In case multiple user ids are associated with a single public PGP key, the green "Verified signature from _xyz_" box still displays the first/primary id, even if the e-mail has been sent using an address associated with one of the other ids (these are listed, e.g., in the "additional users" table if you import the key in question).
It would be helpful if the box reflected the specific sender address/user id.
Addendum: In the case of mailing lists where the "From:" header has been replaced (because the DMARC policy of the original sender is set to reject or quarantine), the original sender address can of course only be found by parsing additional headers or by simply basing the forementioned selection on the "Reply-to:" header.
Here's a sample debug:
GPG: ERROR: gpg: Good signature from "A.L.E.C <[email protected]>"
GPG: ERROR: gpg: aka "Aleksander Machniak <[email protected]>"
GPG: ERROR: gpg: aka "Aleksander Machniak <[email protected]>"
GPG: ERROR: gpg: WARNING: Using untrusted key!
GPG: STATUS: SIG_ID jTfRDhjbBtnesy3885oIDi8DtYk 2017-09-18 1505715292
GPG: STATUS: GOODSIG BEE674A019359DC1 A.L.E.C <[email protected]>
GPG: STATUS: VALIDSIG BB22EF719C96A86EEF4CDAD1BEE674A019359DC1 2017-09-18 1505715292 0 4 0 1 8 01 BB22EF719C96A86EEF4CDAD1BEE674A019359DC1
So, Crypt_GPG would need to parse error output and return all user IDs. Then Enigma would need to compare that list with From header.
Actually we could just get the list of users from the public key, so there's no need to modify Crypt_GPG. Patches welcome.
Implemented.
Most helpful comment
Implemented.