Open Bug 1791263 Opened 2 years ago Updated 2 years ago

inline gpg does not get decrypted

Categories

(MailNews Core :: Security: OpenPGP, defect)

Thunderbird 102
defect

Tracking

(Not tracked)

UNCONFIRMED

People

(Reporter: vendion, Unassigned)

Details

Attachments

(3 files)

Attached file inline-gpg.eml

Steps to reproduce:

I received an email that was encrypted inline with my GPG public key over IMAP. I have attached the email in question, complete with message headers.

Actual results:

The encrypted message wasn't decrypted using the native openGPG support in Thunderbird. Instead, I had to copy the message contents and run it through gpg --decrypt manually to be able to read the message.

Expected results:

Thunderbird should have detected that the message body was encrypted and automatically decrypted it.

Not sure, if I am bitten by the same effect.
I get the encrypted mail, containing unencrypted parts, with following message:

/This is an encrypted message part. You need to open it in a separate window by 
clicking on the attachment./

But no attachment is available.

Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.2.2
OS 	Linux 5.19.8-arch1-1 #1 SMP PREEMPT_DYNAMIC Thu, 08 Sep 2022 18:07:42 +0000

extracted data from Mail:

This is an OpenPGP/MIME encrypted message (RFC 4880 and 3156)
--===============2820560243451403909==
Content-Type: multipart/encrypted;
 protocol="application/pgp-encrypted";
 boundary="------------sYTM1GaFh1kM1NkWaaN1EQGt"

This is an OpenPGP/MIME encrypted message (RFC 4880 and 3156)
--------------sYTM1GaFh1kM1NkWaaN1EQGt
Content-Type: application/pgp-encrypted
Content-Description: PGP/MIME version identification

Version: 1

--------------sYTM1GaFh1kM1NkWaaN1EQGt
Content-Type: application/octet-stream; name="encrypted.asc"
Content-Description: OpenPGP encrypted message
Content-Disposition: inline; filename="encrypted.asc"

-----BEGIN PGP MESSAGE-----
...
-----END PGP MESSAGE-----

--------------sYTM1GaFh1kM1NkWaaN1EQGt--

--===============2820560243451403909==
Content-Type: text/plain; charset="iso-8859-1"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

--===============2820560243451403909==--

So this is "mixed content" passed through mailing list software

(In reply to Friedrich Strohmaier from comment #3)

extracted data from Mail:

missing this one to complete info:

Content-Type: multipart/mixed; boundary="===============2820560243451403909=="

This is an OpenPGP/MIME encrypted message (RFC 4880 and 3156)
--===============2820560243451403909==
Content-Type: multipart/encrypted;
protocol="application/pgp-encrypted";
boundary="------------sYTM1GaFh1kM1NkWaaN1EQGt"

This is an OpenPGP/MIME encrypted message (RFC 4880 and 3156)
--------------sYTM1GaFh1kM1NkWaaN1EQGt
Content-Type: application/pgp-encrypted
Content-Description: PGP/MIME version identification

Version: 1

--------------sYTM1GaFh1kM1NkWaaN1EQGt
Content-Type: application/octet-stream; name="encrypted.asc"
Content-Description: OpenPGP encrypted message
Content-Disposition: inline; filename="encrypted.asc"

-----BEGIN PGP MESSAGE-----
...
-----END PGP MESSAGE-----

--------------sYTM1GaFh1kM1NkWaaN1EQGt--

--===============2820560243451403909==
Content-Type: text/plain; charset="iso-8859-1"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

--===============2820560243451403909==--

So this is "mixed content" passed through mailing list software

Friedrich, the S/MIME OpenPGP inline mix is another issue (bug on file I think)

For the original issue in this bug. Perhaps the comment there has something to do with it?
Comment: This message could not be decrypted: gopenpgp: error in reading message: openpgp: incorrect key

Component: Untriaged → Security: OpenPGP
Product: Thunderbird → MailNews Core

It also happens without the comment, see the new example I attached. Again, complete with headers.

Who added the comment?
I mean, isn't it the sending software alerting you to the fact that something is wrong?

(In reply to Magnus Melin [:mkmelin] from comment #7)

Who added the comment?
I mean, isn't it the sending software alerting you to the fact that something is wrong?

The comment is from the sender when it encrypted the message to be delivered to me. I've never actually seen it be used for error reporting before, usually it just states the tool and version used to encrypt the message or something like that.

I actually think the "error" is a false positive as I stated in the original comment if I copy the message body and decrypt it manually I can read the message which shows the message was in fact encrypted with my public key. My second example also doesn't get decrypted by Thunderbird, yet it is encrypted with my public key and has no comment line.

You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: