Closed
Bug 1460980
Opened 6 years ago
Closed 6 years ago
Bugzilla SecureMail sends broken encrypted messages
Categories
(bugzilla.mozilla.org :: Extensions, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: moz, Assigned: dylan)
References
Details
Attachments
(1 file)
|
23.10 KB,
text/plain
|
Details |
This bug report is an answer to Dylan Hardison's Email to bugzilla.mozilla.org users on 2018-05-11 titled "Changes to Secure Bugmail on bugzilla.mozilla.org". See this blog post for more details: https://dylan.hardison.net/2018/05/11/changes-to-secure-bugmail-on-bugzilla-mozilla-org/ Uploading the public key to https://bugzilla.mozilla.org/userprefs.cgi?tab=securemail worked fine, the server does accept the key. Decrypting the email however failed. It looks like bugzilla is doing multiple things wrong: 1. The email claims it is encrypted against my "master" key 0x545B42FB8713DA3B, not against the subkey 0xE16B3239665BBD54. This is contrary to your blog post which lists this feature: Fix Bug 790487: Messages will be encrypted to subkeys when possible. https://bugzilla.mozilla.org/show_bug.cgi?id=790487 2. The encryption is going wrong so that my Email client (GNOME Evolution) cannot decrypt it. Also, passing the file directly to GnuPG fails too with gpg2 2.2.6 and libgcrypt 1.8.2. With both tools, entering the correct password will not result in decryption. On the other hand, decrypting other emails or files works just fine and sending signed or encrypted mails works fine too. It looks to me like the encryption routine is broken. Attached you will find the output of $ gpg --export --export-options export-minimal --armor 6BAC4B876A84B86A1EC87C98545B42FB8713DA3B > pubkey.ascii.txt which is the same as $ gpg --export --export-options export-minimal --armor 0xE16B3239665BBD54 > pubkey.ascii.txt The script on https://dylanwh.github.io/openpgp-check/ works fine. My public key passes it and I can also decrypt the text it generates, resulting in the plaintext "Hello, world!". Dylan sent me another email encrypted using "tct" (https://github.com/dylanwh/tocotrienol) which I can decrypt just fine. It is also encrypted using the correct subkey 0xE16B3239665BBD54. My key might be special in the following specs: 1. It has 8096bit subkeys 2. It disallows a few algorithms
|
Assignee | |
Comment 1•6 years ago
|
||
Note the *new* encryption code isn't yet on bugzilla.mozilla.org, it won't be until May 16th. Did you mean https://dylanwh.github.io/openpgp-check/ is not encrypting properly, or that bugzilla *currently* is not?
Flags: needinfo?(moz)
|
Reporter | |
Comment 2•6 years ago
|
||
https://dylanwh.github.io/openpgp-check/ is working fine. The bugzilla code is not working fine. It does send me broken emails as described above.
Flags: needinfo?(moz)
|
|
Assignee | |
Comment 3•6 years ago
|
||
Perfect! So this will be fixed by the code on May 16th. This is excellent news
Assignee: nobody → dylan
Group: bmo-infra
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
|
|
Reporter | |
Comment 4•6 years ago
|
||
I can confirm that this issue has been fixed now. I just received an encrypted email. Thank you! PS: I cannot close this bug report as "Fixed" or "Verified", can you please do that for me?
|
|
Assignee | |
Updated•6 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
|
||
Updated•5 years ago
|
Component: Extensions: SecureMail → Extensions
You need to log in
before you can comment on or make changes to this bug.
Description
•