#34 Emails with attachment doesn't get decrypted

open
nobody
None
before_1.4
Major
2015-03-02
2012-08-08
No

Bug 17758 migrated from Mozdev.org

When I get emails encrypted by PGP 8.1 with attachment, the mail's body doesn't
get encrypted. I can decrypt and save the attachment but not he mail's body. I
found out, that the whole problem is in the special Content-Type and
Content-Disposition of the attachment. Example mail is attached below. This
mail has Content-Type set to "application/pgp-signature" and
Content-Disposition to "inline" and Enigmail doesn't recognize it and refuses
to decrypt the body. Ordinary emails have content type of
"application/octet-stream" and disposition of "attachment". When I modify the
mail's source to these values, everything works just fine.

Example mail:

X-Mozilla-Status: 0001
X-Mozilla-Status2: 00800000
X-Mozilla-Keys:                                                                 
...
X-Enigmail-Version: 0.96a
Content-Type: multipart/mixed;
 boundary="------------060308030502040303020002"

This is a multi-part message in MIME format.
--------------060308030502040303020002
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit

-----BEGIN PGP MESSAGE-----
Charset: ISO-8859-1
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

hQIOA4wLx...
-----END PGP MESSAGE-----

--------------060308030502040303020002
Content-Type: application/pgp-signature;
 name="att.rar.pgp"
Content-Transfer-Encoding: base64
Content-Disposition: inline;
 filename="att.rar.pgp"

hQIOA4wLx...
--------------060308030502040303020002--

------- Comment #1 From Patrick Brunschwig 2007-09-15 15:02:35 [reply] -------

If I get you right, you're telling me that you send an email with PGP 8.1, and
you receive it with Enigmail? If so, I don't understand why the following line
should be part of the email: this line is only created for mails sent by
Enigmail, and Enigmail is not able to add it to mails that it receives.

X-Enigmail-Version: 0.96a

It would be helpful to attach a complete message, since I believe you didn't
correctly copy&paste some parts.

If the message is really as pasted, the problem is that the message should have
a Content-Type like this, otherwise it does not conform to any OpenPGP-related
message (it's not inline, nor PGP/MIME):
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature";

------- Comment #2 From Kuba Brecka 2007-09-16 02:01:03 [reply] -------

(In reply to comment #1)
> I don't understand why the following line ...

Yes, you're right, I posted a wrong file. Below is the original mail, with only
some headers encoded messages truncated. I don't really know what is the
problem (whether it's a malformed email or it's Enigmail's bug), but I found
out, that if I change the attachment Content-Type to application/octet-stream
and Content-Disposition to attachment, everything suddenly works fine.

X-Mozilla-Status: 0011
X-Mozilla-Status2: 10000000
X-Mozilla-Keys:                                                                 
Delivered-To: ...
Received: by ...
Return-Path: ...
Message-ID: ...
Date: Wed, 12 Sep 2007 14:21:22 +0200
From: ...
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8.1.2)
Gecko/20070222 SeaMonkey/1.1.1
MIME-Version: 1.0
To: ...
Subject: ...
References: ...
In-Reply-To: ...
Content-Type: multipart/mixed;
 boundary="------------020809050806040906080501"

This is a multi-part message in MIME format.
--------------020809050806040906080501
Content-Type: text/plain; charset=ISO-8859-2; format=flowed
Content-Transfer-Encoding: 7bit

-----BEGIN PGP MESSAGE-----
Version: PGP 8.1 - not licensed for commercial use: www.pgp.com

qANQR1DBwU4...
-----END PGP MESSAGE-----

--------------020809050806040906080501
Content-Type: application/pgp-signature;
 name="att.rar.pgp"
Content-Transfer-Encoding: base64
Content-Disposition: inline;
 filename="att.rar.pgp"

qANQR1DBwU4...
--------------020809050806040906080501--

------- Comment #3 From Patrick Brunschwig 2007-09-17 00:32:27 [reply] -------

Did you try to view the message as plain text (View > Message Body As > Plain
Text)?

------- Comment #4 From Kuba Brecka 2007-09-17 00:35:32 [reply] -------

Yes and it doesn't help.

(In reply to comment #3)
> Did you try to view the message as plain text (View > Message Body As > Plain
> Text)?
>

------- Comment #5 From Patrick Brunschwig 2009-05-08 04:25:33 [reply] -------

I think the problem is the format=flowed header. Can you try to change the
following setting in the Thunderbird Configuration Editor (available via Tools
> Options > Advanced): set "mailnews.display.disable_format_flowed_support" to
true.

------- Comment #6 From Kuba Brecka 2009-05-08 04:54:11 [reply] -------

That doesn't help neither. The bug is still there. I'll attach a test case so
you can see what it does.

------- Comment #7 From Kuba Brecka 2009-05-08 04:58:08 [reply] -------

Created an attachment (id=5857) [details]
An e-mail that Enigmail won't decrypt.

Enigmail won't decrypt it - the "Decrypt" button is disabled, and enigmail
won't ask me for my key passphrase. However I can right-click the attachment
and choose "Decrypt and save as" to correctly decrypt and save the attachment.
But I can't decrypt the body of the e-mail.

------- Comment #8 From Patrick Brunschwig 2009-05-08 05:35:58 [reply] -------

Clearly the (wrong) content-type of the attachment could potentially lead to a
problem. However, I can't reproduce the error with v0.95.7 nor with 0.96a.

What version of Enigmail do you use precisely with which version of Thunderbird
or SeaMonkey?

------- Comment #9 From Patrick Brunschwig 2010-07-01 23:57:58 [reply] -------

cannot reproduce; please reopen if the bug still occurs.

------- Comment #10 From Kuba Brecka 2010-07-03 03:10:32 [reply] -------

The bug is still there. I just installed the latest nightly build
(enigmail-trunk-win32-comm192.xpi, build date: 2010-07-01), I'm using
Thunderbird 3.1. To reproduce the bug, just open the message that I posted as
an attachment (attachment id 5857). Enigmail should ask me for a password to
decrypt the message body, but it doesn't. Clicking on the "Decrypt" button does
not do anything.

Obviously the problem is with the attachment, because it is NOT a
application/pgp-signature as suggested by the Content-Type header. However,
this is how PGP 8.1 created the e-mail, and this behaviour of Enigmail disables
me from reading e-mails encrypted with PGP.

------- Comment #11 From Marek Marczykowski 2010-09-24 15:56:23 [reply] -------

This problem affects all mails encrypted as PGP/MIME. Even with
Thunderbird+Enigmail (encrypted mail sent to myself).

I've found some solution:
in enigmailMessengerOverlay.js, about line 579 is condition when decrypt
message:
    if (((contentType.search(/^multipart\/encrypted(;|$)/i) == 0) ||
        (embeddedEncrypted && contentType.search(/^multipart\/mixed(;|$)/i) ==
0))
         && (!embeddedSigned)) {
      // multipart/encrypted

Unfortunately all PGP/MIME messages contains part detected as
application/pgp-signature (which isn't really present in original message).
Removing "&& (!embeddedSigned)" from this line solves the problem. Maybe it is
problem with parenthesis (should be: multipart/encrypted || (embeddedEncrypted
&& multipart/mixed && !embeddedSigned))?

Another issue is why enigmail sees this application/pgp-signature part. Part of
message source:
=======================================
Content-Type: multipart/encrypted;
 protocol="application/pgp-encrypted";
 boundary="------------enig496147E724F456127A4EDD79"

This is an OpenPGP/MIME encrypted message (RFC 2440 and 3156)
--------------enig496147E724F456127A4EDD79
Content-Type: application/pgp-encrypted
Content-Description: PGP/MIME version identification

Version: 1

--------------enig496147E724F456127A4EDD79
Content-Type: application/octet-stream; name="encrypted.asc"
Content-Description: OpenPGP encrypted message
Content-Disposition: inline; filename="encrypted.asc"

-----BEGIN PGP MESSAGE-----
Version: GnuPG v2.0.16 (GNU/Linux)

(...)
============================================
The second part is detected as application/pgp-signature:
2010-09-25 00:21:36.452 enigmailMessengerOverlay.js: enigMessageDecryptCb:
2010-09-25 00:21:36.452 enigmailMessengerOverlay.js: content-type:
multipart/encrypted; protocol="application/pgp-encrypted";
boundary="------------enig496147E724F456127A4EDD79"
2010-09-25 00:21:36.452 enigmailMessengerOverlay.js: content-transfer-encoding:
2010-09-25 00:21:36.453 enigmailMessengerOverlay.js: x-enigmail-version: 0.96.0
2010-09-25 00:21:36.453 enigmailMessengerOverlay.js: 0:
application/pgp-encrypted
2010-09-25 00:21:36.453 enigmailMessengerOverlay.js: 1:
application/pgp-signature

I have no idea why and how to prevent it...

Thunderbird 3.1.3
Enigmail 1.1.2
Gentoo Linux 64bit

------- Comment #12 From Patrick Brunschwig 2010-09-25 03:27:08 [reply] -------

Marek, if I get it right, then your problem is that a mail that you are sending
to yourself arrives differently than it was sent? Could you please post the
complete message source, just remove the larger part of the encrypted lines.

I cannot remove the part you proposed since that would lead to failing
verification of other emails that are following the PGP/MIME standard
correctly.

------- Comment #13 From Marek Marczykowski 2010-09-25 09:24:54 [reply] -------

Created an attachment (id=6629) [details]
Message from thunderbird which can't be decrypted.

No, the message arrives exactly the same as was send. I can't decrypt message
in sent folder too. And it isn't problem with sending, but with decrypting - I
have no influence on MUA of sender...

And additionally - it was working in TB 2.0...

Example message attached.

------- Comment #14 From Patrick Brunschwig 2010-09-25 14:54:30 [reply] -------

Marek, I think your problem is not related in the slightest way to the original
error report here. I think you should look at the following bug 22957,
especially comments 14-17 (which relates to proper installation of Enigmail,
GnuPG, gpg-agent and pinentry).

------- Comment #15 From Marek Marczykowski 2010-09-25 23:10:45 [reply] -------

I've tried suggestions from #22957. It doesn't work.

1. As you see in comment 11/19 it is NOT gentoo specific
2. Comment 17 doesn't make sense - it is setting alternative gpg AGENT as
pinentry program (but I tried this, and of course it doesn't help).
3. TB didn't even call gpg on this message, so gpg settings (or even version)
don't change anything

Did you try to open message from attachment in your TB? You should got
something like "no secret key", but you will see only empty message with one
attachment - "encrypted.asc".

------- Comment #16 From Patrick Brunschwig 2010-09-26 09:33:22 [reply] -------

Yes, if I open add the mail to a folder and look at it, then Enigmail attempts
to decrypt the message. In any case, could we agree that it's not _this_ bug
there which is about something completely different.

Please open a new bug, and attach a debug log file. But actually, I'm quite
convinced that this is a Gentoo-specific problem, and comment #11 is unrelated.
Its quite interesting to see that almost only Gentoo users complain about
Enigmail not working (also on the forum) even though there are plenty of other
Linux distributions and other OS'es with a lot more users....

------- Comment #17 From Marek Marczykowski 2010-09-26 11:17:17 [reply] -------

Ok, I've search deeper why this part gets application/gpg-signature, when
actually it is encrypted message, and I've found in /etc/mime.types:
application/pgp-encrypted                               pgp
application/pgp-signature                               asc pgp sig

Adding "asc" to application/pgp-encrypted solves the problem.

And yes, you are right - this is Gentoo specific... However it is solved now,
so I will not open new bug _here_.
Thanks for pointing the problem.

------- Comment #18 From Solour 2010-10-06 01:50:00 [reply] -------

I am using Gentoo and that does not fix this issue for me (it is a fix for
others; also Gentoo users...)

For a more lengthy description of my situation and what I tried please read on
here:
https://bugs.gentoo.org/show_bug.cgi?id=324849#c29

Is there any information I can provide?
Anything I can test?

Cheers and thanks for your time!

Discussion


Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.





No, thanks