I compose an email that is being sent to a friend whose key I have. I do not select Sign or Encrypt selected when I send my email. I then click Send and a dialog pops up asking me:
"Valid trusted encryption keys were found for all recipients.
Encrypt this message?"
I then select Encrypt. Next pops up the Encryption Key Approval dialog box. It shows only my recipients key. I select "Okay" and then a missing key warning box comes up saying,:
"You did not select an encryption key for yourself (encrypt to self). You will not be able to decrypt your own message if you encrypt it."
Selecting Encrypt sends the message, and then stores the message in my Sent Folder unencrypted.
If I select the encrypt option before sending it, everything works as expected.
I can confirm this.
I even set an encryption key for myself in the addressbook, but I do not know if this is the place KMail expects to find this information.
I can confirm this for a very similar case, in which I am also being asked if I want to encrypt:
Examination of the recipient's encryption preferences yielded that you be asked whether or not to encrypt this message.
Encrypt this message?
The same problem (not encrypting to self, mail is stored unencrypted in the sent-mail folder) follows.
Since this is causing messages I send to either not be signed by me, stored on my drive unencrypted, or not being able to unencrypt the messages, I think that this is a pretty severe bug. This could cause data loss or a security leak!
(In reply to comment #3)
> Since this is causing messages I send to either not be signed by me, stored
> on my drive unencrypted, or not being able to unencrypt the messages, I
> think that this is a pretty severe bug. This could cause data loss or a
> security leak!
Well, it warns about the behaviour, and it is easy to circumvent by cancelling the operation and manually selecting to encrypt the message. So IMHO we have a low probablity but potentially high impact here...
This is probably related to the following behaviour:
1. Create an email to an email address with no key assigned
2. select encrypt and sign from Options Menu
3. Click send
-> Error message: There are conflicting encryption preferences for these recipients. Encrypt this message?
4. Click Do Not Encrypt
-> Error message: Could not compose message: No key data for recipients found. (Twice)
5. Deselect Encrypt in the Options menu
6. Save as Draft
The message now suddenly has two recipients, the original one is duplicated
I use kdepim 4.10.95
(In reply to comment #6)
> I use kdepim 4.10.95
I can reproduce this with 4.10.4 already, although I am not sure about how related these bugs are.
This bug is more serious than you think.
After the warning because you have not select a key to encrypt for yourself, if you click on « Encrypt », the message is stored unencryted into KMail folder, but it is also send unencrypted !
Confirm with my recipient, the mail is not received encrypted.
This is a serious security issue because you send clear email when you think you send cyphered email.
The only way to really encrypt the email is to check « Encrypt Message » on the compose window.
All other automatic ways send clear message even KMail seems saying the opposite to you.
(Test on KDE PIM 4.11.2)
Git commit 43a2693ed9c65a919aeff93caacc878e8d9fe504 by Sandro Knauß.
Committed on 20/11/2013 at 02:17.
Pushed by knauss into branch 'KDE/4.11'.
Fixes: 314930 - Respect the Encryption Key Approval dialog
The answer of the Encryption Key Approval dialog should be used.
otherwise it is useless to ask, whether to encrypt or not.
M +12 -2 messagecomposer/composer/composerviewbase.cpp
*** Bug 324204 has been marked as a duplicate of this bug. ***