Bug 91697

Summary: kontact/kmail does not encrypt correctly with gpg when a BCC: is set
Product: [Unmaintained] kmail Reporter: David Guembel <david.guembel>
Component: encryptionAssignee: kdepim bugs <kdepim-bugs>
Status: RESOLVED DUPLICATE    
Severity: major    
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Gentoo Packages   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description David Guembel 2004-10-19 18:06:31 UTC 
Version:            (using KDE KDE 3.3.1)
Installed from:    Gentoo Packages
Compiler:          gcc (GCC) 3.3.4 20040623 (Gentoo Linux 3.3.4-r1, ssp-3.3.2-2, pie-8.7.6) 
OS:                Linux

Using gnupg (gpgme) and kontact of kde-3.3.1, messages are not encrypted correctly when I set a BCC to myself. Example:

Message with
From: David 
To: Alice 
BCC: David

..should be encrypted with the keys of both Alice and David, but only gets encrypted with David's key. Sending the same message with
From: David
To: Alice
CC: David

..and no BCC: works prefectly. Please note that the correct key-IDs are shown to me by kontact before sending (i.e. the Keys of David and Alice), but obviously only David's is used.

This leads to the sending of messages that are unwantedly not readable by the recipient (To:), but only by the sender, which can be pretty disturbing ;)

I have tried this with both gnupg 1.2.6 and the software versions described in [1], no difference. This behaviour appeared after the upgrade from kde 3.3.0 to 3.3.1; it was not present before. (I also updated gpg from 1.2.4 to 1.2.6, but I don't believe this is the cause).

If any other information or tests are desired, I shall be happy to provide them. 

[1] http://kmail.kde.org/kmail-pgpmime-howto.html
Comment 1 M.J.Harwood 2004-10-20 21:13:24 UTC 
> From: David, To: Alice, BCC: David 
> ..should be encrypted with the keys of both Alice and David, but only gets
> encrypted with David's key.

That's correct. The point of BCC is that the recipients in To: and CC: do not know that the recipients in BCC are receiving the message. Having the email encrypted to the BCC recipients would defeat this. Kmail 1.6.1 solves this by sending seperately encrypted copies to the BCC recipients. (So in the above example, Alice would get the mail just encrypted to Alice and David would get the mail encrypted to Alice and David). Is it different in kontact/newer kmail?
Comment 2 David Guembel 2004-10-21 18:19:57 UTC 
Yes, I know about the problem of unwanted revealing of BCC recipients to others, and I have seen that KMail/kontact sends two messages. This worked perfectly until kde 3.3.0, but with 3.3.1, the message that arrives at the remote destination on the To: (i.e. Alice in the above example) is not encrypted with Alice's key at all, but only with David's. This can't be correct behavior ;)
Comment 3 Till Adam 2004-10-23 19:25:07 UTC 
I think this is rather major.
Comment 4 Ingo Klöcker 2004-10-30 23:35:04 UTC 
I can't reproduce the problem as it's described in the bug report. Therefore I think this bug is in fact a duplicate of bug 92412. If that's not the case then we need an exact description how to reproduce the problem (including a key for Alice which we can use for testing).
Comment 5 David Guembel 2004-10-30 23:53:29 UTC 
Thanks for your comment and for your work! I shall look into this and keep you posted. In the meantime, would it be possible that you generate a patch against the kdepim-3.3.1 tarball, so I can test if that patch makes the problem definetly go away?
Comment 6 David Guembel 2004-10-31 14:33:13 UTC 
OK, it seems there was a misunderstanding between me and the recipient of the messages of the type explained above I sent. So very probably, this is really a duplicate of bug 92412, as my recipient recieves empty messages for which he is required to enter his passphrase in order to view them.

Belase note, however, that the messages (of the type specified in this report) I sent to him were also signed, but arrived encrypted (and empty) but unsigned with him.

I would be happy to test the patch you submitted to CVS if you made a version of it against latest kdepim source tarball (3.3.1), and if that fixes the problem, I personally think this report can be closed.
Comment 7 Till Adam 2004-12-14 09:06:20 UTC 

*** This bug has been marked as a duplicate of 92412 ***