Bug 335117 - Information leak when using GPG on Bcc recipients
Summary: Information leak when using GPG on Bcc recipients
Status: RESOLVED WORKSFORME
Alias: None
Product: kmail2
Classification: Applications
Component: crypto (show other bugs)
Version: 5.2.3
Platform: Debian unstable Linux
: NOR normal
Target Milestone: ---
Assignee: kdepim bugs
URL:
Keywords: triaged
Depends on:
Blocks:
 
Reported: 2014-05-21 07:57 UTC by Dominik George
Modified: 2018-10-29 02:24 UTC (History)
2 users (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Dominik George 2014-05-21 07:57:03 UTC
When sending e-mail to several recipients, of which some are Bcc with the intention to hide them from the other recipients, using GPG leaks information about those because the used encryption keys are visible on the encrypted message.

GPG has a -R option that hides the used encryption key, and this method is most likely also exposed through whatever KMail uses to run GPG. It should be used for all Bcc recipients in order to not disclose their existence!

Reproducible: Always
Comment 1 Dominik George 2014-05-21 08:06:22 UTC
Tracked in Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=748835
Comment 2 Denis Kurz 2016-09-24 18:14:51 UTC
This bug has only been reported for versions before 4.14, which have been unsupported for at least two years now. Can anyone tell if this bug still present?

If noone confirms this bug for a Framework-based version of kmail2 (version 5.0 or later, as part of KDE Applications 15.12 or later), it gets closed in about three months.
Comment 3 Dominik George 2016-09-24 18:21:06 UTC
I jsut tested with 5.2.3, and it still has the bug.
Comment 4 Denis Kurz 2016-09-25 11:50:44 UTC
Thanks for your feedback, Dominik.
Comment 5 Sandro Knauß 2018-01-23 10:48:35 UTC
At least for me, I can't reproduce it with 17.08.3, but it is fixed for longer.

I used BCC from time to time and I can see in send folder, that Kmail created different mails. One encrypted for all shown recipients and additinal ones for each BCC recipient. I also analyzed the two encrypted mails with gpg cmd line, that the BCC key is not leaked in the mail.

$ gpg /tmp/msg-normal.asc 
gpg: WARNING: no command supplied.  Trying to guess what you mean ...
gpg: encrypted with 4096-bit ELG key, ID 0xXXXX, created 2010-06-29
      "recipient 1"
gpg: encrypted with 2048-bit ELG key, ID 0xXXXX, created 2015-07-04
      "recipient 2"
gpg: encrypted with 4096-bit RSA key, ID 0xXXXX, created 2017-07-13
      "sender"

$ gpg /tmp/msg-bcc.asc
gpg: WARNING: no command supplied.  Trying to guess what you mean ...
gpg: encrypted with 4096-bit RSA key, ID 0xXXXX, created 2017-07-13
      "sender"
gpg: encrypted with 4096-bit ELG key, ID 0xXXXX, created 2016-07-01
      "BCC recipient"
Comment 6 Sandro Knauß 2018-01-23 10:49:09 UTC
Forget to mention, that I use Debian unstable, too.
Comment 7 Dominik George 2018-01-23 21:55:44 UTC
Umm…

> At least for me, I can't reproduce it with 17.08.3, but it is fixed for longer.

> gpg: encrypted with 4096-bit ELG key, ID 0xXXXX, created 2016-07-01
>       "BCC recipient"

I really don't know what to say, but you just reproduced the bug and pasted a proof of it, claiming you didn't…
Comment 8 Sandro Knauß 2018-01-24 10:43:36 UTC
Well no:

See the way Kmail solves this problem of not leaking hidden information is different than eg Thunderbird does. Instead of sending one mail to everyone, as is normally done in Thunderbrd, KMail sends different mails to different recipients. One mail is encrypted for the "normal recipients (To + CC)" and sent only to them. And then, for each BCC recipient, one individual mail is created and sent, all of which are only encrypted for one single BCC recipient. So the BCC recipients DO NOT see the other keys and more importantly, the normal recipients DO NOT see the keys of the BCC recipients, as this information is sent in multiple (depending on the number of recipients and if they are To, CC or BCC) individual mails. I don't see any leakage of keys here.

The hidden feature of gpg would be needed if KMail were to send only one mail to all recipients. But the way KMail solves this issue (as described above), this hidden feature is not needed. And additionally also with the -R feature the "normal recipients" would see: 'okay the mail was encrypted for additional keys' (but without knowing what these keys are).
Since KMail sends two types of mail, independent of each other, no information leakage is possible. And not even the information that there are BCC recipients (ie, that there are two types of mail sent), is leaked.
Comment 9 Christoph Feck 2018-02-15 01:32:53 UTC
Sandro, could you clarify which information is needed to resolve this ticket?
Comment 10 Sandro Knauß 2018-02-15 21:14:42 UTC
In my opinion there is no information leakage, that's why I would close this bug as Resolved/Invalid. But I really want to be sure (as this topic is important to me), that there is no information leakage, that's why I want to keep this bug report open to give the reporter time to give more details, how he thinks this information is leaked.

The information I need is a mail encrypted for keys where I have access to their private keys, that shows me the information leakage or a description how the reporter found out that there is information leakage, as I can't reproduce this.
Comment 11 Andrew Crouthamel 2018-09-28 03:28:53 UTC
Dear Bug Submitter,

This bug has been in NEEDSINFO status with no change for at least 15 days. Please provide the requested information as soon as possible and set the bug status as REPORTED. Due to regular bug tracker maintenance, if the bug is still in NEEDSINFO status with no change in 30 days, the bug will be closed as RESOLVED > WORKSFORME due to lack of needed information.

For more information about our bug triaging procedures please read the wiki located here: https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging

If you have already provided the requested information, please set the bug status as REPORTED so that the KDE team knows that the bug is ready to be confirmed.

Thank you for helping us make KDE software even better for everyone!
Comment 12 Andrew Crouthamel 2018-10-29 02:24:25 UTC
Dear Bug Submitter,

This bug has been in NEEDSINFO status with no change for at least 30 days. The bug is now closed as RESOLVED > WORKSFORME due to lack of needed information.

For more information about our bug triaging procedures please read the wiki located here: https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging

Thank you for helping us make KDE software even better for everyone!