#218 Mailvelope encrypted emails cannot be decrypted in enigmail

[Christoph Dankert]

Enigmail seems to have trouble decoding the ASCII armored message block when sending emails in BOTH plain text and HTML formatting. This happens e.g. when sending encrypted messages from Gmail using Mailvelope -- the ASCII armored block will appear in both the ASCII part and the HTML part of the email. The results in the error message "Error - No valid armored OpenPGP data block found" The same happens also if I don't use Mailvelope and just copy-paste the text.

I isolated the problem down to an issue in enigmail.js:IndexOfArmorDelimiter
https://sourceforge.net/p/enigmail/source/ci/master/tree/package/enigmail.js#l458

For reasons unclear to me, the CR-LF ("\r\n" or hex 0d 0a) before the Armor Tail Line (-----END PGP MESSAGE-----) was removed in the call to this function, but it is present in the actual email source. I don't understand enigmail enough to pinpoint where in the pre-processing this CR-LF might have been removed.

Sample email that Enigmail does not recognize:

Return-path: <x.y@gmail.com>
Delivery-date: Wed, 27 Nov 2013 19:32:08 +0100
MIME-Version: 1.0
X-Received: by 10.224.29.140 with SMTP id q12mr8529946qac.93.1385577126788;
 Wed, 27 Nov 2013 10:32:06 -0800 (PST)
Received: by 10.96.39.170 with HTTP; Wed, 27 Nov 2013 10:32:06 -0800 (PST)
Date: Wed, 27 Nov 2013 13:32:06 -0500
Message-ID: <CAAyH0snQ9_toV7vrkgvSJ35OSgBK1oVTTesH4Dt_6hGgm=6=vA@mail.gmail.com>
Subject: test gpg email
From: ME <x.y@gmail.com>
To: [...]
Content-Type: multipart/alternative; boundary=047d7bdcaa6a7388d204ec2cd0b5
Envelope-to: [...]

--047d7bdcaa6a7388d204ec2cd0b5
Content-Type: text/plain; charset=ISO-8859-1

-----BEGIN PGP MESSAGE-----
Version: Mailvelope v0.7.0
Comment: Email security by Mailvelope - http://www.mailvelope.com

wcBMAxgXKKg2ctcQAQf/UcgT8p5qFR1b9Mp28YxtTihbRUFY/3KDoxMQ4Sct
vZEtoiXZ3b1CS7uEvd7MAwSyvJlwwPKGrKAek04hEGPSkMgvsL2UDuxT3bQe
QamrbZ1UQfbSnnkesLGP+G9Oz3jMff89h2+QrKOM2lbjqudlfi41+OLA+5u1
y843mFulvHk+HoHkk3rAp+Qq9Scta5YUrS9BqI8RQrnrGfNihRj0prDYetGP
UoRemglZEHSbDC5ucz1j5eaM1EfM1vRV1QAlZtmdLCbABQ4b6N2cRxq1Cd1U
hXj5LXcGFpoDrIr2+brAA/FQN1TP7VBiEN/bx6AH+hg8KDAW5YxYqFAFVbYb
iNJPAfOGuYL7rNnK5VCBC+TkVIm2wv26KTO9LQO2ln+hL6GgXuK10BQdjGjo
xP1fuMT8Y6btav94psEXxg3e+jDMD2DtAXQV+HRmf9g5qzrOyw==
=WJnQ
-----END PGP MESSAGE-----

--047d7bdcaa6a7388d204ec2cd0b5
Content-Type: text/html; charset=ISO-8859-1

[HTML Version of above]

--047d7bdcaa6a7388d204ec2cd0b5--

[Ludwig Hügelschäfer]

If I try to open this message (and select the text/plain part as it is default), Enigmail errors out because I don't have your secret key. Therefore, I suspect that the error on your side occurs because it tries to open the HTML part.

Try "View -> Message Body As -> Plain Text". Does it decrypt successfully?

[Tom]

I just ran into this issue and using the "View Message Body as Plain Text" option does allow for the message to be decrypted successfully.

I'm using Enigmail 1.6 in Mozilla Thunderbird 24.2.0 on Ubuntu 13.10 Linux (64-bit).

[Ludwig Hügelschäfer]

An additional question: is it known whether the mail was produced by Chrome or by Firefox?

[Raman Gupta]

I just experienced this issue. The sender sent the e-mail using Chrome. And using "Message Body As -> Plain Text" allowed decryption as well.

[Raman Gupta]

FYI: This issue is referenced from: https://github.com/toberndo/mailvelope/issues/41

[Ludwig Hügelschäfer]

Could somebody using mailvelope please send a test message to me (ludwig at enigmail dot net)? Thanks!

[Tom]

Hi! Ok, I just sent you a test message message using Mailvelope 0.7.0 in Google Chrome 33 on Ubuntu 13.10 Linux (64-bit). I sent it from my Gmail account. Hope it helps!

Thanks!

Peace...

Tom

[Ludwig Hügelschäfer]

The Id of my public key is 0x0959D2E3, to be found on all usual keyservers, e.g. http://pool.sks-keyservers.net/pks/lookup?op=get&search=0x0E765C050959D2E3

[Ludwig Hügelschäfer]

I received test mails and could decrypt all of them, regardless whether view is set to Plaintext or HTML. The structure, however, is not what I would have expected. Here's the structure:

Content-Type: multipart/alternative; boundary=001a113a98ac695f0a04f5dd01af

--001a113a98ac695f0a04f5dd01af
Content-Type: text/plain; charset=ISO-8859-1

-----BEGIN PGP MESSAGE-----
Version: Mailvelope v0.7.0
Comment: Email security by Mailvelope - http://www.mailvelope.com

wcBMA1QW4UmvSHTqAQgAz4zbjY+Ge5qZ8+nzrqz02ZhZAQ60k6mNKPfUkLKo
(..)
=oa/T
-----END PGP MESSAGE-----

--001a113a98ac695f0a04f5dd01af
Content-Type: text/html; charset=ISO-8859-1

<div dir="ltr">-----BEGIN PGP MESSAGE-----<br>Version: Mailvelope v0.7.0<br>Comment: Email security by Mailvelope - <a href="http://www.mailvelope.com">http://www.mailvelope.com</a>
(...)
<br><br>wcBMA1QW4UmvSHTqAQgAz4zbjY+Ge5qZ8+nzrqz02ZhZAQ60k6mNKPfUkLKo<br>
<br>-----END PGP MESSAGE-----<br></div>

--001a113a98ac695f0a04f5dd01af--

If I replace the <br> tags within the ciphertext by linefeeds, the ciphertext is the same as in the text/plain portion. When decrypting the one of the ciphertext parts manually, then I get a HTML content, which seems very odd.

From these facts, it is quite clear, that mailvelope does not create reasonable content of multipart/alternative mails.

• text/plain part of such a mail should contain ciphertext, that, when decrypted gives text/plain cleartext.
• text/html part of such a mail should contain ciphertext, that, when decrypted gives a text/html cleartext.

Instead, mailvelope uses html tags to format the ciphertext in the text/html part. I don't know if this is allowed. At least it's odd, not necessary and probably hinders decryption, if it doesn't make it impossible.

My thanks go to Tom for the test mails!

[Tom]

Interesting. Let me know if you need more test messages! :)

Peace...

[Patrick Brunschwig]

In any case, a HTML encoded inline-PGP message is not according to standards, HTML and inline-PGP are orthogonal to each other.

[Tom James Holub]

Patrick,
since Mailvelope sends a plain-text alternative containing a PGP message with correct spec, why wouldn't Enigmail just go ahead and use the text/plain alternative instead of failing on the html?

Please don't mind me re-opening this - it still affects users and could be fixed while obeying the PGP spec.

[Patrick Brunschwig]

Excuse me, but "wont-fix" means that I decided that I will not work on this. Re-opening such a bug will not help much.

The way Enigmail operates on inline-PGP messages is best desribed as a hack. Enigmail only works on the text body that you are viewing - because that's what is accessible to Enigmail. Thus, if you are viewing a HTML message, Enigmail operates on the HTML part. If you change the view mode to "Plaintext", Enigmail will work on the plain text and should process it correctly.

[Johannes Rohr]

Wouldn't it be a fix to add an option where you can manually select a block for decrypting? Right now I keep getting mailvelope created inline pgp messages which only K-9 mail properly decypts. Not sure what k-9 (with openkeychain) does differently