[BUG] Decryption fails if message was signed with an unknown key

Simon Hirscher public at simonhirscher.de
Mon Sep 23 16:23:32 PDT 2013


Hi Daniel,

First of all, sorry for the delay – I had locked myself out from
everything digital to study for my exams.

On Thu, Sep 5, 2013 at 5:03 PM, Daniel Kahn Gillmor
<dkg at fifthhorseman.net> wrote:
> I just tried to replicate this, and i do not see this misbehavior.  I'm
> using notmuch 0.16-1 on a debian testing/unstable system.

I'm using notmuch 0.15.2 on Ubuntu 12.04. Maybe the bug got fixed
somehow in the meantime? If you really can't reproduce the bug (see
below) I will build the newest version from source (as well as send
you the output of notmuch show --format=raw id:xyz at example.com |
devel/printmimestructure).

>  A) how does it know that there was a signature if the message was
> encrypted?  normal PGP/MIME messages contain a single OpenPGP chunk that
> contains signatures wrapped inside the encryption, so that an observer
> can't tell whether there is a signature or not (or who made the signature)

That's a good question. I suppose that although GnuPG successfully
decrypts the message, notmuch somehow discards the decrypted content
because the signature verification failed. As I said: GnuPG is
perfectly able to decrypt the message if I do it manually.

>  B) the date of the message is the unix epoch date (1970-01-01), and the
> date of the signature appears to be the unix epoch date as well.  this
> seems suspicious and likely to be false.  how are these messages being
> generated?

I'm sorry, that was just me being ultra paranoid. :)

>  C) you appear to be using gnupg 2.0.17.  the latest version of the
> 2.0.x line of gpg is 2.0.21.  maybe you can upgrade your gpg
> installation and try again?

>  D) you have the mingw32 version of gpg.  Does this mean you're running
> notmuch on windows?

No, as far as I can see this was the sender's GPG version. I'm using
GnuPG 1.4.11 on Ubuntu.

>  E) i'd be curious to see what printmimestructure looks like on the
> message in question.  if you've got a decent shell and the notmuch
> source code, you should be able to do:
>
> […]
>
> if you can clarify any of the above, i'd appreciate it.
>
> Also, if you can, you're welcome to send a signed/encrypted message
> using the same framework that generated the problematic message directly
> to me (my OpenPGP fingerprint is
> 0EE5BE979282D80B9F7540F1CCD2ED94D21739E9), and i'd be happy to take a
> look at it.

Well, so far the problematic messages have always come from my
contacts, i.e. I didn't generate them myself. But I just tried out the
following in order to reproduce the bug: I created a fresh dummy key
pair, sent a signed and encrypted email (via Emacs'
mml-secure-message-sign-encrypt) in the dummy's name to my regular
email address and checked whether I could open that email. Of course I
could – because I had both, the recipient's private key (for
decryption) and the sender's public key (for signature verification).
Then I removed the dummy key pair from my key ring – and voilà:
notmuch failed at decrypting the message (or at least told me there
was a decryption error, as described in my previous mail).

Now, in order for you to test that behavior I'm going to send you a
signed and encrypted message because that should exactly reproduce the
bug, as long as you don't import my key (id EBACABE5 /
http://simonhirscher.de/public_key.asc) for signature verification.

Best,

Simon


More information about the notmuch mailing list