Enigmal 2.0.1 cannot decrypt, but Enigmail 1.9.9 can and gpg shell also

OpenPGP addon for Mozilla Thunderbird

Brought to you by: pbrunschwig

Enigmal 2.0.1 cannot decrypt, but Enigmail 1.9.9 can and gpg shell also

Forum: Enigmail Support

Creator: peter.rudolph@pi-data.de

Created: 2018-04-09

Updated: 2018-04-10

peter.rudolph@pi-data.de - 2018-04-09

Hello,

Enigmal 2.0.1 cannot decrypt mails received from one of our customers (Daimler). Decrypt works with gpg shell command and also with Enigmail 1.9.9. The problems exists on three Linux PCs.

Platform: Kubuntu 17.10 or Ubuntu 16.04, 64-bit, Thunderbird 52.7.0, Enigmail 2.0.1, IMAP

Enigmail reports (translated from german):
Error - no matching key found
gpg: encrypted with ... (Sender's mail address)
gpg: encrypted with ... (Receipient's mail address)
gpg: WARNING: Message is not integrity protected
Note: The message has been encrypted with following user IDs/keys: <receiver's fingerprint="">, <sender's fingerprint=""></sender's></receiver's>

The message is the same for both versions of Enigmail, but Enigmail 2.0.1 does not decrypt the message.

Pasting encrypted message block to gpg shell alaso decrypts successfully (and without warning)

As Workaround I switched back to Enigmail 1.9.9

Kind Regards,
Peter

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Patrick Brunschwig - 2018-04-09

Can you please attach a debugging log file, created with Enigmail 2.0.1 immediately after you tried to decrypt a message?

See https://enigmail.net/index.php/en/faq-en?view=topic&id=15 for how to create a debug log file.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

peter.rudolph@pi-data.de - 2018-04-10

Enigmail Security details (german) for exact that message for which log is provided (Replaced senders name and mail by "<sender>"):</sender>

Enigmail-Sicherheitsinfo:

Fehler - kein passender privater/geheimer Schlüssel zur Entschlüsselung gefunden

gpg: encrypted with 2048-bit RSA key, ID D34B1030EF8E0062, created 2017-04-04
"<sender>"
gpg: encrypted with 4096-bit RSA key, ID 7B5A7C1123D58250, created 2018-04-05
"Peter Rudolph peter.rudolph@pi-data.de"
gpg: WARNING: message was not integrity protected</sender>

Hinweis: Die Nachricht wurde mit folgenden Benutzer-IDs / Schlüsseln verschlüsselt:
0x7B5A7C1123D58250 (Peter Rudolph peter.rudolph@pi-data.de),
0xD34B1030EF8E0062 (<sender>)</sender>

Last edit: peter.rudolph@pi-data.de 2018-04-10

enigmail-log-2018-04-10.log

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Patrick Brunschwig - 2018-04-10

The message could technically be decrypted. However, the message lacks integrity protection (MDC). As there are several documented attacker scenarios for this, Enigmail 2.0 will no longer display such messages.

The latest discussion was here: https://lists.gnupg.org/pipermail/gnupg-devel/2018-January/033352.html

The solution (for the sender) is described for example here: https://lists.gnupg.org/pipermail/gnupg-users/2013-January/045981.html

Possibly, but not recommended, you could also add the following option to gpg.conf:
--no-mdc-warning

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

peter.rudolph@pi-data.de - 2018-04-10

Thanks a lot for your fast support. For a future Enigmail Release it might be helpful to provide the information of your last post to the user.

We will try to convice our customer to fix MDC security problem.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.