inline gpg does not get decrypted
Categories
(MailNews Core :: Security: OpenPGP, defect)
Tracking
(Not tracked)
People
(Reporter: vendion, Unassigned)
Details
Attachments
(3 files)
Steps to reproduce:
I received an email that was encrypted inline with my GPG public key over IMAP. I have attached the email in question, complete with message headers.
Actual results:
The encrypted message wasn't decrypted using the native openGPG support in Thunderbird. Instead, I had to copy the message contents and run it through gpg --decrypt manually to be able to read the message.
Expected results:
Thunderbird should have detected that the message body was encrypted and automatically decrypted it.
Comment 1•2 years ago
|
||
Not sure, if I am bitten by the same effect.
I get the encrypted mail, containing unencrypted parts, with following message:
/This is an encrypted message part. You need to open it in a separate window by
clicking on the attachment./
But no attachment is available.
Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.2.2
OS Linux 5.19.8-arch1-1 #1 SMP PREEMPT_DYNAMIC Thu, 08 Sep 2022 18:07:42 +0000
Comment 2•2 years ago
|
||
Comment 3•2 years ago
|
||
extracted data from Mail:
This is an OpenPGP/MIME encrypted message (RFC 4880 and 3156)
--===============2820560243451403909==
Content-Type: multipart/encrypted;
protocol="application/pgp-encrypted";
boundary="------------sYTM1GaFh1kM1NkWaaN1EQGt"
This is an OpenPGP/MIME encrypted message (RFC 4880 and 3156)
--------------sYTM1GaFh1kM1NkWaaN1EQGt
Content-Type: application/pgp-encrypted
Content-Description: PGP/MIME version identification
Version: 1
--------------sYTM1GaFh1kM1NkWaaN1EQGt
Content-Type: application/octet-stream; name="encrypted.asc"
Content-Description: OpenPGP encrypted message
Content-Disposition: inline; filename="encrypted.asc"
-----BEGIN PGP MESSAGE-----
...
-----END PGP MESSAGE-----
--------------sYTM1GaFh1kM1NkWaaN1EQGt--
--===============2820560243451403909==
Content-Type: text/plain; charset="iso-8859-1"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
--===============2820560243451403909==--
So this is "mixed content" passed through mailing list software
Comment 4•2 years ago
|
||
(In reply to Friedrich Strohmaier from comment #3)
extracted data from Mail:
missing this one to complete info:
Content-Type: multipart/mixed; boundary="===============2820560243451403909=="
This is an OpenPGP/MIME encrypted message (RFC 4880 and 3156)
--===============2820560243451403909==
Content-Type: multipart/encrypted;
protocol="application/pgp-encrypted";
boundary="------------sYTM1GaFh1kM1NkWaaN1EQGt"This is an OpenPGP/MIME encrypted message (RFC 4880 and 3156)
--------------sYTM1GaFh1kM1NkWaaN1EQGt
Content-Type: application/pgp-encrypted
Content-Description: PGP/MIME version identificationVersion: 1
--------------sYTM1GaFh1kM1NkWaaN1EQGt
Content-Type: application/octet-stream; name="encrypted.asc"
Content-Description: OpenPGP encrypted message
Content-Disposition: inline; filename="encrypted.asc"-----BEGIN PGP MESSAGE-----
...
-----END PGP MESSAGE-------------------sYTM1GaFh1kM1NkWaaN1EQGt--
--===============2820560243451403909==
Content-Type: text/plain; charset="iso-8859-1"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline--===============2820560243451403909==--
So this is "mixed content" passed through mailing list software
Comment 5•2 years ago
|
||
Friedrich, the S/MIME OpenPGP inline mix is another issue (bug on file I think)
For the original issue in this bug. Perhaps the comment there has something to do with it?
Comment: This message could not be decrypted: gopenpgp: error in reading message: openpgp: incorrect key
Reporter | ||
Comment 6•2 years ago
|
||
It also happens without the comment, see the new example I attached. Again, complete with headers.
Comment 7•2 years ago
|
||
Who added the comment?
I mean, isn't it the sending software alerting you to the fact that something is wrong?
Reporter | ||
Comment 8•2 years ago
|
||
(In reply to Magnus Melin [:mkmelin] from comment #7)
Who added the comment?
I mean, isn't it the sending software alerting you to the fact that something is wrong?
The comment is from the sender when it encrypted the message to be delivered to me. I've never actually seen it be used for error reporting before, usually it just states the tool and version used to encrypt the message or something like that.
I actually think the "error" is a false positive as I stated in the original comment if I copy the message body and decrypt it manually I can read the message which shows the message was in fact encrypted with my public key. My second example also doesn't get decrypted by Thunderbird, yet it is encrypted with my public key and has no comment line.
Description
•