* [BUG] Decryption fails if message was signed with an unknown key @ 2013-09-04 22:01 Simon Hirscher 2013-09-05 15:03 ` Daniel Kahn Gillmor 2013-09-10 11:29 ` David Bremner 0 siblings, 2 replies; 5+ messages in thread From: Simon Hirscher @ 2013-09-04 22:01 UTC (permalink / raw) To: notmuch Dear notmuch developers, This is now the second time the following has happened to me: ######### $ notmuch show --decrypt id:xyz@example.com message{ id:xyz@example.com depth:0 match:1 excluded:0 filename:/home/simon/*** header{ John Doe <sender@example.com> (Today 21:52) (encrypted inbox new) Subject: foobar From: John Doe <sender@example.com> To: *** Date: Thu, 01 Jan 1970 00:00:00 +0000 header} body{ Failed to decrypt part: gpg: ASCII-Hülle: Version: GnuPG v2.0.17 (MingW32) gpg: <list of keys the message was encrypted with> gpg: AES256 encrypted data gpg: Original file name='' gpg: Signature from Thu 01 Jan 1970 00:00:00 UTC by DSA key ID <sender's key> gpg: Signature cannot be verified. Public key not found part{ ID: 1, Content-type: multipart/encrypted part{ ID: 2, Content-type: application/pgp-encrypted Non-text part: application/pgp-encrypted part} part{ ID: 3, Filename: encrypted.asc, Content-type: application/octet-stream Non-text part: application/octet-stream part} part} body} message} $ gpg --recv-keys <sender's key> $ notmuch show --decrypt id:xyz@example.com […] Hey there, Now the decryption worked! […] ############ Also, I should add that manually decrypting the message with gpg (i.e. without using notmuch) already worked *before* I added the sender's key (not shown above). Still, notmuch obviously doesn't like it when the sender is unknown. I hope you're going to look into this. Thank you! ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [BUG] Decryption fails if message was signed with an unknown key 2013-09-04 22:01 [BUG] Decryption fails if message was signed with an unknown key Simon Hirscher @ 2013-09-05 15:03 ` Daniel Kahn Gillmor 2013-09-23 23:23 ` Simon Hirscher 2013-09-10 11:29 ` David Bremner 1 sibling, 1 reply; 5+ messages in thread From: Daniel Kahn Gillmor @ 2013-09-05 15:03 UTC (permalink / raw) To: Simon Hirscher; +Cc: notmuch [-- Attachment #1: Type: text/plain, Size: 2628 bytes --] Hi Simon-- On 09/04/2013 06:01 PM, Simon Hirscher wrote: > This is now the second time the following has happened to me: [ decryption failure until adding sender's key] > Also, I should add that manually decrypting the message with gpg (i.e. > without using notmuch) already worked *before* I added the sender's > key (not shown above). Still, notmuch obviously doesn't like it when > the sender is unknown. I just tried to replicate this, and i do not see this misbehavior. I'm using notmuch 0.16-1 on a debian testing/unstable system. using --format=json and piping the output through json_pp, i do see the following part of the response indicating that i don't have the signer's key: "sigstatus" : [ { "errors" : 2, "keyid" : "CB07362E3294B49E", "status" : "error" } ], but the message body is correctly decrypted and passed through. I'm confused by a few things in your example above: A) how does it know that there was a signature if the message was encrypted? normal PGP/MIME messages contain a single OpenPGP chunk that contains signatures wrapped inside the encryption, so that an observer can't tell whether there is a signature or not (or who made the signature) B) the date of the message is the unix epoch date (1970-01-01), and the date of the signature appears to be the unix epoch date as well. this seems suspicious and likely to be false. how are these messages being generated? C) you appear to be using gnupg 2.0.17. the latest version of the 2.0.x line of gpg is 2.0.21. maybe you can upgrade your gpg installation and try again? D) you have the mingw32 version of gpg. Does this mean you're running notmuch on windows? E) i'd be curious to see what printmimestructure looks like on the message in question. if you've got a decent shell and the notmuch source code, you should be able to do: notmuch show --format=raw id:xyz@example.com | devel/printmimestructure I'd expect to see output like this: └┬╴multipart/encrypted 3309 bytes ├─╴application/pgp-encrypted 11 bytes └─╴application/octet-stream 1351 bytes if you can clarify any of the above, i'd appreciate it. Also, if you can, you're welcome to send a signed/encrypted message using the same framework that generated the problematic message directly to me (my OpenPGP fingerprint is 0EE5BE979282D80B9F7540F1CCD2ED94D21739E9), and i'd be happy to take a look at it. --dkg [-- Attachment #2: OpenPGP digital signature --] [-- Type: application/pgp-signature, Size: 1027 bytes --] ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [BUG] Decryption fails if message was signed with an unknown key 2013-09-05 15:03 ` Daniel Kahn Gillmor @ 2013-09-23 23:23 ` Simon Hirscher 2013-09-24 23:14 ` Daniel Kahn Gillmor 0 siblings, 1 reply; 5+ messages in thread From: Simon Hirscher @ 2013-09-23 23:23 UTC (permalink / raw) To: notmuch Hi Daniel, First of all, sorry for the delay – I had locked myself out from everything digital to study for my exams. On Thu, Sep 5, 2013 at 5:03 PM, Daniel Kahn Gillmor <dkg@fifthhorseman.net> wrote: > I just tried to replicate this, and i do not see this misbehavior. I'm > using notmuch 0.16-1 on a debian testing/unstable system. I'm using notmuch 0.15.2 on Ubuntu 12.04. Maybe the bug got fixed somehow in the meantime? If you really can't reproduce the bug (see below) I will build the newest version from source (as well as send you the output of notmuch show --format=raw id:xyz@example.com | devel/printmimestructure). > A) how does it know that there was a signature if the message was > encrypted? normal PGP/MIME messages contain a single OpenPGP chunk that > contains signatures wrapped inside the encryption, so that an observer > can't tell whether there is a signature or not (or who made the signature) That's a good question. I suppose that although GnuPG successfully decrypts the message, notmuch somehow discards the decrypted content because the signature verification failed. As I said: GnuPG is perfectly able to decrypt the message if I do it manually. > B) the date of the message is the unix epoch date (1970-01-01), and the > date of the signature appears to be the unix epoch date as well. this > seems suspicious and likely to be false. how are these messages being > generated? I'm sorry, that was just me being ultra paranoid. :) > C) you appear to be using gnupg 2.0.17. the latest version of the > 2.0.x line of gpg is 2.0.21. maybe you can upgrade your gpg > installation and try again? > D) you have the mingw32 version of gpg. Does this mean you're running > notmuch on windows? No, as far as I can see this was the sender's GPG version. I'm using GnuPG 1.4.11 on Ubuntu. > E) i'd be curious to see what printmimestructure looks like on the > message in question. if you've got a decent shell and the notmuch > source code, you should be able to do: > > […] > > if you can clarify any of the above, i'd appreciate it. > > Also, if you can, you're welcome to send a signed/encrypted message > using the same framework that generated the problematic message directly > to me (my OpenPGP fingerprint is > 0EE5BE979282D80B9F7540F1CCD2ED94D21739E9), and i'd be happy to take a > look at it. Well, so far the problematic messages have always come from my contacts, i.e. I didn't generate them myself. But I just tried out the following in order to reproduce the bug: I created a fresh dummy key pair, sent a signed and encrypted email (via Emacs' mml-secure-message-sign-encrypt) in the dummy's name to my regular email address and checked whether I could open that email. Of course I could – because I had both, the recipient's private key (for decryption) and the sender's public key (for signature verification). Then I removed the dummy key pair from my key ring – and voilà: notmuch failed at decrypting the message (or at least told me there was a decryption error, as described in my previous mail). Now, in order for you to test that behavior I'm going to send you a signed and encrypted message because that should exactly reproduce the bug, as long as you don't import my key (id EBACABE5 / http://simonhirscher.de/public_key.asc) for signature verification. Best, Simon ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [BUG] Decryption fails if message was signed with an unknown key 2013-09-23 23:23 ` Simon Hirscher @ 2013-09-24 23:14 ` Daniel Kahn Gillmor 0 siblings, 0 replies; 5+ messages in thread From: Daniel Kahn Gillmor @ 2013-09-24 23:14 UTC (permalink / raw) To: Simon Hirscher; +Cc: notmuch [-- Attachment #1: Type: text/plain, Size: 721 bytes --] On 09/23/2013 07:23 PM, Simon Hirscher wrote: > Now, in order for you to test that behavior I'm going to send you a > signed and encrypted message because that should exactly reproduce the > bug, as long as you don't import my key (id EBACABE5 / > http://simonhirscher.de/public_key.asc) for signature verification. message received and tested on debian jessie using notmuch 0.16-1, and i did not see this misbehavior. Simon, for future reference, you can also test this sort of thing yourself by making multiple (phony) gpg homedirectories and notmuch config files, and setting GNUPGHOME and NOTMUCH_CONFIG environment variables appropriately. I find this a pretty handy diagnostic approach. --dkg [-- Attachment #2: OpenPGP digital signature --] [-- Type: application/pgp-signature, Size: 1027 bytes --] ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [BUG] Decryption fails if message was signed with an unknown key 2013-09-04 22:01 [BUG] Decryption fails if message was signed with an unknown key Simon Hirscher 2013-09-05 15:03 ` Daniel Kahn Gillmor @ 2013-09-10 11:29 ` David Bremner 1 sibling, 0 replies; 5+ messages in thread From: David Bremner @ 2013-09-10 11:29 UTC (permalink / raw) To: Simon Hirscher, notmuch; +Cc: Daniel Kahn Gillmor Simon Hirscher <public@simonhirscher.de> writes: > > $ gpg --recv-keys <sender's key> > > $ notmuch show --decrypt id:xyz@example.com > > […] > Hey there, > Now the decryption worked! > […] > Is this related to Jamie's report? id:87obwrix8s.fsf@servo.finestructure.net Jamie, did you ever narrow down the gmime problem? is it fixed in current gmime? d ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2013-09-24 23:14 UTC | newest] Thread overview: 5+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2013-09-04 22:01 [BUG] Decryption fails if message was signed with an unknown key Simon Hirscher 2013-09-05 15:03 ` Daniel Kahn Gillmor 2013-09-23 23:23 ` Simon Hirscher 2013-09-24 23:14 ` Daniel Kahn Gillmor 2013-09-10 11:29 ` David Bremner
Code repositories for project(s) associated with this public inbox https://yhetil.org/notmuch.git/ This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).