Mail::GnuPG.pm: Encrypting an already signed email

perl

There’s a problem with Mail::GnuPG.pm for which I have filed a bug-request:

https://rt.cpan.org/Public/Bug/Display.html?id=113203

This is the text I have sent to bug-Mail-GnuPG@rt.cpan.org

Ladies and Gents,

I use a script (a modified version of “gpgit.pl” from https://gitlab.com/mikecardwell/gpgit), which serves as a Postfix-filter and which automatically gpg-encrypts all outgoing(!) mails for which a public key is known.

The gpgit.pl-script in turn uses Mail::GnuPG by calling mime_encrypt($mime,@recipients). When a mail arrives at the server, _mime_encrypt first separates headers from the body and then calls MIME::Entity->build to assemble the part-headers to add it to the entity (the body) to be encrypted.

Everything is working fine beside one minor issue. If a signed email comes in, it contains a header looking like this:

Content-Type: multipart/signed;
boundary="----------=_1458481552-7056-0";
protocol="application/pgp-signature";
micalg=pgp-sha512

While passing _mime_encrypt, the original header is removed and replaced by

Content-Type: multipart/signed; boundary="----------=_5647921540-1266-0";

which is then added to the entity to be encrypted.

Unfortunately, Thunderbird / Enigmail insists on the additional entries

protocol="application/pgp-signature";
micalg=pgp-sha512

Without them, it refuses to check the signature.

May I therefore suggest, please, that, beginning with line 859 (my version of Mail::GnuPG is 0.21), the code should be altered from

my $workingentity = $entity;
$entity->make_multipart;
if ($entity->parts > 1) {
$workingentity = MIME::Entity->build(Type => $entity->head->mime_attr("Content-Type"));
$workingentity->add_part($_) for ($entity->parts);
$entity->parts([]);
$entity->add_part($workingentity);
}

to

my $workingentity = $entity;
$entity->make_multipart;
if ($entity->parts > 1) {
$workingentity = MIME::Entity->build(Type => $entity->head->mime_attr("Content-Type"));
+     if ($entity->head->mime_attr("Content-Type") eq "multipart/signed"){
+     $workingentity->head->mime_attr("Content-Type.micalg",$entity->head->mime_attr("Content-Type.micalg"));
+     $workingentity->head->mime_attr("Content-Type.protocol",$entity->head->mime_attr("Content-Type.protocol"));
+     }
$workingentity->add_part($_) for ($entity->parts);
$entity->parts([]);
$entity->add_part($workingentity);
}

Does this make sense? Or do I oversee something that could get broken by this change?

For me, the modified code works and performs as expected in the sense that the later decrypted mail contains a signature that can be checked with Enigmail.