Bug 343795

Summary: Accessing S/MIME encrypted attachments fails
Product: [Applications] kmail2 Reporter: Claus Christmann <hcc>
Component: cryptoAssignee: kdepim bugs <kdepim-bugs>
Status: RESOLVED FIXED    
Severity: normal CC: aheinecke, dennis.schridde, ichrispa, kdespam, sknauss
Priority: NOR    
Version: 4.14.4   
Target Milestone: ---   
Platform: openSUSE   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:
Attachments: Screenshot of the manually decrypted message

Description Claus Christmann 2015-02-04 22:25:42 UTC
I received a presumably signed and encrypted S/MIME mail. I have the corresponding private keys and kmail decrypts the mail correctly, i.e. I can see the message body and I get those green and blue frames indicating the signed and the encrypted parts. So far, so good.

The problem is that I cannot get access to a PDF that is attached to the mail. kmail doesn't show the attachment icons in the "fancy header" section, but it shows a PDF icon in the mail body. 
The mail is a HTML mail that also has some plain text. In the HTML version there is an embedded JPEG in the signature section of the email (not the crypto signature, but the name,address,stuff part at the bottom...) When I toggle to the HTML view I can see that image -- but I still cannot get to the PDF, all I see is the same PDF icon. Hovering over either the icons in the mail's body gives a notification at the bottom of the window of "attachment:0,1.2?place=body" for the image and "attachment:0,2?place=body" for the PDF. I cannot save any of them.

Reproducible: Always

Steps to Reproduce:
With some help from #kontact I tried to expose the message structure. Here is how far we got:

1) Saving the message as plain text: opening the mail in kmail, then selecting "View Source" and saving the result (see [1] below for the header data)
2) We tried saving the crypto portion of that text file and decode it by hand on the CLI. That failed. 
3) Using the "Message Structure View" we used the "Save as" function of kmail to save the crypto portion of the message as "smime.p7m"
4) I used kleopatra ("File"->"Decrypt/Verify Files...") to decrypt "smime.p7m". The readable portion of the resulting "smime" file is below as [2]
5) I renamed "smime" to "smime.mbox" as then I could open the file with kmail again


Actual Results:  
After all that I see a message window with an empty "fancy header" section, but with two entries in the attachment section is shown. (one for the PDF, one for the footer image). Hovering over either the icons in the "fancy header" section or within mail's body gives a notification at the bottom of the window of "Attachment: <file name>" I can now save both attachments.

Note that the window showing me the email still doesn't show a proper message structure, it still only shows one line: "smime.p7m | application/x-pkcs7-mime | <size>". Clicking "View source" in the window where I can read the email's content shows me the same data as in "smime.p7m", given below as [2]

Expected Results:  
I would have expected to directly get access to the encrypted attachments.

[1] Plain text email (via "View Sources"). [I obfuscated the sender1]
===========================================================

Return-Path: alice@mail.com
Received: from orion.efm.de (LHLO orion.efm.de) (195.190.148.230) by
 orion.efm.de with LMTP; Wed, 4 Feb 2015 17:32:10 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
	by orion.efm.de (Postfix) with ESMTP id 476F71D41DC6
	for <claus@dadac0.de>; Wed,  4 Feb 2015 17:32:10 +0100 (CET)
X-Virus-Scanned: amavisd-new at orion.efm.de
Received: from orion.efm.de ([127.0.0.1])
	by localhost (orion.efm.de [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id MlvzbLSEneSE for <claus@dadac0.de>;
	Wed,  4 Feb 2015 17:32:10 +0100 (CET)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.21])
	by orion.efm.de (Postfix) with ESMTPS id C53331D41DD0
	for <claus@dadac0.de>; Wed,  4 Feb 2015 17:32:09 +0100 (CET)
Received: from Vostro ([1.2.3.4]) by mail.mail.com (mrmail103) with ESMTPSA
 (Nemesis) id 0LlDx4-1XkXb947ZG-00b79A for <claus@dadac0.de>; Wed, 04 Feb 2015
 17:32:09 +0100
From: "Alice" <alice@mail.com>
To: "Claus Christmann" <claus@dadac0.de>
Subject: Geers Untersuchung
Date: Wed, 4 Feb 2015 17:31:54 +0100
Message-ID: <010d01d04098$191a6030$4b4f2090$@alice@mail.com>
MIME-Version: 1.0
Content-Type: application/x-pkcs7-mime;
	smime-type=enveloped-data;
	name="smime.p7m"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
	filename="smime.p7m"
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: AdBAmBSSVuB81tObTyCX651GkhZL6Q==
Content-Language: de
X-Provags-ID:  V03:K0:tSEZiGLOjjkpLmggxyda02SDl8+OWclfAAHKdsmIYVmIrAeg9Zf
 EaEUyhsgW0C2Je6bL0qdSjRToWjZqFxtCEf1TlsH+dxAnaHAIqrz+PDfRTU3gLRCFJsXMok
 Mm+mRrYaFqGNTx7mjevtPu5RZqbtepIuAFs4Ak/TlV29CjhUzopMqnWhzfDs8zbFIUX7sny
 luXr9FXpZL46Ffwv+MDXw==
X-UI-Out-Filterresults: notjunk:1;
X-GBUdb-Analysis:  0, 212.227.17.21, Ugly c=0.434822 p=-0.588235 Source Normal
X-MessageSniffer-Scan-Result:  0
X-MessageSniffer-Rules: 
 	0-0-0-32767-c

[only crypto text below]



[2]: Readable header section of the decrypted attachment:
================================================

Content-Type: application/x-pkcs7-mime; name=smime.p7m; smime-type=signed-data
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename=smime.p7m

[only crypto text below]
Comment 1 Claus Christmann 2015-02-04 22:29:18 UTC
Created attachment 90917 [details]
Screenshot of the manually decrypted message

Note how the message structure section at the bottom still only shows a single line.
Also, it appears that the white background indicating the PDF attachment in the fancy header section also encloses the yellowish background for the PNG image. 
There also is a yellow box around the PDF icon section within the green shaded area signifying the signed parts of the message.
Comment 2 Claus Christmann 2015-02-23 14:27:17 UTC
I have received some more emails from "Alice", all signed and encrypted and all with the same problem. A cause of the problem seems to be that Alice is sending HTML emails with embedded attachments (i.e. simply dragging and dropping attachments into the HTML mail composer part of MS Outlook). As long as Alice is sending mail with only embedded pictures, I can change from the plain text view to the HTML view and I will see those pictures (and can save them via the context menu). For attachments that won't be displayed, e.g. PDFs, that obviously doesn't work...
Comment 3 kdespam 2015-03-27 13:18:59 UTC
I can confirm this.
Version 4.14.2, Ubuntu 14.10

Some additional info:
* If I save the smime.p7m attachment in kmail I will get garbage that cannot be decrypted.
* If I save the whole email and manually base64-decode the attachment, everything is fine and can be decrypted (kleopatra or gpgsm, bot work fine).
* Opening the decrypted message will then allow me to open/save the attachment properly

I dug deeper and found more (possibly unrelated):
* The decrypted mail looked fine but was malformed (but this was the sender's fault, because the signature was valid!), and could only be decoded with "base64 -d --ignore-garbage"
* The decoded mail also contained garbage due to the malformed input but was readable.

As far as I can remember I only received mails that triggered that bug from Outlook users, so this may be a hint.
Comment 4 Chris 2016-01-09 16:19:53 UTC
I can confirm this bug /w OpenSUSE 42.1, KMail 4.14.10

The error appears to be only caused by SMIME encrypted Mail sent with MS Outlook. The mail body contains a link to "attachement:x:y.z?place=body" for each attachement, with correct names being shown, but clicking them or using "save attachements" has no effect. The later shows a "No attachements found" message.

A workaround is to save the message's source, then run
$ openssl smime -decrypt -in mail.raw -inkey path/to/my/crtkey.pem > mail.decr
removing any mail headers, then run
$ base64 -d --ignore-garbage mail.decr > mail.d64
as suggested. Split the Mail's attachement out manually using
$ csplit --prefix mail.d64_part mail.d64 '/------=_NextPart_/' '{*}'
and then decoding individual attachements by removing the header and subsequently running
$ base64 -d --ignore-garbage mail.d64_partXY > attachment.name

Some base64 attachements do contain non-ASCII sequences, which is clearly a bug on the sender side, not KDE (maybe these can be "cleaned" by KMail prior to decoding?).
Comment 5 Andre Heinecke 2016-07-07 09:51:21 UTC
I believe that this was fixed with https://phabricator.kde.org/D1964.

I've only tested it with a backport of that fix to 4.14 (vendor/intevation) branch but it addressed exactly the problem that attachments to encrypted / signed S/MIME opaque (as outlook send) mails could not be opened. (And some other attachments to crypto mails like forwarded PGP/MIME mails)
Now this works reliably.

Please reopen if it still happens with the version that will be released with KDE/Applications-16.08