Open Bug 1785962 Opened 2 months ago Updated 1 month ago

Cannot decrypt inner OpenPGP MIME layer that is wrapped in an outer S/MIME signature

Categories

(MailNews Core :: Security: OpenPGP, enhancement)

Thunderbird 102
enhancement

Tracking

(Not tracked)

People

(Reporter: f.fainelli, Unassigned)

References

(Blocks 1 open bug)

Details

Attachments

(2 files)

Attached image tempsnip.png

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:103.0) Gecko/20100101 Firefox/103.0

Steps to reproduce:

Attempt to view a PGP encrypted email

Actual results:

The email client shows:

This is an encrypted message part. You need to open it in a separate window by clicking on the attachment.

but there are no attachments available for download

Expected results:

Inline decryption should have worked and allowed me to read the email without having to do Save as -> gpg -d-> Open

Summary: No inline decryption and no → No inline decryption and no option to save email as

Do you have a sample you can attach, as .eml?

Component: Security → Security: OpenPGP
Product: Thunderbird → MailNews Core

This is happening with my work account so it would contain sensitive information that I would not be allowed to share. Any way I can provide you with what you need under the form of logs maybe?

(In reply to f.fainelli from comment #2)

This is happening with my work account so it would contain sensitive information that I would not be allowed to share. Any way I can provide you with what you need under the form of logs maybe?

This is what the console reports while clicking on these PGP encrypted emails:

This page is in Quirks Mode. Page layout may be impacted. For Standards Mode use “<!DOCTYPE html>”.
INBOX>121694
This page is in Quirks Mode. Page layout may be impacted. For Standards Mode use “<!DOCTYPE html>”.
{9f5c9d22-f99b-438c-8885-b7401f658221}
This page is in Quirks Mode. Page layout may be impacted. For Standards Mode use “<!DOCTYPE html>”.
blank
This page is in Quirks Mode. Page layout may be impacted. For Standards Mode use “<!DOCTYPE html>”.
INBOX>121529
This page is in Quirks Mode. Page layout may be impacted. For Standards Mode use “<!DOCTYPE html>”.
{9f4a3284-7f87-428e-9aaf-1330c1f3d590}
This page is in Quirks Mode. Page layout may be impacted. For Standards Mode use “<!DOCTYPE html>”.
blank
This page is in Quirks Mode. Page layout may be impacted. For Standards Mode use “<!DOCTYPE html>”.
INBOX>121530

Blocks: tb102found

Also affects TB 102.2. How do we proceed further here?

Why do we have so many PGP bugs when there was a perfectly working environment thanks to Engimail? I suppose I could always go back to whatever older version worked be it using Engimail or be TB 91.

Seriously though this is a collosal disaster and it makes me both frustrated and sad.

If the message is indeed encrypted, I guess you could forward it to me (as .eml) or attach it to this bug.
For debugging you can find some info at https://wiki.mozilla.org/Thunderbird:OpenPGP#Debugging_.2F_Tracing

Encrypted subparts need to be viewed separately for security reasons. What was done in the past was not safe.

Attached file enigdbug.txt

Forwarded you the email that fails to decrypt and attached the enigdbug.txt file that shows the message loading. Thanks Magnus!

I can reproduce the symptom you described.

Your message is a very unexpected combination, because the outermost signature is actually using the S/MIME technology, and the parts inside are using OpenPGP.

Nevertheless, I agree it's bad that the UI talks about an attachment, while we don't offer one.

I wonder if the cause of the missing attachment is bug 1749340. At that time, we had a scenario in which attachments were shown twice, and it wasn't clear in which scenarios the additional attachment might be helpful.

I can perform a local experiment to revert that patch and see if it would restore the ability to open the inner openpgp message.

While you're waiting for a better solution, I want to invite you to try the following (painful) workaround.
While viewing the email, use file save as, and save the full message to file.
Then open a text editor. Find the first occurrence of the content-type header.
Copy the contents of the boundary parameter found in that line (the part inside the quotes).
Search for that text in the remainer of the message.
You'll see that it is find immediately below again.
Remove the "Content-Type" line, the blank line that follows, and also the following boundary line.
Then continue to search. You'll find it again twice. Remove both lines, and everything in between those lines (which is the S/MIME signature).
Then save that file.
Then use Thundebird, file, open saved message, and open that file.
This should allow you to view the decrypted message.

(In reply to Kai Engert (:KaiE:) from comment #9)

This should allow you to view the decrypted message.

No. While the attachment is shown, we don't decrypt it when opened in a separate window.

Ok, we're actually saving a zero bytes file. So allowing that inner part to be saved and opened isn't as easy as restoring that old patch.

Summary: No inline decryption and no option to save email as → Cannot decrypt inner OpenPGP MIME layer that is wrapped in an outer S/MIME signature

I want to say that the current behavior is intended. We don't directly decrypt, unless the encryption is the outermost MIME layer.

However, it might be helpful to offer some way to more easily access the inner encrypted part.

Type: defect → enhancement
Status: UNCONFIRMED → NEW
Ever confirmed: true
You need to log in before you can comment on or make changes to this bug.