Closed Bug 1666846 Opened 4 years ago Closed 4 years ago

Drafts are saved encrypted by standard not able to decrypt or switch of encryption

Categories

(MailNews Core :: Security: OpenPGP, defect)

Product:
MailNews Core
Component:
Security: OpenPGP
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 1672047

People

(Reporter: hans.flodders, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:80.0) Gecko/20100101 Firefox/80.0

Steps to reproduce:

I succesfully migrated Enigmail-Add On to TB version 78.2.2 (Windows 10, IMAP accounts affected) and my OpenPGP keys encryption works. I switched of encryption by standard, so mails should not be sent nor saved as draft encrypted.

Actual results:

I composed a new mail and saved as draft. New editing of the draft was not possible, because the text was not saved (encrypted?) and subject only shows "...". I find no setting where I can switch of drafts to be saved encrypted.

Expected results:

Drafts should be saved without encryption or at least a password field should pop up to put in my pwd for the pgp key so that the draft is decrypted!

I think its definitely a bug... I deleted all keys (OpenPGP and S/MIME) and now I cannot even save a draft. It says (translated from German): An error occured while saving the draft - the configured key-ID '0x0...' was not fould in your keychain." However, I switched of encryption in options, where does TB take the old key???

The old key is probably listed in the relevant account settings (under End-to-End encryption).
Drafts are saved encrypted by default yes - that's per design.

Component: Untriaged → Security: OpenPGP
Product: Thunderbird → MailNews Core

Thanks for the comment. Well I think thats bad design! I should be able to choose whether I want to encrypt my drafts or not, this was possible in the Enigmail-AddOn, when I choose encryption by default OFF!

The key is NOT listed in the account settings. Even when I install it, it is not listed, but this might be another problem, that alias identities not equal with the account email, cannot be used (that has to be solved too!!!). However, it must be a bug that my PGP key is still used even when no key is installed!? Or a migration problem from Enigmail? I will try to get a clean TB by reinstalling...

In my other account (identity is equal to account name) I reinstalled and deleted my PGP keys several times and found out that encryption of drafts is only disabled when I have installed my SMIME key and choose SMIME as preferred encryption. Encryption and decrytpion basically works, but I need to edit my drafts from other clients or web portals with no keys installable. Hope this is reproduceable by others, I have to switch back to TB 68 till this is solved, sorry.

FTR, the current behaviour (drafts saved encrypted (regardless of mail.identity.*.autoEncryptDrafts values) also prevents the use of the "Send Later" add-on (see https://github.com/Extended-Thunder/send-later/issues/26) in conjunction with PGP-signed e-mails (for some reason, S/MIME-signed e-mails are unaffected).

Use account settings, and set "None" as the selected key for OpenPGP, and draft encryption will be disabled.

I think it would make sense to keep encrypting as we do for IMAP. For POP (local folders) it's not much of a problem so there we could keep draft messages unencrypted.

Status: UNCONFIRMED → NEW
Ever confirmed: true

And for IMAP accounts you can set the Drafts to be in a local folder if you desire.

(In reply to Kai Engert (:KaiE:) from comment #5)

Use account settings, and set "None" as the selected key for OpenPGP, and draft encryption will be disabled.

In my account #1 (email alias, so key-name is not equal email-address) there is no option to switch off OpenPGP as there is no radiobuttion "None" (maybe a buggy conversion of my enigmail settings?). In my account #2 (key-name=emails-address) strangely there is this option! Anyway, I can switch off it by mail.identity.id1.mimePreferOpenPGP switch in the config file! HOWEVER, I want to use OpenPGP!!!

(In reply to Magnus Melin [:mkmelin] from comment #7)

And for IMAP accounts you can set the Drafts to be in a local folder if you desire.

Well I want to edit my drafts when I'm out of office with other devices/email clients that are not (yet) able to open the encrypted drafts. I expect my IMAP-account on my server as safe enough to store unencrypted drafts. I think it should be an opt-out option not to encrypt drafts for every account - I still don't understand why this is not possible to add this feature/option. Problems as this made me crazy so that I will soon not use encryption any more :-(

(In reply to hans.flodders from comment #8)

Problems as this made me crazy so that I will soon not use encryption any more :-(

You do realize you're asking NOT to use encryption, to use encryption ;)
If you're not using encryption to protect the data, maybe you don't want it. I do think drafts can be a significant data leak.

(In reply to Magnus Melin [:mkmelin] from comment #9)

You do realize you're asking NOT to use encryption, to use encryption ;)
If you're not using encryption to protect the data, maybe you don't want it. I do think drafts can be a significant data leak.

Well, security/safety should not harm freedom too much!!! Otherwise people won't use it. When I create a new message, I would like to have the freedom to decide for each topic, eg when I note down ideas for my public lectures to a colleage that I need to continue on a business trip or I start a message about how to mark exams, this might be a big difference.

It is possible to choose encryption for sending! I understand for automatically saved drafts that this is an security issue while the message has not yet been sent. But just a suggestion if one chooses the option "manual decision" in the settings: Why not let appear a POP UP WINDOW when starting a new message and choose wether to encrypt (drafts and sending separately) ? This decision still should be able to br modified by options in the drop down menu.

I'm just a PGP user and not programmer - I understand that this problem is not a bug but by design. So I'm happy to close it and wait till all clients on computer and smartphone are compatible with OpenPGP in the same way as Thunderbird is now (thanks to all programmers that do a great job here!)

Hello,

I use Thunderbird 78.4.0 and I can report the exact same issue.

Well I want to edit my drafts when I'm out of office with other devices/email clients that are not (yet) able to open the encrypted drafts. I expect my IMAP-account on my server as safe enough to store unencrypted drafts.
100% with that.

It would make sense that the "encrypt draft" policy follows the "send encrypted emails or not" policy:
send encrypted emails --> drafts are saved encrypted
send unencrypted emails --> drafts are saved unencrypted

I sign all my emails using PGP. I never encrypt them because pretty much none of my contacts use PGP. and I would still like to draft a message on TB then edit it from the webmail interface.

I hope this brings an interesting point of view on the matter

(In reply to Édouard Duliège from comment #11)

Well I want to edit my drafts when I'm out of office with other devices/email clients that are not (yet) able to open the encrypted drafts. I expect my IMAP-account on my server as safe enough to store unencrypted drafts.
100% with that.

It would make sense that the "encrypt draft" policy follows the "send encrypted emails or not" policy:
send encrypted emails --> drafts are saved encrypted
send unencrypted emails --> drafts are saved unencrypted

As an additional setting, maybe. As an alternative to a user-defined setting which should decouple local storage from sending options, clearly not. E-mails still residing on one's own server (when fully encrypted, only accessible using 2FA, ...) are secure enough to not need an additional layer of encryption, period. The above rule suggested by Édouard Duliège would – by itself – still prevent add-ons like "Send Later" to work properly.

Every change that comes with side effects regarding existing, year-long workflows (especially when related to previous functionality of the Enigmail add-on) should be made an option.

(In reply to Édouard Duliège from comment #11)

It would make sense that the "encrypt draft" policy follows the "send encrypted emails or not" policy:
send encrypted emails --> drafts are saved encrypted
send unencrypted emails --> drafts are saved unencrypted
Thats exactly what I've intended to suggest above (maybe too cumbersome, sorry).

(In reply to Markus Ueberall from comment #12)

Every change that comes with side effects regarding existing, year-long workflows (especially when related to previous functionality of the Enigmail add-on) should be made an option.
When I had the Enigmail add-on in TB 68, the behaviour was exacly like suggested in comment #11 and changed in 78 with no option to opt out from encrypted drafts! And of course, this only should be implemented as an option!

Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.