#600 Please add support for Zimbra OpenPGP encrypted messages

[Barry de Graaff]

Hello Enigmail!

I am the developer of Zimbra OpenPGP Zimlet and I have a problem similar to:
https://sourceforge.net/p/enigmail/bugs/34/

I am trying to send a regular mime mail with encrypted text body and attachments to Enigmail users, only enigmail reads the attachments I sent fine, but the text body is not decrypted and shows the PGP MESSAGE BLOCK. Also sometimes enigmail displays This is a broken PGP/MIME message from MS-Exchange.. when I click repair the entire message goes blank.

Would it be possible to fix this? Thank you very much, an example message source:
https://gist.github.com/barrydegraaff/ae23da6522be0c7e10a7c75ddab20a6e

Return-Path: bgraaff@hivos.org
Received: from zimbra1.hivos.org (LHLO zimbra1.hivos.org) (192.168.200.5) by
 zimbra1.hivos.org with LMTP; Fri, 22 Apr 2016 10:58:40 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
    by zimbra1.hivos.org (Postfix) with ESMTP id 42C232C61698
    for <bgraaff@hivos.org>; Fri, 22 Apr 2016 10:58:40 +0200 (CEST)
Received: from zimbra1.hivos.org ([127.0.0.1])
    by localhost (zimbra1.hivos.org [127.0.0.1]) (amavisd-new, port 10032)
    with ESMTP id ifSqyo4MGHbs for <bgraaff@hivos.org>;
    Fri, 22 Apr 2016 10:58:40 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
    by zimbra1.hivos.org (Postfix) with ESMTP id 1BE8D2C6846D
    for <bgraaff@hivos.org>; Fri, 22 Apr 2016 10:58:40 +0200 (CEST)
X-Virus-Scanned: amavisd-new at zimbra1.hivos.org
Received: from zimbra1.hivos.org ([127.0.0.1])
    by localhost (zimbra1.hivos.org [127.0.0.1]) (amavisd-new, port 10026)
    with ESMTP id gU7hB7WvORcQ for <bgraaff@hivos.org>;
    Fri, 22 Apr 2016 10:58:39 +0200 (CEST)
Received: from zimbra1.hivos.org (localhost [127.0.0.1])
    by zimbra1.hivos.org (Postfix) with ESMTP id D42A52C61698
    for <b.de.graaff@hivos.nl>; Fri, 22 Apr 2016 10:58:39 +0200 (CEST)
Date: Fri, 22 Apr 2016 10:58:39 +0200 (CEST)
From: Barry de Graaff <bgraaff@hivos.org>
To: Barry de Graaff <b.de.graaff@hivos.nl>
Message-ID: <248529265.4429582.1461315519822.JavaMail.zimbra@hivos.org>
Subject: ***UNCHECKED*** Test body
MIME-Version: 1.0
Content-Type: multipart/mixed; 
    boundary="----=_Part_4429580_1962658502.1461315519820"
X-Originating-IP: [192.168.200.5]
X-Mailer: Zimbra 8.6.0_GA_1191 (ZimbraWebClient - GC50 (Linux)/8.6.0_GA_1191)
Thread-Topic: Test body
Thread-Index: AB4J9lq9evSsIIzfux9RZkwqaJNBig==

------=_Part_4429580_1962658502.1461315519820
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit

-----BEGIN PGP MESSAGE-----
Version: OpenPGP.js v2.2.1
Comment: http://openpgpjs.org

wcFMAzxg7nCOIv0aAQ/9GgbkmDIMAl4tyYfU7nQ0BvOfe9x10+HpP91Mxtff
fcBo4J/Eo9RZessyA55GKpzaqDX+Kfzq4YbW1IiqAPoZ0SD98foJJUu1A8FF
Bhs42fiPKZYJ/5q7IZ79BLwO1KtAMIh7MARe7/2z6g0yO1OiRe3w9CBnUXlp
ZeYc35LOQZggzr2+63aXPgX9+VHcwAR61MkxDGq4K5aSb4tNa1TX0QMEpSjM
....
m0hzisSQNLyJf8s1Z4rGzgh+iGlLOZRgKTAZW5/slxKVj6Wo6uQ98W8ZcKbL
GcXckNlBarva8ry82Uwxagk4xbBVq9DnJWJQpraMRFop6D56VEiAD7kyJyEr
aCD1MMVuJx8JvaHo1M0akeCzzPtAwbHPsY9lBH1aXeoTWwMYpvaBZmc+TGfL
U51amq0WLXBso4S52kLWeDm5KmqoXIukH8bwZA==
=IFlA
-----END PGP MESSAGE-----

------=_Part_4429580_1962658502.1461315519820
Content-Type: application/pgp-encrypted; name=loading.gif.pgp
Content-Disposition: attachment; filename=loading.gif.pgp
Content-Transfer-Encoding: base64

wcFMAzxg7nCOIv0aAQ/+PfxcM0wCQGJcI3HO4MVLI5KC3leiyqiXdaWfRGvlenRiNrPnMxLs5IFY
3XFE9Luur2J9o62zgVX/19Z/+gcqaix5UUWoFcBl9uyzCJ9VmPJHrkKwgjfP9SOvc17AYtpL6Tvx
IXIXzfzPSqfbM+oy0DzH/l7qEfkJYnJNmrh6sDbQnwy92IfQk56iuCkQBU4sba4eanzOEVd/hDg9
....
BdX6SKEqaDE9XrZDoCE9vRHBd4+EAyIGsinJTJsdQXRx2uZudssM5AydMGJMBaAhXfCs+F/Bzwp0
ktC5FlDb5rGR2lTLh5MGFp/wPPeaqBy7zBQJPJ86Wqa8uePpViZUW9hFRQbUqaNF71eYNgPZRT0A
og==
------=_Part_4429580_1962658502.1461315519820--

[Patrick Brunschwig]

The "problem" with the message is that the attachment (loading.gif.pgp) has the content-type "application/pgp-encrypted". This leads Enigmail to thinking it's a broken PGP/MIME message from Outlook/Exchange, even though in your case it's a inline-PGP message.

"application/pgp-encrypted" is a reserved content-type for specific purposes. Is there any possiblity that you set the content-type for attachments to e.g. application/octet-stream?

[Barry de Graaff]

Hello Patrick,

Thanks for your response and your efforts on Enigmail.

Unfortunately the MIME type is added by Zimbra as soon as I upload a .pgp file (the client operating system does not seem to matter) changing that in Zimbra is out of my reach. And pgp/mime is also not an option as that needs a lot of changes server side, that are also out of my reach.

I could do more research... but I am sceptical on changing that Zimbra side.

Howerver, I did wrote a small patch for enigmail, that is similar to the Exchange one and should be pretty safe, can you please tale a look into it and consider it for merging?

Thanks a lot! If you need a different patch format, please let me know:

https://gist.github.com/barrydegraaff/4bcb7d9f7e779646d02fe56bde8ff4df

Best regards, Barry

[Barry de Graaff]

I updated the patch to avoid an error for messages send from Zimbra w/o attachments.

Please let me know, if I need to provide anything more. Barry

[Patrick Brunschwig]

This looks fine. Patch slightly modified and applied.

[Barry de Graaff]

Searching on the internet I see 3 common choices when sending files using regular mime:
.asc = text/plain
.pgp = application/pgp-encrypted (= this bug)
.gpg = application/pgp-encrypted

If I rename the file to .asc - Zimbra would send that as plain text and one could download it from Thunderbird/Enigmail. But the binary would also be displayed as text, that would be ugly.

Another option maybe use .bin as extension, but nobody seems to do that.

What would be the proper file extension?

[Barry de Graaff]

OK Great, I just see you did merge the patch, THANKS A LOT!!

[Barry de Graaff]

For future reference, the developer(s) of Zimbra OpenPGP Zimlet can be contacted via the mailing list at http://lists.zetalliance.org/mailman/listinfo/devel_lists.zetalliance.org or info@barrydegraaff.tk

[Daniel Kahn Gillmor]

Is there an open Zimbra bug report that describes the problems you're having with generating standard PGP/MIME messages? If so, can you point to it?

Enigmail is not the only MUA that receives and parses OpenPGP mail, and asking each individual receiving MUA to modify their code to cope with non-standard message structures from Zimbra seems like the Wrong Way to go about things.

There is a standard way to generate OpenPGP e-mail: it's PGP/MIME.

If you're not at least trying to get Zimbra to be able to make those changes to conform to the standard, it's a little frustrating to think that every receiving MUA is going to have to be modified to take into account every sending MUA's quirky ideas about how to generate some non-standard OpenPGP e-mail.

Please indicate where this is at least trying to be addressed upstream in Zimbra so that we can help encourage that project to do the right thing.

[Barry de Graaff]

Hello Daniel,

Here are the upstream bugs:

https://github.com/Zimbra-Community/pgp-zimlet/issues/54

https://bugzilla.zimbra.com/show_bug.cgi?id=98622

While pgp/mime is nice, one disadvange is one would have to decrypt the entire message including attachments for reading just the body of the email. This will eat a lot of performance especially if you work from your phone or a browser. I know having a full blown OS is better security wise, but in most cases users will want the convienience of their phone or webmail.

Spend a lot of time getting pgp/mime moving forward in zimbra, but getting it fixed is still at least one year away. Barry

[Barry de Graaff]

https://bugzilla.zimbra.com/show_bug.cgi?id=100883