle message that is encrypted, but the signature is
 invalid

One case of this would be not having the public key of the signer. If
the verification of the signatures fails, then use the signatures from
the error, and try to redecrypt without verification.

I have no tests yet, and this probably deserves tests.

Fixes #1157
---
 alot/crypto.py | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

(limited to 'alot/crypto.py')

diff --git a/alot/crypto.py b/alot/crypto.py
index 6e3e8fa6..e8595d90 100644
--- a/alot/crypto.py
+++ b/alot/crypto.py
@@ -202,12 +202,15 @@ def decrypt_verify(encrypted):
     """
     ctx = gpg.core.Context()
     try:
-        (plaintext, _, verify_result) = ctx.decrypt(encrypted, verify=True)
+        plaintext, _, verify_result = ctx.decrypt(encrypted, verify=True)
+        sigs = verify_result.signatures
     except gpg.errors.GPGMEError as e:
         raise GPGProblem(str(e), code=e.getcode())
-    # what if the signature is bad?
+    except gpg.errors.BadSignatures as e:
+        plaintext, _, _ = ctx.decrypt(encrypted, verify=False)
+        sigs = e.result.signatures
 
-    return verify_result.signatures, plaintext
+    return sigs, plaintext
 
 
 def validate_key(key, sign=False, encrypt=False):
-- 
cgit v1.2.3