Menu
▾
▴
#673 Detect missing smartcard
Summary: Enigma does not detect when an OpenPGP smartcard is not plugged in, but should be. This breaks the whole GPG block, resulting in invalid signatures (if the email is signed, but not encryped) and data loss (completely unreadable content if the email is signed and encrypted). I have had to rewrite several emails that got destroyed this way.
Environment: This problem happens with Enigmail 1.9.6.1 on Ubuntu Linux. I haven't tested it on other operating systems yet.
I'm using a YubiKey neo as an OpenPGP smartcard.
Steps to reproduce (1):
- Write an email. Set it to be GPG-signed, but not encrypted.
- Do not plug in your YubiKey neo.
- Send the email.
Expected result (1):
The email is not sent. Instead, Enigmail detects that the smartcard (that contains the private key with which the email is to be signed) is not plugged in and refuses to send the email.
Actual result (1):
The email is sent, and Enigmail does not stop this.. As the smartcard is missing, there's the start of the PGP block at the beginning of the message, but there is no end delimiter or signature to the block, resulting in a missing/broken signature:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
text here
Steps to reproduce (2):
- Write an email. Set it to be both GPG-signed as well as encrypted.
- Do not plug in your YubiKey neo.
- Send the email.
Expected result (1):
The email is not sent. Instead, Enigmail detects that the smartcard (that contains the private key with which the email is to be signed) is not plugged in and refuses to send the email.
Actual result (1):
The email is sent, and Enigmail does not stop this. As the smartcard is missing, the GPG block is incomplete, making the message content unreadable:
-----BEGIN PGP MESSAGE-----
Charset: utf-8
Version: GnuPG v2
hQEMAznlokxT7ZS8AQf/cxhTt1i25AqzUXV0mWStgTgx9S+MlpxCcM2bedZPSuc2
IC2wrjTQgPwwM7D0bC9TaStLygpOEcEd0h6lcWORQFklG9oHG8YfgJVTjCfnbKQt
0y4++XFJnjrT5Mo68pZ9lcM/wai7+RlsTj1X8j5bhLgpcoo19up2RlDKQu3OXGat
nigi+U8sELtkEy6Iy79x+XS4CTP7CK9V1/jUu2tmZiQ0BcNeTRemscD2Enb2vd9+
fxzyOxQWXXYrb45vFVFqr7q1Skyi2Z9H97TCk5/wXBR0KVG2dTAxBB3N6b+uJYQ9
smw1YC+jkE7Di5UzVACvNBK/YD4nveyqU0pOQm04
Hi, as far as I'm informed the Yubikey is both a card reader and a smartcard from the view of GnuPG. I'll be testing this.
I've tried to reproduce the issue you're having, but the sending of incomplete messages if the card reader is disconnected is not happening here.
If I simply remove the card reader there are some not very accurate, error messages. If I repeat this,
but additionally kill gpg-agent after removing the card reader, then Enigmail asks for the correct card.
In both cases, no mail is sent.
But: we're on different platforms and different gpg versions (Mac OS X 10.12 and gpg 2.1.18 here). Maybe upgrading to 2.1.18 will help you. I know that there have been several fixes to smartcard relevant code in gpg in the last months.
I've just tested, what I had forgotten yesterday: PGP/Inline messages. Behaviour is the same. In every case where I didn't kill gpg-agent, Enigmail reported "Error - encryption command failed". No (incomplete) mail was sent.
Please post a debug log to further analyze what goes wrong at your side. Instructions on how to do that can be found here: https://enigmail.net/index.php/en/faq?view=topic&id=15#faqLink_6, section "How can I create a debugging log file". Please save the log directly after the action that goes wrong. You may want to obfuscate sensible information in the file before posting it here. Thanks!
By the way, this is with GPG 2.1.11. I'll do the debugging and then report back.
I'll also re-test this after I've upgraded to the new Kubuntu version, i.e., with an updated GPG version.
I'm currently working on reproducing this. It looks like the sending fails if I try to send the message right after (re-) opening Thunderbird.
If I decrypt/sign a message first and then remove the YubiKey, the problem occurs (i.e., the message is sent, but with a broken PGP block). Going to attach the debug log now.
Strange - I could reproduce the problem ten minutes ago, but not anymore now. My hypothesis that the YubiKey needed to be plugged-in first and then be removed again was wrong. I'm still trying to find out what exactly triggers the problem.
This is the log (with some lines removed) of the problem occurring.
The log contains:
but no further error message. Enigmail does - up to now - not look at this speicifc error message. It seems that gpg reports different error messages with 2.0.x than with 2.1.x.
Anyway, now that we know what to look for, we can fix it.
I think this was an incorrect behavior of GnuPG 2.1.11, which was fixed by now. GnuPG is expected to print more errors than "FAILURE sign" in case of such a condition.