Error "Secret key needed for decryption" is shown, although email was successfully decrypted

[Sebastian Hucke]

Hi all,

I am using Thunderbird 52.2.1 (64-bit) and Enigmail 1.9.7.

I have a problem with emails sent from the employees of one organization: Enigmail shows a warning everytime I open / decrypt an email sent by one of them. Encryption/decryption is working fine with other senders/recipients.

The warning is shown right above the email message in TB: "Error - secret key needed for decryption; for more information click on details". Funny fact: The message was indeed successfully decrypted. Despite that, Enigmail complains about a missing secret key.

I did a lot of searching but found nothing helpful. Things that I suspect of being the cause:
1. The message is a mime/multipart message. First part is the encrypted plaintext message. Second part consists of one encrypted attachment and one attachment without encryption (the public key of the sender).
2. The message was encrypted using multiple keys - my public key and the one of the sender (PGP/MIME)

I also saved the email as well as the encrypted attachment as files and decrypted them via shell. An error occured that was not shown in the Enigmail log so far: gpg: handle plaintext failed: unexpected error. I had to use --allow-multiple-messages to get rid of this error. Then, the email was decrypted (attachment inclusive) without an error. Unfortunately, I had no luck to get rid of the error message in Enigmail by adding the param to the additional GnuPG params field.

Does anybody know what is possibly wrong with this emails - or with my configuration?
Below are some supplementary information.

Thank you very much in advance!
Sebastian

Software versions:
- Thunderbird 52.2.1 (64-bit)
- Enigmail 1.9.7
- gpg (GnuPG) 2.1.11
- libgcrypt 1.6.5
- Linux Mint 18.1 Serena with 4.10 kernel

Debug output of Enigmail log:

2017-07-31 23:13:08.952 [DEBUG] execution.jsm: EnigmailExecution.fixExitCode: agentType: gpg exitCode: 2 statusFlags 590081
2017-07-31 23:13:08.953 [DEBUG] enigmailCommon.jsm: decryptMessageEnd: process: ENC_TO my-public-key 1 0
2017-07-31 23:13:08.953 [DEBUG] enigmailCommon.jsm: decryptMessageEnd: process: ENC_TO senders-public-key 1 0
2017-07-31 23:13:08.954 [DEBUG] enigmailCommon.jsm: decryptMessageEnd: process: NO_SECKEY senders-public-key
2017-07-31 23:13:08.954 [DEBUG] enigmailCommon.jsm: decryptMessageEnd: process: BEGIN_DECRYPTION
2017-07-31 23:13:08.954 [DEBUG] enigmailCommon.jsm: decryptMessageEnd: process: DECRYPTION_INFO 0 9
2017-07-31 23:13:08.954 [DEBUG] enigmailCommon.jsm: decryptMessageEnd: process: PLAINTEXT 62 1501155423 
2017-07-31 23:13:08.954 [DEBUG] enigmailCommon.jsm: decryptMessageEnd: process: PLAINTEXT_LENGTH 1536
2017-07-31 23:13:08.954 [DEBUG] enigmailCommon.jsm: decryptMessageEnd: process: NEWSIG
2017-07-31 23:13:08.954 [DEBUG] enigmailCommon.jsm: decryptMessageEnd: process: SIG_ID 5JYDMHx4/4+yDzsGocelXXbT5cU 2017-07-27 1501155423
2017-07-31 23:13:08.954 [DEBUG] enigmailCommon.jsm: decryptMessageEnd: process: GOODSIG senders-public-key Joe Example <joe.example@some-company.de>
2017-07-31 23:13:08.954 [DEBUG] enigmailCommon.jsm: decryptMessageEnd: process: VALIDSIG fingerprint-of-the-senders-key 2017-07-27 1501155423 0 4 0 1 8 00 fingerprint-of-the-senders-key
2017-07-31 23:13:08.954 [DEBUG] enigmailCommon.jsm: decryptMessageEnd: process: TRUST_FULLY
2017-07-31 23:13:08.954 [DEBUG] enigmailCommon.jsm: decryptMessageEnd: process: DECRYPTION_FAILED
2017-07-31 23:13:08.954 [DEBUG] enigmailCommon.jsm: decryptMessageEnd: process: END_DECRYPTION

An excerpt from the email's sources:

<some-headers-that-are-no-ones-business>
MIME-Version: 1.0
Content-Type: multipart/mixed; 
    boundary="----=_Part_8400_2033381898.1501155423844"
<more-header-information>

------=_Part_8400_2033381898.1501155423844
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit

-----BEGIN PGP MESSAGE-----
Version: OpenPGP totemomail
Comment: totemomail OpenPGP - http://www.totemo.com
Charset: ISO-8859-1

<some-random-characters... :-) >
-----END PGP MESSAGE-----

------=_Part_8400_2033381898.1501155423844
Content-Type: application/octet-stream; name=PGPexch.htm.asc
Content-Transfer-Encoding: 7bit
X-Content-PGP-Universal-Saved-Content-Transfer-Encoding: quoted-printable
X-Content-PGP-Universal-Saved-Content-Type: text/html; charset="ISO-8859-1"
Content-Disposition: attachment; filename=PGPexch.htm.asc
X-PGP-MIME-Structure: alternative

-----BEGIN PGP MESSAGE-----
Version: OpenPGP totemomail
Comment: totemomail OpenPGP - http://www.totemo.com
Charset: ISO-8859-1

<even-more-random-characters... :-) >
-----END PGP MESSAGE-----

------=_Part_8400_2033381898.1501155423844
Content-Type: text/plain; charset=us-ascii; name="Joe Example.asc"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="Joe Example.asc"

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: OpenPGP totemomail
Comment: totemomail OpenPGP - http://www.totemo.com

<oh-no!-more-random-characters>
-----END PGP PUBLIC KEY BLOCK-----

------=_Part_8400_2033381898.1501155423844--

[Patrick Brunschwig]

The option --(no-)allow-multiple-messages was introduced in response to a situation by which a sender could trick the recipient by combining signed and unsigned messaage parts in a single OpenPGP message [1]. I'm therefore not surprised to see that Enigmail responds with an error, even if the error message seems strange.

GnuPG indeed issued "DECRYPTION_FAILED" which means for Enigmail that the message could not be decrypted. Earlier versions of GnuPG used a different error message, which allowed Enigmail to display a more accurate message to the user.

[1] https://www.coresecurity.com/content/gnupg-and-gnupg-clients-unsigned-data-injection-vulnerability

[Sebastian Hucke]

OK, that does make sense to me.

Nevertheless, why do I still receive this "[GNUPG:] DECRYPTION_FAILED" errors although I told gpg2 to allow multiple messages? AND that despite gpg2 being able to successfully decrypt both encrypted parts!

Let's start with the default case:
When I ommit "--allow-multiple-messages" gpg2 throws some warnings like "gpg: handle plaintext failed: Unerwarteter Fehler" and "gpg: WARNUNG: Mehr als ein Klartext erkannt" (i.e. "gpg: WARNING: more than one plaintext detected" in english). In this case the encrypted second multiplart (the attachment) won't get decrypted.

Command (got it from the Enigmail console, edited it slightly by adding -v and executed it via bash):

gpg2 --charset utf-8 --display-charset utf-8 --use-agent -v --default-key my@mail.de --batch --no-tty --status-fd 2 --max-output 297300 --decrypt Test.eml

Part of the outpt:

*<first part of the message that has been successfully decrypted - ommitted here>*
[GNUPG:] NEWSIG
gpg: Signatur vom Mo 24 Jul 2017 10:09:12 CEST mittels RSA-Schlüssel ID <sender's ID>
[GNUPG:] SIG_ID HcRAPqlzIgJRFSYBSJZVM5cu5Go 2017-07-24 1500883752
gpg: verwende Vertrauensmodell PGP
[GNUPG:] GOODSIG <sender's ID> Joe Example <joe.example@organization.de>
gpg: Korrekte Signatur von "Joe Example <joe.example@organization.de>" [vollständig]
[GNUPG:] VALIDSIG <sender's fingerprint> 2017-07-24 1500883752 0 4 0 1 8 00 <sender's fingerprint>
[GNUPG:] TRUST_FULLY
gpg: Binäre Signatur, Hashmethode SHA256, Schlüsselverfahren rsa2048
gpg: ASCII-Hülle: Version: OpenPGP totemomail
gpg: ASCII-Hülle: Comment: totemomail OpenPGP - http://www.totemo.com
gpg: ASCII-Hülle: Charset: utf-8
gpg: Öffentlicher Schlüssel ist <my public ID>
[GNUPG:] ENC_TO <my key> 1 0
gpg: der Unterschlüssel <my key> wird anstelle des Hauptschlüssels <my key> verwendet
gpg: Öffentlicher Schlüssel ist <sender's ID>
[GNUPG:] ENC_TO <sender's...> 1 0
gpg: verschlüsselt mit 2048-Bit RSA Schlüssel, ID <sender's ID>, erzeugt 2015-01-12
      "Joe Example <joe.example@organization.de>"
[GNUPG:] NO_SECKEY <sender's key>
gpg: verschlüsselt mit 4096-Bit RSA Schlüssel, ID <my ID>, erzeugt 2017-06-27
      "Sebastian Hucke <my@mail.de>"
[GNUPG:] BEGIN_DECRYPTION
gpg: AES256 verschlüsselte Daten
[GNUPG:] DECRYPTION_INFO 0 9
gpg: Ursprünglicher Dateiname=''
gpg: WARNUNG: Mehr als ein Klartext erkannt
[GNUPG:] ERROR proc_pkt.plaintext 89_BAD_DATA
gpg: handle plaintext failed: Unerwarteter Fehler
[GNUPG:] NEWSIG
gpg: Signatur vom Mo 24 Jul 2017 10:09:12 CEST mittels RSA-Schlüssel ID <sender's ID>
[GNUPG:] BADSIG <sender's> Joe Example <joe.example@organization.de>
gpg: FALSCHE Signatur von "Joe Example <joe.example@organization.de>" [vollständig]
gpg: Binäre Signatur, Hashmethode SHA256, Schlüsselverfahren rsa2048

When I explicitly allow multiple messages with "--alow-multiple-messages" the above errors vanish but I get the DECRYPTION_FAILED error. Both encrypted parts get successfully decrypted though.

Command:

gpg2 --charset utf-8 --display-charset utf-8 --use-agent --allow-multiple-messages -v --default-key my@mail.de --batch --no-tty --status-fd 2 --max-output 297300 --decrypt Test.eml

Output:

*<both encrypted parts of the message are displayed - ommitted here>*
[GNUPG:] NEWSIG
gpg: Signatur vom Mo 24 Jul 2017 10:09:12 CEST mittels RSA-Schlüssel ID <sender's ID>
[GNUPG:] SIG_ID GfCt3y8FpW52DfN4viC3vqvtFGE 2017-07-24 1500883752
[GNUPG:] GOODSIG <senders' key> Joe Example <joe.example@organization.de>
gpg: Korrekte Signatur von "Joe Example <joe.example@organization.de>" [vollständig]
[GNUPG:] VALIDSIG <sender's fingerprint> 2017-07-24 1500883752 0 4 0 1 8 00 <sender's fingerprint>
[GNUPG:] TRUST_FULLY
gpg: Binäre Signatur, Hashmethode SHA256, Schlüsselverfahren rsa2048
gpg: ASCII-Hülle: Version: OpenPGP totemomail
gpg: ASCII-Hülle: Comment: totemomail OpenPGP - http://www.totemo.com
gpg: WARNUNG: Botschaft wurde nicht integritätsgeschützt (integrity protected)
[GNUPG:] DECRYPTION_FAILED
[GNUPG:] END_DECRYPTION
gpg: WARNUNG: Botschaft wurde nicht integritätsgeschützt (integrity protected)
[GNUPG:] DECRYPTION_FAILED
[GNUPG:] END_DECRYPTION
pub  rsa2048/<sender's ID> 2015-01-12 [verfällt: 2018-01-11]
uid                   Joe Example <joe.example@organization.de>
sig        <some ID?!> 2015-01-12   [User-ID nicht gefunden]
sig        <sender's ID> 2015-01-12   [selfsig]
sub  rsa2048/<sender's ID> 2015-01-12 [verfällt: 2018-01-11]
sig        <sender's ID> 2015-01-12   [keybind]

(Hopefully, it is OK that I pasted the output in german language.)

Am I missing or misunderstanding something?