How to handle "No matching secret key found to decrypt message"

[Thomas Zell]

I set up encrypted communication with my bank today:
1. Send them my public key
2. Got an encrypted response with
- Encrypted body text
- The message attached in asc format
- The PubKey of the sender attached
- I save the attachment and can see that it is identical to the enrcypted body text of the message

The body text will stay encrypted and the header shows the "no matching secret key" message
However, when I click on the attachment inside Thunderbird it will open up in my browser and show the message in clear text/decrypted.

Enigmail Security Info will show the below:
Error - no matching secret key found to decrypt message
Good signature from <sender>
Note: The message is encrypted for the following User ID's / Keys:
<my correct="" ID=""> ( my name and email),
<sender correct ID< ( sender name and email)

So it looks like Enigmail finds the key when I double click the attachment, but not inside the email itself?

My environment:
Kubuntu 18.04
Thunderbird 52.7.0
Enigmail 2.0.2

I used this key and email address before and those encrypted emails still open just fine inside Thunderbird.
Any ideas on what could go wrong?

Thanks
Thomas

[Patrick Brunschwig]

Please see here: https://sourceforge.net/p/enigmail/forum/support/thread/c3fc63af/

[Thomas Zell]

Thanks for getting back so quickly Patrick. I did see this other post earlier but didn't relate it to my situation because it did sound like a different problem.

I did check now and I do have a ~/.gnupg directory. Amongst others I can see a "private-keys-v1.d" directory which contains 6 files.
Not sure why it's 6 because I only hold 3 identies with PGP keys but maybe there are some obsolete keys from back when I started with PGP.
The file names of the 6 files don't match the key ID or fingerprint of the keys I see in Enigmail Key Management so I don't know if what I see are valid keys and which file matches which email address.

But nevertheless, I think Enigmail is finding the keys in principle as I am getting asked to type in my key password whenever I send an email, I can also read and open encrypted emails which were sent to me a while back using the same keypair which is causing trouble right now.
And like I wrote initially, when I open the encrypted attachment inside Thunderbird the attachment will succesfully decrypt which I would view as the right key is available, found and applied?

Thanks
Thomas

[Patrick Brunschwig]

Oh, sorry, that was the wrong link. I wanted to point you to this thread:
https://sourceforge.net/p/enigmail/forum/support/thread/7b5800e0/#91d6

[Thomas Zell]

Ah yes, that makes a lot more sense :-)
Hm, I will ask the bank to check at their end but won't hold my breath as to how quickly they will be able to change this, I see they are using a totemomail gateway.
Apart from pushing the sender for a more up to date way of communication, do you plan to handle this situation in a more user friendly way in Enigmail? Maybe display a warning instead of this error but still process the email?

[Patrick Brunschwig]

To be quite honest, that's unlikely. MDC is now 17 years old, and it's really about time that emails without MDC are rejected. There are a number of known severe security attacks possible if MDC is omitted.

Furthermore, GnuPG just tells me "decryption failed", but there is no information why (e.g. missing MDC or invalid MDC), therefore Enigmail can't tell much more.

[Thomas Zell]

Ok, I see. Thanks for looking into this Patrick!

[Malte Finsterwalder]

In the Enigmail preferences on the "Advanced"-tab you can set "Additional Parameters for GnuPG". Here you can add "--no-mdc-warning".

[Patrick Brunschwig]

I would strongly recommend not to do that. You'llexpose yourself towards the Efail vulnerability.

[Albert Uftata]

I think I have the same problem as Thomas Zell and I asume that we are talking about the "1822direkt"-bank, as a do not know any other bank with PGP-support. Before I ask the bank to change their key, I would like to make sure, that the problem is actually their key. This is the output of gpg2. It looks like MDC is missing - right?

gpg2 --edit-key eumel@1822direkt.com
gpg (GnuPG) 2.1.11; Copyright (C) 2016 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

pub  dsa1024/C4CAEE2C
     created: 1999-07-15  expires: never       usage: SCA 
     trust: unknown       validity: unknown
sub  elg4096/18265267
     created: 1999-07-15  expires: never       usage: E   
[ unknown] (1). 1822direkt EUMEL <eumel@1822direkt.com>
[ unknown] (2)  1822direkt Gesellschaft der Frankfurter Sparkasse mbH <pgp@1822direkt.com>

gpg> showpref
[ unknown] (1). 1822direkt EUMEL <eumel@1822direkt.com>
     Cipher: CAST5, IDEA, 3DES
     Digest: SHA1
     Compression: ZIP, Uncompressed
[ unknown] (2)  1822direkt Gesellschaft der Frankfurter Sparkasse mbH <pgp@1822direkt.com>
     Cipher: CAST5, IDEA, 3DES
     Digest: SHA1
     Compression: ZIP, Uncompressed

gpg> 

[Patrick Brunschwig]

Yes, MDC is missing.

[Henning Mersch]

Hi,
Thanks for the thread - I sent a message to 1822direkt - maybe others could do that also to raise their attention.

BR - Henning

[Henning Mersch]

Hi,
Thanks for the thread - I sent a message to 1822direkt - maybe others could do that also to raise their attention.

BR - Henning

[Thomas Zell]

Mine's a different bank but also a member of the Sparkassen Group which probably means the gateway is supplied by their central IT organisation -> all members of the Sparkassen group in Germany affected.

Edit: Just received confirmation from my bank that they have now turned on MDC. Case closed :-)

[Albert Uftata]

So the 1822direkt updated their key:

gpg2 --edit-key eumel@1822direkt.com
gpg (GnuPG) 2.1.11; Copyright (C) 2016 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

pub  dsa1024/C4CAEE2C
     created: 1999-07-15  expires: never       usage: SCA 
     trust: full          validity: full
sub  elg4096/18265267
     created: 1999-07-15  expires: never       usage: E   
[ unknown] (1). Kontoticker 1822direkt (Gesellschaft der Frankfurter Sparkasse mbH) <kontoticker@1822direkt.de>
[  full  ] (2)  1822direkt EUMEL <eumel@1822direkt.com>
[  full  ] (3)  1822direkt Gesellschaft der Frankfurter Sparkasse mbH <pgp@1822direkt.com>

gpg> showpref
[ unknown] (1). Kontoticker 1822direkt (Gesellschaft der Frankfurter Sparkasse mbH) <kontoticker@1822direkt.de>
     Cipher: AES256, AES192, AES, CAST5, 3DES
     Digest: SHA256, SHA1, SHA384, SHA512, SHA224
     Compression: ZLIB, BZIP2, ZIP, Uncompressed
     Features: MDC, Keyserver no-modify
[  full  ] (2)  1822direkt EUMEL <eumel@1822direkt.com>
     Cipher: AES256, AES192, AES, CAST5, 3DES
     Digest: SHA256, SHA1, SHA384, SHA512, SHA224
     Compression: ZLIB, BZIP2, ZIP, Uncompressed
     Features: MDC, Keyserver no-modify
[  full  ] (3)  1822direkt Gesellschaft der Frankfurter Sparkasse mbH <pgp@1822direkt.com>
     Cipher: CAST5, IDEA, 3DES
     Digest: SHA1
     Compression: ZIP, Uncompressed

However I still receive an error message when trying to read the message in Thunderbird and the message is not decrypted:

gpg: WARNING: message was not integrity protected

[Patrick Brunschwig]

It still requires 1822direkt to create messages with MDC. In other words, you cannot decrypt old messages, just because the key is updated.

I also notice that the 3rd UID (pgp@1822direkt.com) is not updated.

[Albert Uftata]

The key on the banks website actually wasn't updated: https://www.1822direkt.de/pgp5key.asc

The updated key with the missing UID was from a keyserver.

The bank asked for patience, they are looking into the problem.

[localguru]

@Albert any news on this? any feedback from 1822. Do have the same problem, solved by on-the-fly decryption on the mailserver. But should be just a temporarily solution. Checked the Konto-Ticker messages with evolution, but evolution can't decrypt, because 1822 sent them PGP/Inline.

[Albert Uftata]

@localguru I haven't heard from the bank since July. I'm afraid they try to ignore the problem, as more and more customers use mobile apps anyway. I just wrote to them again and recommend that all 1822-customers who would like to use the PGP-feature should contact the bank as well. Otherwise they will assume that no one cares.

[Torsten]

I wrote the 1822 already in July. The answer: The 1822direkt is already working on a bug fix. We ask for your understanding that we can not currently give you a binding date until when the error is resolved.
Today I have again written a message to the 1822 and pointed to their own terms and conditions. Under "Conditions for communication with the 1822direkt", point 2.6 customer due diligence obligations are specified. For example, Firewall and updating the software. Only I can not install a current version of Enigmail, because then the communication with the 1822 does not work anymore. So I am forced by the 1822, to violate the terms and conditions. They have overslept the time and will sit out or abolish it. Then time to say goodbye.​

[Torsten]

I think we made it. Today I received the following message from der1822 On 23.10.2018 we provide our PGP encryption with PGP encryption MDC (Modification Detection Code). From this date, the previous key not used anymore.

[Albert Uftata]

Yes, me too. Here is the new key: https://www.1822direkt.de/kontoticker-pub.asc

[Guido Jäkel]

But now, for me the new messages (generated by BCPG v1.60) seems not to be signed, anymore. May you confirm this?