"Thunderbird cannot decrypt this message" for signed, non-encrypted message

RESOLVED INVALID

Status

Thunderbird
Security
RESOLVED INVALID
8 years ago
8 years ago

People

(Reporter: AndiDog, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

8 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8 (.NET CLR 3.5.30729)
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.4) Gecko/20100608 Lightning/1.0b2 Thunderbird/3.1

Parts of the mail source:

[...]

MIME-Version: 1.0
Content-Type: application/pkcs7-mime;
	name="smime.p7m"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment;
	filename="smime.p7m"
X-Priority: 3
X-MSMail-Priority: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5931

MIME-Version: 1.0
Content-Type: multipart/signed;

[...]

------=3D_NextPart_000_0007_01CA7A7C.DDA76930
Content-Type: application/x-pkcs7-signature;
	name=3D"smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
	filename=3D"smime.p7s"

MIAGCS[...]


This looks a bit weird to me because it has two MIME-Version/Content-Type headers (one with "application/pkcs7-mime" and another with "multipart/signed"). Don't know if this is normal?

Reproducible: Always

Steps to Reproduce:
I imported my mails from Outlook 2007 (first imported to Outlook Express, then to Thunderbird). Few messages are encrypted, some are only signed (S/MIME !). The S/MIME private key .pfx file was imported to Thunderbird successfully.
Actual Results:  
The encrypted messages are shown correctly in Thunderbird. But instead of the signed messages' body, Thunderbird shows the "Thunderbird cannot decrypt this message" page. Clicking on the message security icon says "Message Has No Digital Signature" and "Message Cannot Be Decrypted".

Expected Results:  
See the parts of the mail source I posted here. There's a base64-encoded "application/x-pkcs7-signature" attachment, so I assume the digital signature of the sender is included in the mail. Even if Thunderbird is unable to decode this signature, it should show the message body - but with a warning that the signature wasn't found / couldn't be decoded / is invalid...
Anything in Tools -> error console ?
Component: General → Security
QA Contact: general → thunderbird
(Reporter)

Comment 2

8 years ago
No, nothing in the error console. Is there any setting to get more verbose (or debug) output?

Comment 3

8 years ago
(In reply to comment #0)
> Parts of the mail source:
> 
> [...]
> 
> MIME-Version: 1.0
> Content-Type: application/pkcs7-mime;
>     name="smime.p7m"
> Content-Transfer-Encoding: quoted-printable
> Content-Disposition: attachment;
>     filename="smime.p7m"
> X-Priority: 3
> X-MSMail-Priority: Normal
> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5931
> 
> MIME-Version: 1.0
> Content-Type: multipart/signed;
> 
> [...]

If these lines are really verbatim from your message(s), then chances are good that your messages were mangled when they were imported (either in OE and/or in Tb).

A single S/MIME-signed message does not have more than one "MIME-Version: 1.0" header (nor does it have a body which starts with that string). It would typically have the following structure, in the case of a message with a detached signature:

------------------------------------------------------------------------
From: me@example.net
To: you@example.net
Subject: Whatever
Date: Sat, 16 Oct 2010 11:42:31 +0200
MIME-Version: 1.0
Content-Type: multipart/signed;
        protocol="application/x-pkcs7-signature";
        micalg=SHA1;
        boundary="----=_NextPart_000_0007_01CA7A7C.DDA76930"
X-Priority: 3
X-MSMail-Priority: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5931

This is a multi-part message in MIME format.

------=_NextPart_000_0007_01CA7A7C.DDA76930
Content-Type: text/plain;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

[Some message text here...]
------=_NextPart_000_0007_01CA7A7C.DDA76930
Content-Type: application/x-pkcs7-signature;
        name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
        filename="smime.p7s"

[Base64 encoded signature here]
------=_NextPart_000_0007_01CA7A7C.DDA76930--
------------------------------------------------------------------------

Outlook also has the option of creating "opaque signed" messages (this is not the default setting, however, and therefore rarely seen in the wild). In this case, the Content-Type header would look like this:

Content-Type: application/pkcs7-mime;
	smime-type=signed-data;
	name="smime.p7m"

Most likely to be resolved as INVALID - your messages got corrupted on their way from Outlook to Tb.
(Reporter)

Comment 4

8 years ago
You're right, the MIME headers were screwed up somewhere during migration from Outlook. I'm closing this bug as invalid.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.