Bug 314930

Summary: When Kmail finds encryption keys to use and I select, "Encrypt" it fails to encrypt the message with my key
Product: [Applications] kmail2 Reporter: Jessie A. Morris <jessie>
Component: composerAssignee: kdepim bugs <kdepim-bugs>
Status: RESOLVED FIXED    
Severity: normal CC: aeris, axel.braun, diego.ml, qqqqqqqqq9, quazgar, Wolfgang_Mader
Priority: NOR    
Version: 4.10.2   
Target Milestone: ---   
Platform: Ubuntu   
OS: Linux   
Latest Commit: Version Fixed In: 4.11.4
Sentry Crash Report:

Description Jessie A. Morris 2013-02-11 20:01:11 UTC
I compose an email that is being sent to a friend whose key I have. I do not select Sign or Encrypt selected when I send my email. I then click Send and a dialog pops up asking me:

"Valid trusted encryption keys were found for all recipients.
Encrypt this message?"

I then select Encrypt. Next pops up the Encryption Key Approval dialog box. It shows only my recipients key. I select "Okay" and then a missing key warning box comes up saying,:

"You did not select an encryption key for yourself (encrypt to self). You will not be able to decrypt your own message if you encrypt it."

Selecting Encrypt sends the message, and then stores the message in my Sent Folder unencrypted.

If I select the encrypt option before sending it, everything works as expected.

Reproducible: Always
Comment 1 Wolfgang Mader 2013-04-24 08:27:49 UTC
I can confirm this.

I even set an encryption key for myself in the addressbook, but I do not know if this is the place KMail expects to find this information.
Comment 2 quazgar 2013-06-03 21:05:27 UTC
I can confirm this for a very similar case, in which I am also being asked if I want to encrypt:

Examination of the recipient's encryption preferences yielded that you be asked whether or not to encrypt this message.
Encrypt this message?

The same problem (not encrypting to self, mail is stored unencrypted in the sent-mail folder) follows.
Comment 3 Jessie A. Morris 2013-06-03 21:09:20 UTC
Since this is causing messages I send to either not be signed by me, stored on my drive unencrypted, or not being able to unencrypt the messages, I think that this is a pretty severe bug. This could cause data loss or a security leak!
Comment 4 quazgar 2013-06-03 21:22:00 UTC
(In reply to comment #3)
> Since this is causing messages I send to either not be signed by me, stored
> on my drive unencrypted, or not being able to unencrypt the messages, I
> think that this is a pretty severe bug. This could cause data loss or a
> security leak!
Well, it warns about the behaviour, and it is easy to circumvent by cancelling the operation and manually selecting to encrypt the message. So IMHO we have a low probablity but potentially high impact here...
Comment 5 qqqqqqqqq9 2013-07-25 15:09:08 UTC
This is probably related to the following behaviour:

1. Create an email to an email address with no key assigned
2. select encrypt and sign from Options Menu
3. Click send
-> Error message: There are conflicting encryption preferences for these recipients. Encrypt this message?

4. Click Do Not Encrypt
-> Error message: Could not compose message: No key data for recipients found. (Twice)

5. Deselect Encrypt in the Options menu
6. Save as Draft

The message now suddenly has two recipients, the original one is duplicated
Comment 6 qqqqqqqqq9 2013-07-25 15:10:02 UTC
I use kdepim 4.10.95
Comment 7 quazgar 2013-07-25 17:48:02 UTC
(In reply to comment #6)
> I use kdepim 4.10.95

I can reproduce this with 4.10.4 already, although I am not sure about how related these bugs are.
Comment 8 aeris 2013-11-10 17:52:55 UTC
This bug is more serious than you think.

After the warning because you have not select a key to encrypt for yourself, if you click on « Encrypt », the message is stored unencryted into KMail folder, but it is also send unencrypted !
Confirm with my recipient, the mail is not received encrypted.
This is a serious security issue because you send clear email when you think you send cyphered email.

The only way to really encrypt the email is to check « Encrypt Message » on the compose window.
All other automatic ways send clear message even KMail seems saying the opposite to you.

(Test on KDE PIM 4.11.2)
Comment 9 Sandro Knauß 2013-11-20 11:49:24 UTC
Git commit 43a2693ed9c65a919aeff93caacc878e8d9fe504 by Sandro Knauß.
Committed on 20/11/2013 at 02:17.
Pushed by knauss into branch 'KDE/4.11'.

Fixes: 314930 - Respect the Encryption Key Approval dialog

The answer of the Encryption Key Approval dialog should be used.
otherwise it is useless to ask, whether to encrypt or not.
FIXED-IN: 4.11.4
REVIEW: 113959

M  +12   -2    messagecomposer/composer/composerviewbase.cpp

http://commits.kde.org/kdepim/43a2693ed9c65a919aeff93caacc878e8d9fe504
Comment 10 Sandro Knauß 2013-11-20 12:00:04 UTC
*** Bug 324204 has been marked as a duplicate of this bug. ***