Closed Bug 1665685 Opened 4 years ago Closed 4 years ago

unable to decrypt mails sent by thunderbird 78 with GnuPG

Categories

(MailNews Core :: Security: OpenPGP, defect)

Product:
MailNews Core
Component:
Security: OpenPGP
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 1665281

People

(Reporter: mozilla, Unassigned)

Details

User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36

Steps to reproduce:

i received e-mails from a person who upgraded thunderbird to 78. before that we were able to communicate usind OpenPGP encryption (thunderbird + enigmal and kmail + gpg).

Actual results:

since the upgrade i am no longer able to decrypt incoming mails from this person. to confirm that the issue was not due to kmail, i copied the OpenPGP block to a file. 'gpg --list-packets' indicated that the message was encrypted using the correct public key. however, it failed to decrypt the message, stating that no fitting secret key was available. other contacts not using thunderbird 78 are not affected.

Expected results:

thunderbird should continue to encrypt messages according to the proper standards so that GnuPG is able to decrypt them.

Component: Untriaged → Security: OpenPGP
Product: Thunderbird → MailNews Core

I can't reproduce this. Sending an encrypted message from TB78.2.2 on Linux, the message decrypts just fine with TB68.12.0 and Enigmail/GnuPG.

m.eik this might be difficult to debug.

Could you please send me your public key - the one that your correspondent uses to encrypt email to you using TB 78 ?

Hopefully looking at the properties of your key, and the log messages that TB 78 produces when encrypting for that key, will allow us to find a clue what's going wrong.

Flags: needinfo?(mozilla)

Please either attach your public key, or, if you prefer it to remain confidential, feel free to send it by email to me at kaie@kuix.de

(In reply to Kai Engert (:KaiE:) from comment #3)

Please either attach your public key, or, if you prefer it to remain confidential, feel free to send it by email to me at kaie@kuix.de

you have mail ;)

Flags: needinfo?(mozilla)

it is now three contacts who upgraded to thunderbird 78 and thereby broke my ability to decrypt thier messages. as long as they can still use an older setup on a different machine, everything still works fine. there were no warnings of any kind that my key was somehow problematic.

mybe it is of interest that i am using a smartcard/crypto key and therefore use designated subkeys for encryption, signing and authentication. this is the only "special" thing i can think of, allthough it is pretty much OpenPGP standard. i have no idea how that would affect a public key, though.

thanks to a colleague of mine, i think i've found something.

TL;DR: GnuPG always picks the newest subkey available and ignores all older subkeys, while thunderbird probably picks the first one it gets and doesn't look any further. this leads to fundamentally different results.

basically, my public key shows a structure like this:

pub   rsa4096/0xAAAAAAAAAAAAAAAA 2013-01-01 [SCEA] [expires: 2021-01-01]
      AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
uid                             foo <foo@bar.com>
uid                             foo <foo@bar.org>
sub   rsa2048/0xBBBBBBBBBBBBBBBB 2017-01-01 [S] [expires: 2021-01-01]
sub   rsa2048/0xCCCCCCCCCCCCCCCC 2017-01-01 [E] [expires: 2021-01-01]
sub   rsa2048/0xDDDDDDDDDDDDDDDD 2017-01-01 [A] [expires: 2021-01-01]

when i use gpg --decrypt --list-only --status-fd 1 on encrypted PGP blocks that i can decrypt, i find like

...
[GNUPG:] ENC_TO CCCCCCCCCCCCCCCC 1 0
...

which indicates that the newest subkey for encryption was indeed used.

mails from thunderbird 78, however, produce:

...
[GNUPG:] ENC_TO AAAAAAAAAAAAAAAA 1 0
...

indicating it was encrypting using the old primary key but not the newest subkey.

The encrypted message should include the information that the encryption is for recipient key 0xAAAAAAAAAAAAAAA, and GnuPG seems to know, because of the log message (at the bottom of your previous comment), right?

If GnuPG cannot decrypt the message, does that mean that your system doesn't have the secret key 0xAAAAAAAAAAAAAAA ?

If yes, why doesn't your system have the secret key 0xAAAAAAAAAAAAAAA ?

Flags: needinfo?(mozilla)

(In reply to Kai Engert (:KaiE:) from comment #7)

The encrypted message should include the information that the encryption is for recipient key 0xAAAAAAAAAAAAAAA, and GnuPG seems to know, because of the log message (at the bottom of your previous comment), right?

true, and it is unexpected compared to what GnuPG would have selected.

If GnuPG cannot decrypt the message, does that mean that your system doesn't have the secret key 0xAAAAAAAAAAAAAAA ?

yes.

If yes, why doesn't your system have the secret key 0xAAAAAAAAAAAAAAA ?

as mentioned earlier i am using a smartcard (yubikey) for key storage. it stores three separate subkeys for encryption, signing and authentication and is therefore missing the primary key. i assume GnuPG always picks the most recent subkey because RFC 4880 recommends to prioritize the latest self-signatures if multiple are available. anyway, thunderbird shouldn't behave incompatible with GnuPG, they should always pick the same keys.

Flags: needinfo?(mozilla)

Thanks. This is the same as bug 1665281.

Status: UNCONFIRMED → RESOLVED
Closed: 4 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.