* [BUG] Decryption fails if message was signed with an unknown key
@ 2013-09-04 22:01 Simon Hirscher
2013-09-05 15:03 ` Daniel Kahn Gillmor
2013-09-10 11:29 ` David Bremner
0 siblings, 2 replies; 5+ messages in thread
From: Simon Hirscher @ 2013-09-04 22:01 UTC (permalink / raw)
To: notmuch
Dear notmuch developers,
This is now the second time the following has happened to me:
#########
$ notmuch show --decrypt id:xyz@example.com
message{ id:xyz@example.com depth:0 match:1 excluded:0 filename:/home/simon/***
header{
John Doe <sender@example.com> (Today 21:52) (encrypted inbox new)
Subject: foobar
From: John Doe <sender@example.com>
To: ***
Date: Thu, 01 Jan 1970 00:00:00 +0000
header}
body{
Failed to decrypt part: gpg: ASCII-Hülle: Version: GnuPG v2.0.17 (MingW32)
gpg: <list of keys the message was encrypted with>
gpg: AES256 encrypted data
gpg: Original file name=''
gpg: Signature from Thu 01 Jan 1970 00:00:00 UTC by DSA key ID <sender's key>
gpg: Signature cannot be verified. Public key not found
part{ ID: 1, Content-type: multipart/encrypted
part{ ID: 2, Content-type: application/pgp-encrypted
Non-text part: application/pgp-encrypted
part}
part{ ID: 3, Filename: encrypted.asc, Content-type: application/octet-stream
Non-text part: application/octet-stream
part}
part}
body}
message}
$ gpg --recv-keys <sender's key>
$ notmuch show --decrypt id:xyz@example.com
[…]
Hey there,
Now the decryption worked!
[…]
############
Also, I should add that manually decrypting the message with gpg (i.e.
without using notmuch) already worked *before* I added the sender's
key (not shown above). Still, notmuch obviously doesn't like it when
the sender is unknown.
I hope you're going to look into this. Thank you!
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [BUG] Decryption fails if message was signed with an unknown key
2013-09-04 22:01 [BUG] Decryption fails if message was signed with an unknown key Simon Hirscher
@ 2013-09-05 15:03 ` Daniel Kahn Gillmor
2013-09-23 23:23 ` Simon Hirscher
2013-09-10 11:29 ` David Bremner
1 sibling, 1 reply; 5+ messages in thread
From: Daniel Kahn Gillmor @ 2013-09-05 15:03 UTC (permalink / raw)
To: Simon Hirscher; +Cc: notmuch
[-- Attachment #1: Type: text/plain, Size: 2628 bytes --]
Hi Simon--
On 09/04/2013 06:01 PM, Simon Hirscher wrote:
> This is now the second time the following has happened to me:
[ decryption failure until adding sender's key]
> Also, I should add that manually decrypting the message with gpg (i.e.
> without using notmuch) already worked *before* I added the sender's
> key (not shown above). Still, notmuch obviously doesn't like it when
> the sender is unknown.
I just tried to replicate this, and i do not see this misbehavior. I'm
using notmuch 0.16-1 on a debian testing/unstable system.
using --format=json and piping the output through json_pp, i do see the
following part of the response indicating that i don't have the signer's
key:
"sigstatus" : [
{
"errors" : 2,
"keyid" : "CB07362E3294B49E",
"status" : "error"
}
],
but the message body is correctly decrypted and passed through.
I'm confused by a few things in your example above:
A) how does it know that there was a signature if the message was
encrypted? normal PGP/MIME messages contain a single OpenPGP chunk that
contains signatures wrapped inside the encryption, so that an observer
can't tell whether there is a signature or not (or who made the signature)
B) the date of the message is the unix epoch date (1970-01-01), and the
date of the signature appears to be the unix epoch date as well. this
seems suspicious and likely to be false. how are these messages being
generated?
C) you appear to be using gnupg 2.0.17. the latest version of the
2.0.x line of gpg is 2.0.21. maybe you can upgrade your gpg
installation and try again?
D) you have the mingw32 version of gpg. Does this mean you're running
notmuch on windows?
E) i'd be curious to see what printmimestructure looks like on the
message in question. if you've got a decent shell and the notmuch
source code, you should be able to do:
notmuch show --format=raw id:xyz@example.com | devel/printmimestructure
I'd expect to see output like this:
└┬╴multipart/encrypted 3309 bytes
├─╴application/pgp-encrypted 11 bytes
└─╴application/octet-stream 1351 bytes
if you can clarify any of the above, i'd appreciate it.
Also, if you can, you're welcome to send a signed/encrypted message
using the same framework that generated the problematic message directly
to me (my OpenPGP fingerprint is
0EE5BE979282D80B9F7540F1CCD2ED94D21739E9), and i'd be happy to take a
look at it.
--dkg
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 1027 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [BUG] Decryption fails if message was signed with an unknown key
2013-09-04 22:01 [BUG] Decryption fails if message was signed with an unknown key Simon Hirscher
2013-09-05 15:03 ` Daniel Kahn Gillmor
@ 2013-09-10 11:29 ` David Bremner
1 sibling, 0 replies; 5+ messages in thread
From: David Bremner @ 2013-09-10 11:29 UTC (permalink / raw)
To: Simon Hirscher, notmuch; +Cc: Daniel Kahn Gillmor
Simon Hirscher <public@simonhirscher.de> writes:
>
> $ gpg --recv-keys <sender's key>
>
> $ notmuch show --decrypt id:xyz@example.com
>
> […]
> Hey there,
> Now the decryption worked!
> […]
>
Is this related to Jamie's report?
id:87obwrix8s.fsf@servo.finestructure.net
Jamie, did you ever narrow down the gmime problem? is it fixed in
current gmime?
d
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [BUG] Decryption fails if message was signed with an unknown key
2013-09-05 15:03 ` Daniel Kahn Gillmor
@ 2013-09-23 23:23 ` Simon Hirscher
2013-09-24 23:14 ` Daniel Kahn Gillmor
0 siblings, 1 reply; 5+ messages in thread
From: Simon Hirscher @ 2013-09-23 23:23 UTC (permalink / raw)
To: notmuch
Hi Daniel,
First of all, sorry for the delay – I had locked myself out from
everything digital to study for my exams.
On Thu, Sep 5, 2013 at 5:03 PM, Daniel Kahn Gillmor
<dkg@fifthhorseman.net> wrote:
> I just tried to replicate this, and i do not see this misbehavior. I'm
> using notmuch 0.16-1 on a debian testing/unstable system.
I'm using notmuch 0.15.2 on Ubuntu 12.04. Maybe the bug got fixed
somehow in the meantime? If you really can't reproduce the bug (see
below) I will build the newest version from source (as well as send
you the output of notmuch show --format=raw id:xyz@example.com |
devel/printmimestructure).
> A) how does it know that there was a signature if the message was
> encrypted? normal PGP/MIME messages contain a single OpenPGP chunk that
> contains signatures wrapped inside the encryption, so that an observer
> can't tell whether there is a signature or not (or who made the signature)
That's a good question. I suppose that although GnuPG successfully
decrypts the message, notmuch somehow discards the decrypted content
because the signature verification failed. As I said: GnuPG is
perfectly able to decrypt the message if I do it manually.
> B) the date of the message is the unix epoch date (1970-01-01), and the
> date of the signature appears to be the unix epoch date as well. this
> seems suspicious and likely to be false. how are these messages being
> generated?
I'm sorry, that was just me being ultra paranoid. :)
> C) you appear to be using gnupg 2.0.17. the latest version of the
> 2.0.x line of gpg is 2.0.21. maybe you can upgrade your gpg
> installation and try again?
> D) you have the mingw32 version of gpg. Does this mean you're running
> notmuch on windows?
No, as far as I can see this was the sender's GPG version. I'm using
GnuPG 1.4.11 on Ubuntu.
> E) i'd be curious to see what printmimestructure looks like on the
> message in question. if you've got a decent shell and the notmuch
> source code, you should be able to do:
>
> […]
>
> if you can clarify any of the above, i'd appreciate it.
>
> Also, if you can, you're welcome to send a signed/encrypted message
> using the same framework that generated the problematic message directly
> to me (my OpenPGP fingerprint is
> 0EE5BE979282D80B9F7540F1CCD2ED94D21739E9), and i'd be happy to take a
> look at it.
Well, so far the problematic messages have always come from my
contacts, i.e. I didn't generate them myself. But I just tried out the
following in order to reproduce the bug: I created a fresh dummy key
pair, sent a signed and encrypted email (via Emacs'
mml-secure-message-sign-encrypt) in the dummy's name to my regular
email address and checked whether I could open that email. Of course I
could – because I had both, the recipient's private key (for
decryption) and the sender's public key (for signature verification).
Then I removed the dummy key pair from my key ring – and voilà:
notmuch failed at decrypting the message (or at least told me there
was a decryption error, as described in my previous mail).
Now, in order for you to test that behavior I'm going to send you a
signed and encrypted message because that should exactly reproduce the
bug, as long as you don't import my key (id EBACABE5 /
http://simonhirscher.de/public_key.asc) for signature verification.
Best,
Simon
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [BUG] Decryption fails if message was signed with an unknown key
2013-09-23 23:23 ` Simon Hirscher
@ 2013-09-24 23:14 ` Daniel Kahn Gillmor
0 siblings, 0 replies; 5+ messages in thread
From: Daniel Kahn Gillmor @ 2013-09-24 23:14 UTC (permalink / raw)
To: Simon Hirscher; +Cc: notmuch
[-- Attachment #1: Type: text/plain, Size: 721 bytes --]
On 09/23/2013 07:23 PM, Simon Hirscher wrote:
> Now, in order for you to test that behavior I'm going to send you a
> signed and encrypted message because that should exactly reproduce the
> bug, as long as you don't import my key (id EBACABE5 /
> http://simonhirscher.de/public_key.asc) for signature verification.
message received and tested on debian jessie using notmuch 0.16-1, and i
did not see this misbehavior.
Simon, for future reference, you can also test this sort of thing
yourself by making multiple (phony) gpg homedirectories and notmuch
config files, and setting GNUPGHOME and NOTMUCH_CONFIG environment
variables appropriately. I find this a pretty handy diagnostic approach.
--dkg
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 1027 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2013-09-24 23:14 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-09-04 22:01 [BUG] Decryption fails if message was signed with an unknown key Simon Hirscher
2013-09-05 15:03 ` Daniel Kahn Gillmor
2013-09-23 23:23 ` Simon Hirscher
2013-09-24 23:14 ` Daniel Kahn Gillmor
2013-09-10 11:29 ` David Bremner
Code repositories for project(s) associated with this public inbox
https://yhetil.org/notmuch.git/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).