Hello list, I mentioned[1] on the GnuPG-Users mailing list that I sometimes encounter a bug in Enigmail where the resulting mail is strangely formatted when signing with my smartcard fails. Daniel Kahn Gillmor asked me to report it here to you guys.
Last Thursday, I replied[2] to a message in GnuPG-Users. I have the option "Encrypt/sign replies to encrypted/signed message" turned on, because I don't want to forget encrypting when replying to an encrypted message, and by that accidentally quote and reveal something the other wrote. In this case, I replied to a signed message, so Enigmail had signing checked. I didn't have my smartcard reader plugged in. Normally when I hit "Send", it will complain about the smartcard and cancel[3], after which I would uncheck "Sign" and hit "Send" again. But once in a while, it will instead send a message without erroring out and cancelling. This time, it just emitted the header: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 and what then followed was just my message, without the signature footer. I had a different variation once with an encrypted and signed message. I'm not sure I remember exactly, but I think I ended up pressing the Cancel key on the pinpad of my smartcard reader, and then trying to send the mail again and this time enter the PIN. Enigmail ended up sending out a mail with an OpenPGP ascii-armoured message encrypted only to me, with inside that an OpenPGP ascii-armoured message encrypted to me and the intended recipient and signed by me (in other words, the outer message was wrong, the inner one was correct and what should have been sent). The mail looked like this (bunch of headers omitted): ----------------------8<----------[SNIP]---------->8---------------------- From: Peter Lebbing <[email protected]> User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:10.0.12) Gecko/20130116 Icedove/10.0.12 MIME-Version: 1.0 X-Enigmail-Version: 1.4.1 OpenPGP: id=8FA94E79AD6AB56EE38CE5CBAC46EFE6DE500B3E; url=http://digitalbrains.com/2012/openpgp-key-peter X-Enigmail-Draft-Status: 707 Content-Type: multipart/encrypted; protocol="application/pgp-encrypted"; boundary="------------enig045BDC7F90611807CDE50A81" This is an OpenPGP/MIME encrypted message (RFC 2440 and 3156) --------------enig045BDC7F90611807CDE50A81 Content-Type: application/pgp-encrypted Content-Description: PGP/MIME version identification Version: 1 --------------enig045BDC7F90611807CDE50A81 Content-Type: application/octet-stream; name="encrypted.asc" Content-Description: OpenPGP encrypted message Content-Disposition: inline; filename="encrypted.asc" -----BEGIN PGP MESSAGE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ [...] -----END PGP MESSAGE----- --------------enig045BDC7F90611807CDE50A81-- ----------------------8<----------[SNIP]---------->8---------------------- Doing gpg2 --list-packets on the outer mail tells me: :pubkey enc packet: version 3, algo 1, keyid 26F7563E73A33BEE data: [2048 bits] :encrypted data packet: length: unknown mdc_method: 2 gpg: encrypted with 2048-bit RSA key, ID 73A33BEE, created 2009-11-12 "Peter Lebbing <[email protected]>" :compressed packet: algo=2 :literal data packet: mode t (74), created 1376391644, name="", raw data: unknown length Decrypting this outer OpenPGP message reveals it contains the following text: ----------------------8<----------[SNIP]---------->8---------------------- Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable -----BEGIN PGP MESSAGE----- Charset: UTF-8 Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ [...] -----END PGP MESSAGE----- ----------------------8<----------[SNIP]---------->8---------------------- Now this thing is indeed quoted-printable; after decoding that, gpg2 --list-packets reveals: :pubkey enc packet: version 3, algo 1, keyid XXXXXXXXXXXXXXXX data: [2048 bits] :pubkey enc packet: version 3, algo 1, keyid 26F7563E73A33BEE data: [2044 bits] :encrypted data packet: length: unknown mdc_method: 2 gpg: encrypted with 2048-bit RSA key, ID XXXXXXXX, created XXXX-XX-XX "[...]" gpg: encrypted with 2048-bit RSA key, ID 73A33BEE, created 2009-11-12 "Peter Lebbing <[email protected]>" :compressed packet: algo=2 :onepass_sig packet: keyid 969E018FDE6CDCA1 version 3, sigclass 0x01, digest 2, pubkey 1, last=1 :literal data packet: mode t (74), created 1376391639, name="", raw data: unknown length This is the message that should have been sent, as far as I can see. It has the proper recipients and is signed by the correct key. I'm willing to do some more tests and somehow enable debugging output, but my amount of time is limited (as I'm sure is yours, but you know what I mean). So, the usual bug report context info: OS: Debian GNU/Linux jessie/testing x86_4 Mailer: Icedove, Debian package version 17.0.9-2 Enigmail: Debian package version 2:1.6-4 Desktop environment: XFCE 4.10 GnuPG: Debian package version 1.4.15-1.1 Although I should note I might have updated those packages since writing the doubly-encrypted message. gpg.conf: ----------------------8<----------[SNIP]---------->8---------------------- default-key 8FA94E79AD6AB56EE38CE5CBAC46EFE6DE500B3E keyserver hkp://pool.sks-keyservers.net/ use-agent list-options show-uid-validity verify-options show-uid-validity ask-cert-level ----------------------8<----------[SNIP]---------->8---------------------- I think these are the relevant prefs.js: ----------------------8<----------[SNIP]---------->8---------------------- user_pref("extensions.enigmail.advancedUser", true); user_pref("extensions.enigmail.alwaysTrustSend", false); user_pref("extensions.enigmail.composeHtmlAlertCount", 2); user_pref("extensions.enigmail.configuredVersion", "1.6"); user_pref("extensions.enigmail.displaySignWarn", false); user_pref("extensions.enigmail.encryptAttachments", 2); user_pref("extensions.enigmail.keyManShowAllKeys", true); user_pref("extensions.enigmail.maxIdleMinutes", 0); user_pref("extensions.enigmail.noPassphrase", true); user_pref("extensions.enigmail.saveEncrypted", 1); user_pref("extensions.enigmail.useGpgAgent", true); user_pref("mail.identity.id4.attachPgpKey", false); user_pref("mail.identity.id4.defaultEncryptionPolicy", 0); user_pref("mail.identity.id4.enablePgp", true); user_pref("mail.identity.id4.encryptionpolicy", 0); user_pref("mail.identity.id4.openPgpHeaderMode", 17); user_pref("mail.identity.id4.openPgpUrlName", "http://digitalbrains.com/2012/openpgp-key-peter";); user_pref("mail.identity.id4.pgpKeyMode", 1); user_pref("mail.identity.id4.pgpMimeMode", false); user_pref("mail.identity.id4.pgpSignEncrypted", false); user_pref("mail.identity.id4.pgpSignPlain", false); user_pref("mail.identity.id4.pgpkeyId", "0x8FA94E79AD6AB56EE38CE5CBAC46EFE6DE500B3E"); user_pref("mail.identity.id4.sign_mail", false); ----------------------8<----------[SNIP]---------->8---------------------- HTH, Peter. [1] http://lists.gnupg.org/pipermail/gnupg-users/2013-December/048376.html [2] http://lists.gnupg.org/pipermail/gnupg-users/2013-December/048375.html [3] I do sometimes notice that the text is reflowed, ending a line at a different word, but still producing a normally reflowed message. I should probably note I always only write plain text mails (though possibly with Unicode), and never ever HTML mails. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter> _______________________________________________ enigmail-users mailing list [email protected] https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
