From: Simon Hirscher <public@simonhirscher.de>
To: notmuch <notmuch@notmuchmail.org>
Subject: Re: [BUG] Decryption fails if message was signed with an unknown key
Date: Tue, 24 Sep 2013 01:23:32 +0200 [thread overview]
Message-ID: <CAEj42wuNziY65Q=9cS7kJquNrmrsd91gp34b4=4xrsoBcYfZnQ@mail.gmail.com> (raw)
In-Reply-To: <52289D36.2060006@fifthhorseman.net>
Hi Daniel,
First of all, sorry for the delay – I had locked myself out from
everything digital to study for my exams.
On Thu, Sep 5, 2013 at 5:03 PM, Daniel Kahn Gillmor
<dkg@fifthhorseman.net> wrote:
> I just tried to replicate this, and i do not see this misbehavior. I'm
> using notmuch 0.16-1 on a debian testing/unstable system.
I'm using notmuch 0.15.2 on Ubuntu 12.04. Maybe the bug got fixed
somehow in the meantime? If you really can't reproduce the bug (see
below) I will build the newest version from source (as well as send
you the output of notmuch show --format=raw id:xyz@example.com |
devel/printmimestructure).
> A) how does it know that there was a signature if the message was
> encrypted? normal PGP/MIME messages contain a single OpenPGP chunk that
> contains signatures wrapped inside the encryption, so that an observer
> can't tell whether there is a signature or not (or who made the signature)
That's a good question. I suppose that although GnuPG successfully
decrypts the message, notmuch somehow discards the decrypted content
because the signature verification failed. As I said: GnuPG is
perfectly able to decrypt the message if I do it manually.
> B) the date of the message is the unix epoch date (1970-01-01), and the
> date of the signature appears to be the unix epoch date as well. this
> seems suspicious and likely to be false. how are these messages being
> generated?
I'm sorry, that was just me being ultra paranoid. :)
> C) you appear to be using gnupg 2.0.17. the latest version of the
> 2.0.x line of gpg is 2.0.21. maybe you can upgrade your gpg
> installation and try again?
> D) you have the mingw32 version of gpg. Does this mean you're running
> notmuch on windows?
No, as far as I can see this was the sender's GPG version. I'm using
GnuPG 1.4.11 on Ubuntu.
> E) i'd be curious to see what printmimestructure looks like on the
> message in question. if you've got a decent shell and the notmuch
> source code, you should be able to do:
>
> […]
>
> if you can clarify any of the above, i'd appreciate it.
>
> Also, if you can, you're welcome to send a signed/encrypted message
> using the same framework that generated the problematic message directly
> to me (my OpenPGP fingerprint is
> 0EE5BE979282D80B9F7540F1CCD2ED94D21739E9), and i'd be happy to take a
> look at it.
Well, so far the problematic messages have always come from my
contacts, i.e. I didn't generate them myself. But I just tried out the
following in order to reproduce the bug: I created a fresh dummy key
pair, sent a signed and encrypted email (via Emacs'
mml-secure-message-sign-encrypt) in the dummy's name to my regular
email address and checked whether I could open that email. Of course I
could – because I had both, the recipient's private key (for
decryption) and the sender's public key (for signature verification).
Then I removed the dummy key pair from my key ring – and voilà:
notmuch failed at decrypting the message (or at least told me there
was a decryption error, as described in my previous mail).
Now, in order for you to test that behavior I'm going to send you a
signed and encrypted message because that should exactly reproduce the
bug, as long as you don't import my key (id EBACABE5 /
http://simonhirscher.de/public_key.asc) for signature verification.
Best,
Simon
next prev parent reply other threads:[~2013-09-23 23:24 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-09-04 22:01 [BUG] Decryption fails if message was signed with an unknown key Simon Hirscher
2013-09-05 15:03 ` Daniel Kahn Gillmor
2013-09-23 23:23 ` Simon Hirscher [this message]
2013-09-24 23:14 ` Daniel Kahn Gillmor
2013-09-10 11:29 ` David Bremner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://notmuchmail.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAEj42wuNziY65Q=9cS7kJquNrmrsd91gp34b4=4xrsoBcYfZnQ@mail.gmail.com' \
--to=public@simonhirscher.de \
--cc=notmuch@notmuchmail.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://yhetil.org/notmuch.git/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).