Partially signed, unencrypted email is called "encrypted"
Categories
(MailNews Core :: Security: OpenPGP, defect)
Tracking
(thunderbird_esr91+ fixed, thunderbird96+ affected)
People
(Reporter: fernm, Assigned: KaiE)
References
Details
Attachments
(4 files)
mail begin
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0
Steps to reproduce:
TB 91.1.1, Debian Bullseye x86_64
Receive a partially signed, unencrypted mail.
(in my case the mail is partially signed because the mailman mailing list software added it's footer below the original signed mail)
Click on the mail in the inbox folder.
Actual results:
There is a info box, calling the mail only partially "encrypted" and one should click the "decrypt" button to show the "encrypted" parts of the email.
Expected results:
The info box text should say that the email would be only partially signed and one should click the "show only signed content" button, to show only signed content.
This screenshot shows the message and it's security info after having clicked on the "decrypt" button.
As expected, it says "Message Is Not Encrypted" (BTW is this wanted to write all words starting with capital letters? Looks like bad English).
Steps to reproduce:
- Execute
echo 'signed text' | gpg --clearsign(be sure that you have the corresponding public key imported in TB)
This will result in something like
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
signed text
-----BEGIN PGP SIGNATURE-----
iQFHBAEBCgAxFiEECIxHspXjEhsKWfL73gkx0aCI7XUFAmFX9KoTHHNpZ25lckBl
eGFtcGxlLmNvbQAKCRDeCTHRoIjtdRjiB/99Tb35h+H8WFJFmisCydKtLmraOPnl
rdjYYQ/643EYzpAHQLpgcWnSBrjLNl38narkuePFmxuyoBIR1ZQU//l+g8B5J72j
l7PyUVRyikJVx+jVjnMXF3cBiBphKKU8Glxa5sOO4nYlafDqA2fG/i7YvnTkR5tO
XyfnYMHBn4X7CIq8xXxnTLrahgU0ta/eOuajlTx+r9cZ/xctn1GXgVR1SEHammFF
fmUFP1zpDGpCpL5c3fmIcOJa94W+8APG4LC43uK3ETnX9+yPz3vQqt+mqwf4E6XI
suMx317BeKlK5VHmOl/XAzocA2yjDTjJftwgUhzDROwXfDczP6kxwfVK
=S55T
-----END PGP SIGNATURE-----
- Open the TB mail composer and paste the output of the above command into the empty mail body.
- Below the
-----END PGP SIGNATURE-----line in the composer mail body, add the line 'unsigned text'. - Send this (partially signed) mail to yourself.
|
Assignee | |
Comment 4•2 years ago
|
||
|
||
Updated•2 years ago
|
|
||
Updated•2 years ago
|
|
|
Assignee | |
Updated•2 years ago
|
Pushed by geoff@darktrojan.net:
https://hg.mozilla.org/comm-central/rev/b34321e37947
Show correct notification message for inline partial signed. r=mkmelin
|
|
Assignee | |
Comment 7•2 years ago
|
||
Comment on attachment 9254091 [details]
Bug 1731422 - Show correct notification message for inline partial signed. r=mkmelin
we forgot to backport
[Approval Request Comment]
Regression caused by (bug #): no
User impact if declined: wrong security status
Testing completed (on c-c, etc.): yes
Risk to taking this patch (and alternatives if risky): low
|
||
Comment 8•2 years ago
|
||
Comment on attachment 9254091 [details]
Bug 1731422 - Show correct notification message for inline partial signed. r=mkmelin
[Triage Comment]
Approved for esr91
|
||
Comment 9•2 years ago
|
||
| bugherder uplift | ||
Thunderbird 91.6.0:
https://hg.mozilla.org/releases/comm-esr91/rev/98ef4792f9be
Description
•