Closed Bug 1663169 Opened 2 years ago Closed 2 years ago

PGP attachment "Decrypt and Open/Save As" doesn't work (enable code for the menu command)

Categories

(MailNews Core :: Security: OpenPGP, defect, P3)

Product:
MailNews Core
Component:
Security: OpenPGP
Type:
defect

Tracking

(thunderbird_esr78+ fixed, thunderbird84 affected)

Status:
RESOLVED FIXED
Milestone:
85 Branch
Tracking Flags:
Tracking Status
thunderbird_esr78 + fixed
thunderbird84 --- affected

People

(Reporter: dpsoft, Assigned: KaiE)

References

(Depends on 1 open bug)

Details

Attachments

(4 files, 1 obsolete file)

Screenshot.png
67.91 KB, image/png
Details
console output when clicking decrypt&save
1.57 KB, text/plain
Details
Bug 1663169 - Restore decrypt and save/open right click action for attachments. r=PatrickBrunschwig
47 bytes, text/x-phabricator-request
wsmwk
: approval-comm-beta-
wsmwk
: approval-comm-esr78+
Details | Review
Error message window after clicking "Decrypt and Save As"
3.16 KB, image/png
Details
Attached image Screenshot.png

User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.135 Safari/537.36

Steps to reproduce:

Testet with TB 78.1.1 and 78.2.1 on Windows 10.

I received a mail with multiple mime-parts: a html body and an encrypted attachment.

MIME-Version: 1.0
Content-Type: MULTIPART/MIXED; BOUNDARY="123456789-11111-9876543210=:4444"

--123456789-11111-9876543210=:4444
Content-Type: TEXT/HTML; CHARSET=ISO-8859-1
Content-Transfer-Encoding: 8bit

-----BEGIN PGP MESSAGE-----
...snip...
-----END PGP MESSAGE-----
--123456789-11111-9876543210=:4444
Content-Type: APPLICATION/pdf; name="Antragsnummer_123456789.pdf.pgp"
Content-Transfer-Encoding: 8bit

-----BEGIN PGP MESSAGE-----
...snip...
-----END PGP MESSAGE-----
--123456789-11111-9876543210=:4444--

Actual results:

The message-body part decrypt successfully. But i can't open or save the attachment decrypted. While click "Decrypt and Open..." and "Decrypt and Save As..." nothing happend.

Expected results:

The attachment will be successfully decrypted and open/save with old TB Version <=68 and enigmail-addon.

Hello,

Same problem observed with TB 78.2.2

Best Regards

same issue here on Win10, TB 78.2.2.

I've attached the console output when clicking those buttons.

Best regards

Issue still exists on TB 78.3.1

+1

Issue still exists on TB 78.3.2

Issue still exists on TB 78.3.3

Issue still exists on TB 78.4.0

Issue still exists on TB 78.4.1

Confirming based on numerous reports from commenters and 1 duplicate.
Not being able to save an encrypted attachment as unencrypted sounds like a considerable detriment. -> S2.

Severity: -- → S2
Status: UNCONFIRMED → NEW
Ever confirmed: true
Priority: -- → P3

Issue still exists on TB 78.4.2

Depends on: 1652332
See Also: → 1652332

Issue still exists on TB 78.4.3

Kai, should we just hide this menu until it's working? Or you you have code pointers to how to fix it?

Flags: needinfo?(kaie)

Hiding is not a solution. Customers keep sending mail with encrypted attachments. The only alternative then is a separate encrypting program what is a big step back and you must manage two keyrings

Well, we'd hide it only until we get it working, which we'd like to do at some point.

Issue still exists on TB 78.5.0

Please hide it until it work!

I just got an update of Thunderbird to 78.4.3 and Enigmail automatically disabled itself with migration of keys to Thunderbird. Ok, thats fine but than I spend several hours trying to understand what is wrong with my setup until I finally have reached this thread and found "it is not implemented".
So, as it doesn't work - please remove menu items in order not to confuse everyone else. Without menu everyone will immediately recognize that he need to forget old convenient way and use another tool (like, 'gpg --decrypt' from console for example)

Issue still exists on TB 78.5.1

Assignee: nobody → kaie
Status: NEW → ASSIGNED

(In reply to Magnus Melin [:mkmelin] from comment #15)

Kai, should we just hide this menu until it's working? Or you you have code pointers to how to fix it?

Looks like I restored the functionality with the attached patch.

Flags: needinfo?(kaie)
status-thunderbird84: --- → affected

Pushed by kaie@kuix.de:
https://hg.mozilla.org/comm-central/rev/b98061eb01ee
Restore decrypt and save/open right click action for attachments. r=PatrickBrunschwig DONTBUILD

Status: ASSIGNED → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → 85 Branch

Comment on attachment 9191067 [details]
Bug 1663169 - Restore decrypt and save/open right click action for attachments. r=PatrickBrunschwig

[Approval Request Comment]
Regression caused by (bug #): none
User impact if declined: nonworking decrypt feature that's offered in UI
Testing completed (on c-c, etc.):
Risk to taking this patch (and alternatives if risky): low

Attachment #9191067 - Flags: approval-comm-esr78?
Attachment #9191067 - Flags: approval-comm-beta?

Comment on attachment 9191067 [details]
Bug 1663169 - Restore decrypt and save/open right click action for attachments. r=PatrickBrunschwig

[Triage Comment]
This won't reach beta via uplift.
Approved for esr78

Attachment #9191067 - Flags: approval-comm-esr78?
Attachment #9191067 - Flags: approval-comm-esr78+
Attachment #9191067 - Flags: approval-comm-beta?
Attachment #9191067 - Flags: approval-comm-beta-

Tested with 78.6.0 Linux, unfortunately the decrypted files are saved incompletely.

I received two small PDF documents. I clicked "decrypt and save as", but on my filesystem the files have only few bytes. Nothing appears in the error console. I have successfully checked decrypting the pgp-files with gnupg.

$ gpg -o Abrechnungsschreiben_6912.pdf-gnupg -d Abrechnungsschreiben_6912.pdf.pgp
$ gpg -o Antragsnummer_79282.pdf-gnupg -d Antragsnummer_79282.pdf.pgp
$ ls -l *pdf* 
-rw------- 1 dan users    199 16. Dez 00:00 Abrechnungsschreiben_6912.pdf
-rw-r--r-- 1 dan users  76748 16. Dez 00:00 Abrechnungsschreiben_6912.pdf-gnupg
-rw-r--r-- 1 dan users  86222 16. Dez 00:00 Abrechnungsschreiben_6912.pdf.pgp
-rw------- 1 dan users    123 16. Dez 00:00 Antragsnummer_79282.pdf
-rw-r--r-- 1 dan users  89009 16. Dez 00:00 Antragsnummer_79282.pdf-gnupg
-rw-r--r-- 1 dan users 119047 16. Dez 00:00 Antragsnummer_79282.pdf.pgp
$ cat Antragsnummer_79282.pdf 
%PDF-1.4
%õäöü

9 0 obj
<< /Length 2596 /Filter [ /FlateDecode ] /N 3 >>
stream
½H.*1Ͻ7½JÀ RH
$
$ cat Abrechnungsschreiben_6912.pdf 
%PDF-1.4
%õäöü

9 0 obj
<<
/Type /XObject
/Subtype /Image
/Name /I1
/Width 828
/Height 143
/BitsPerComponent 8
/ColorSpace /DeviceRGB
/Length 52405 /Filter [ /DCTDecode ] >>
stream
ÿØÿ
$

Thank you, for your work.

Status: RESOLVED → REOPENED
Resolution: FIXED → ---

I clicked "decrypt and save as", but on my filesystem the files have only few bytes.

Same here. Does not work. :-(

same problem in W10 error in attachment

(In reply to gjo from comment #29)

same problem in W10 error in attachment (messages box with: null undefined)

Error message window after clicking "Decrypt and Save As" in TB 78.6.0 32-bit.

Hello,

After clicking "Decrypt and Save As" error message window is displayed (as above) and following entry shows in "errors console":

rnp_op_verify_execute returned unexpected: 268435457 RNP.jsm:991:17

TB 78.6.0 (32 bit)

Best Regards

Tested with 78.6.0 Windows, unfortunately the decrypted files are saved incompletely.
Mode LastWriteTime Length Name
-a---- 17.12.2020 11:07 1403473 x.jpg.asc
-a---- 17.12.2020 11:11 °°°°°°4 x.jpg

PS C:\Users\buz> more x.jpg
ÿØÿà

PS C:\Users\buz> more x.jpg.asc
-----BEGIN PGP MESSAGE-----
...

(In reply to bugzilla from comment #33)

Tested with 78.6.0 Windows, unfortunately the decrypted files are saved incompletely.
Mode LastWriteTime Length Name
-a---- 17.12.2020 11:07 1403473 x.jpg.asc
-a---- 17.12.2020 11:11 °°°°°°4 x.jpg

PS C:\Users\buz> more x.jpg
ÿØÿà

PS C:\Users\buz> more x.jpg.asc
-----BEGIN PGP MESSAGE-----
...

The Console only shows this:
12:39:26.123 1608205166123 addons.xpi-utils WARN Add-on langpack-de@thunderbird.mozilla.org is not compatible with application version.

(In reply to bugzilla from comment #33)

Tested with 78.6.0 Windows, unfortunately the decrypted files are saved incompletely.
Mode LastWriteTime Length Name
-a---- 17.12.2020 11:07 1403473 x.jpg.asc
-a---- 17.12.2020 11:11 °°°°°°4 x.jpg

PS C:\Users\buz> more x.jpg
ÿØÿà

PS C:\Users\buz> more x.jpg.asc
-----BEGIN PGP MESSAGE-----
...

11:30:41.069 rnp_op_verify_execute returned unexpected: 268435458

Obviously, my own bug report regarding this has been lost. I reported the same problem some weeks ago, and somebody said this problem would be solved with 78.6.0.

However, I can definitely confirm that the problem is NOT solved in 78.6.0. @Thunderfan has described exactly what happens.

I have tested this under Windows 10 Enterprise and Windows 7, each with TB 78.6.0.

I am aware that Thunderbird is free software with large parts made by volunteers. However, I would also like to make clear that this is not a low-priority problem and that such a long time to fix it is just not acceptable, even if it's free software. That problem is putting more and more pressure on us with each day it remains unfixed.

We are a company which often receives invoices as PGP-encrypted attachments in messages which are not encrypted in whole (only the attachments are encrypted). Since we have upgraded our PCs to TB 78 in the end of last year, not having come to the idea that such a basic and important function would be broken by the update, we have a massive problem in our accounting now. I know other companies and even private persons who also receive invoices and other important, sensitive documents as PGP-encrypted attachment, and suffer similarly.

Our current "solution" is that the administrators ask the users to save the attachments in encrypted form, and use GnuPG on the command line to decrypt them, which means using the users' private keys. This whole process is completely not acceptable under various aspects, among them important legal aspects and the EU GDPR.

If it doesn't get fixed soon, we'll probably have to switch to Outlook. We definitely won't go back to TB 68 where this was working somehow. So I would be glad if we could get a honest and definitive statement from a developer here. We can really understand if this won't get fixed because it is too difficult, is not of high priority from the developers' point of view, or takes too much time. But then please make a clear statement that you won't fix it in the next time. Once again, that would be fair enough, but please let us know about it.

Despite that problem, I'd like to say a big thanks to the development team for all your effort and for providing TB and OpenPGP free of charge. It has been, and still is, a revolution.

Best regards and a happy new year!

I forgot to mention that we experience the problem with TB 64 bit. That means that both versions are broken (@Thunderfan confirmed it for the 32-bit version).

Furthermore, if it helps, I can provide a message example as .eml file if it would help with resolving the issue. If somebody is interested, please let me know how I can send you the example in a safe way. I won't publish it here because it contains a lot of personal data, and while I could easily remove that data from the message itself (I know how to operate a text editor :-)), removing it from the encrypted attachment is not that easy and would at least take some time.

To help you can create a sample message for Alice, and add an encrypted attachment in that mail. Save as .eml and attach it to this bug.
You can find her keys here: https://searchfox.org/comm-central/source/mail/test/browser/openpgp/data/keys

@hyperbolic

These are exactly my thoughts.

Sorry for the delays, I was out sick.

I can confirm the bug. When recently re-enabling this feature, I had tested only using encrypted attachments which decrypt to plain text.
The bug occurs if the attachment decrypts to binary data.

I have a fix that I will send for review.

Do you have a sample message to attach, or a simple way to generate it?

It would be better to clone this bug to another one for the specific case, since otherwise tracking flags will all be wrong.

You're right, I'll file a separate bug, and move the patch over there.
Also, I'm working on a test.

Blocks: 1686055

Everyone, please use bug 1663169 to track the fix of the remaining bug.
Marking this one fixed again.

Summary: PGP attachment "Decrypt and Open/Save As" doesn't work → PGP attachment "Decrypt and Open/Save As" doesn't work (enable code for the menu command)
Status: REOPENED → RESOLVED
Closed: 2 years ago2 years ago
Resolution: --- → FIXED

Comment on attachment 9196379 [details]
Bug 1663169 - Fix decrypting of attachments containing binary data. r=mkmelin

Revision D101351 was moved to bug 1686055. Setting attachment 9196379 [details] to obsolete.

Attachment #9196379 - Attachment is obsolete: true

Issue still exists on TB 78.6.1

Issue still exists on TB 78.7.0

You'll want to follow bug 1686055.

On
https://bugzilla.mozilla.org/show_bug.cgi?id=1686055
I read: " status-thunderbird86: --- → fixed"

When and where do we get TB86?

From https://www.thunderbird.net/en-US/#channel - 86 beta1 will be out in a day or two.

Could somebody please tell if this is working in the current beta?

I usually avoid beta versions, but this one might be an exception since this function is extremely important to us. However, I'd rather not install a beta version to learn that it's not fixed yet :-)

The use of External GnuPG in TB still does not allow to decrypt attachments!

(In reply to bugzilla from comment #53)

The use of External GnuPG in TB still does not allow to decrypt attachments!

If you still see it with 91 beta, please file a new bug.

Is [Bug 1704820] fixed in 91 beta too?

No, that would be the bug (still NEW).

See Also: → 1704820

The bug is still present in TB 91.0.3 (I am not talking of external GnuPG here). The only difference, compared to comment #31, is the contents of the dialog box. It now says "Error - decryption failed" instead of "null / undefined".

The general case works for me. If it doesn't work for you, there must be something special going on with the attachment or with your setup.

For the people who are coming to this page via Google: The problem occurs if the attachments are without MDC (which can still happen even today). This has become a new bug report: https://bugzilla.mozilla.org/show_bug.cgi?id=1729221

Does not work for me in 102.0.2 (64-Bit).

You need to log in before you can comment on or make changes to this bug.