Bug 327549

Summary: KMail2 shows PGP/MIME encrypted.asc from Thunderbird/Enigmail as regular attachment
Product: [Applications] kmail2 Reporter: Till Schäfer <till2.schaefer>
Component: cryptoAssignee: kdepim bugs <kdepim-bugs>
Status: RESOLVED FIXED    
Severity: normal CC: sknauss
Priority: NOR    
Version: 4.12.3   
Target Milestone: ---   
Platform: Gentoo Packages   
OS: Linux   
URL: https://sourceforge.net/p/enigmail/bugs/206/
Latest Commit: Version Fixed In: 4.12.5
Attachments: PGP/MIME encrypted and signed mail composed with kmail
PGP/MIME encrypted and signed mail composed with thunderbird
decrypted and modified message composed by kmail
decrypted and modified message composed by thunderbird
message structure kmail
message structure thunderbird

Description Till Schäfer 2013-11-13 10:42:11 UTC
Mails from Thunderbird/Enigmail which are encrypted using PGP/MIME show  the signature as regular attachment (signature.asc). However, the signature is still validated correctly. When sending a mail from KMail2 to KMail2 this attachment is hidden.  Hiding is necessary, because it interferes with the filtering for mails with real attachments .

This bug also appears in Thunderbird when sending a mail from KMail2. Therefore, i provide an URL to the Enigmail bug tracker.


Reproducible: Always
Comment 1 Till Schäfer 2013-11-13 10:46:35 UTC
Created attachment 83545 [details]
PGP/MIME encrypted and signed mail composed with kmail
Comment 2 Till Schäfer 2013-11-13 10:47:05 UTC
Created attachment 83546 [details]
PGP/MIME encrypted and signed mail composed with thunderbird
Comment 3 Till Schäfer 2013-11-13 10:48:48 UTC
I forgot to mention that the bug only occurs, if the message is signed AND encrypted. 

I also attached sample Mails from Thunderbird and KMail. However, the content is encrypted and therefore i do not know if they are usable as example for you.
Comment 4 Till Schäfer 2013-11-13 10:50:05 UTC
Versions
Thunderbird:17.0.9
Enigmail: 1.6
Comment 5 Sandro Knauß 2014-03-28 17:41:51 UTC
Can you upload the decrypted part of the message?
'cause the signature is inside the crypted part.
Comment 6 Till Schäfer 2014-03-28 18:49:56 UTC
hi 
here are the decrypted files. i modified some content to not be able to calculate my private key out of this pairs (i am not sure if this is really a problem otherwise). The modified line do only contain content and no mail header informations

i do not see the signature in the decrypted mail composed with thunderbird. if there is missing some information, please provide me with additional information about how to extract them. i just pasted the encrypted.asc part to my gpg application. 

i also attached a screen shot with the message structure for both mails.
Comment 7 Till Schäfer 2014-03-28 18:50:37 UTC
Created attachment 85815 [details]
decrypted and modified message composed by kmail
Comment 8 Till Schäfer 2014-03-28 18:51:05 UTC
Created attachment 85816 [details]
decrypted and modified message composed by thunderbird
Comment 9 Till Schäfer 2014-03-28 18:53:44 UTC
Created attachment 85817 [details]
message structure kmail
Comment 10 Till Schäfer 2014-03-28 18:54:05 UTC
Created attachment 85818 [details]
message structure thunderbird
Comment 11 Sandro Knauß 2014-03-29 10:40:47 UTC
For me it looks that the mail from thunderbird you encrypted uses no detatched signature. Only a detached signature is stored in the .asc file. The problem is, that gpg at the cmd line automatically verifies an inline signature, when decrypting, that's why you don't see any attachments.

Can thunderbird create a detached signature, when using encrytion as well?
Comment 12 Till Schäfer 2014-03-29 11:51:46 UTC
i did not find any option to create a detached signature, while encrypting. 

does it help if i send you a e-mail with your own key?
Comment 13 Sandro Knauß 2014-03-29 11:54:40 UTC
try it. You find my key at keyservers: 0x7703b4e4
Comment 14 Till Schäfer 2014-03-29 11:56:16 UTC
done
Comment 15 Sandro Knauß 2014-03-29 12:03:03 UTC
thx. Ah okay you are talking about the encrypted.asc and not the signature.asc.
That is the complete encrypted message and not the signature.

can reproduce it in 4.13.rc.
Comment 16 Till Schäfer 2014-03-29 12:35:43 UTC
ups, sorry for that mistake
Comment 17 Sandro Knauß 2014-03-31 08:39:03 UTC
Git commit 3bfebc9b5ad63682944e4888ffafa0f9f77732e0 by Sandro Knauß.
Committed on 29/03/2014 at 19:56.
Pushed by knauss into branch 'KDE/4.12'.

Fix 327549 hide encrypted.asc from Thunderbird encrypted messages.

simply thunderbird names the attachment, that is actually the encrypted
message filename=encrypted.asc; kmail names it msg.asc.
FIXED-IN: 4.12.5
REVIEW: 117163

M  +2    -0    messagecore/tests/stringutiltest.cpp
M  +2    -1    messagecore/utils/stringutil.cpp

http://commits.kde.org/kdepim/3bfebc9b5ad63682944e4888ffafa0f9f77732e0