Re: [Patch] fix broken decryption of s/mime messages loaded from imap



Hello Albrecht:

See the inserted text below.
--
Best regards,

John Jack Doe

On 28 Feb 2019 20:39:04, Albrecht Dreß wrote:
Hi John Jack Doe:

Am 28.02.19 10:44 schrieb(en) JohnJackDoe tele2 de:
I am retired and use Balsa for my private email communication as well as for my part-time job. For the part-time job I have to retrieve GnuPG/MIME encrypted mail from an IMAP account. These mails I can't decrypt because Balsa reports always 'Balsa decryption failed: GPME: decryption failed: Decryption failed'. In order to check this I sent an encrypted email to myself and retrieved it from the IMAP account - decryption failed. Could it be that this is the same failure Albrecht reported?

The issue you are referring to affected S/MIME (GpgME) encrypted messages only, but /not/ GnuPG, neither in MIME nor the old single-part format. However, the error message you cite indicates that it's actually GpgME (not GnuPG) which fails, so I guess the answer might be yes.

If it's really GnuPG which fails I would bet the IMAP server is M$ Exchange - it has (or at least had) issues dealing with GnuPG (PGP in general) encryption and signatures, basically mangling such messages so any MUA (not only Balsa) is unable to decrypt them or to check their signatures.

You won the bet. It's M$ Exchange. I owe you a beer or two.

I did some tests and sent a test message with an attachment and autokey via the M$ Exchange server to myself and to my other private email account. Both were received and decrypted without any problems.

I did some internet search and found no confirmation that M$ Exchange and/or Outlook can handle PGP/MIME iaw RFC 3156. However, I found some information that M$ Exchange is rewriting the content header and thus causing decryption trouble.

I also asked the IT specialist of the company I work for if M$ Exchange and/or Outlook can handle PGP/MIME iaw RFC 3156. He answered that M$ Exchange doesn't care about the content and Out is downloading everything that is offered. For M$ Exchange he might be right. See the headers from my testing below. With Outlook I'm not sure because I received an message that was retrieved with Outlook and resent to myself. And in this message the header was rewritten and the pgp part was base 64 encoded. I will do some more testing.

Here are parts of the header of the email sent with Balsa to the M$ Exchange server:

MIME-Version: 1.0
Content-Type: multipart/encrypted; protocol=\"application/pgp-encrypted\";
\tboundary=\"=-d1XgDxa087HZZkKiP8tD\"

--=-d1XgDxa087HZZkKiP8tD
Content-Type: application/pgp-encrypted
Content-Transfer-Encoding: 7bit

Version: 1

--=-d1XgDxa087HZZkKiP8tD
Content-Type: application/octet-stream
Content-Transfer-Encoding: 7bit

-----BEGIN PGP MESSAGE-----

hQMOAxkymeMHo4wMEAwAubLJk5LlNiskEM6AtUzlUYt5MFXVJjA6+b1iCziRXs1L
dJXzYtkEuhALtfO9BEDRAq3qi5qCnPJFl2PqtU0wp1G1NEKzHDTJ8NEzKtxTAuvj
5tG5L8ZZnYr1VrImRbRXXTMeJYtUV+sbR15F6jTqgtLfidQ2V0v2DFEmig0evKzU
784Dc85PRrkRo73jDa+OanPsr6G8xZvG7vDW2753MndLyRlu3bP/f+OvycIflUsY
hc4QfXS92+RJGQLEXLAOYN3cB44GXQl3qf3hQASG36uqb6TvfY32UlVx8NbXvtey
4fZZ4tU5isAWxMdBT4Sr3bIqombJTNkFjmyTUWT9m5+NdgO7x0nrNg1bfipljsrs
yjjuWVrp1G4yqjFZEHA1ujmUqD816Nyk39rh/qOzbdaLUzD33dnGsu1Zlc9XFASp
Zv1+NZam/HChjUxkfDxQjPMejZv7KqAVaGyEuRsVFdYXwwWyPHdZb7iqgGoIJ9xY
2FE1r8xMntYHZOEnGF/hC/4tg/FvGJ0G/EUuxc4s2K3B6tWR21DDgrfl0ejt+VkB
4OOKpJv7dhj2olXoiAl11KCYZblonnmnd/Cg2J8ypwpFEkhTp+dN5M7q2r2kSADG
MJgr5yurUdS1n7c22zjxhefZbVLuSOU4RWxDa/5X6XaPcVI7adHSUt8u66WtE+YK
xYESpqFE5lFbnlVgSNQLErHbTG1y0MDqdkbGdJbe5W+cPOyrQlHlR4M0m/0vuPpW

Here are parts of the header of the email sent with Balsa to the MS Exchange server and retrieved with Balsa retrieved from the MS Exchange server:

Content-Type: multipart/encrypted; protocol=\"application/pgp-encrypted\";
\tboundary=\"=-d1XgDxa087HZZkKiP8tD\"
Return-Path:
X-MS-Exchange-Organization-AuthSource:
X-MS-Exchange-Organization-AuthAs: Internal
X-MS-Exchange-Organization-AuthMechanism: 00
X-Originating-IP:
X-ClientProxiedBy:
X-MS-Exchange-Organization-Network-Message-Id: 5e90f654-648b-4080-0d84-08d6a07e00d2
X-MS-Exchange-Organization-AVStamp-Enterprise: 1.0

--=-d1XgDxa087HZZkKiP8tD
Content-Type: application/pgp-encrypted
Content-Transfer-Encoding: 7bit

Version: 1

--=-d1XgDxa087HZZkKiP8tD
Content-Type: application/octet-stream
Content-Transfer-Encoding: 7bit

-----BEGIN PGP MESSAGE-----

hQMOAxkymeMHo4wMEAwAubLJk5LlNiskEM6AtUzlUYt5MFXVJjA6+b1iCziRXs1L
dJXzYtkEuhALtfO9BEDRAq3qi5qCnPJFl2PqtU0wp1G1NEKzHDTJ8NEzKtxTAuvj
5tG5L8ZZnYr1VrImRbRXXTMeJYtUV+sbR15F6jTqgtLfidQ2V0v2DFEmig0evKzU
784Dc85PRrkRo73jDa+OanPsr6G8xZvG7vDW2753MndLyRlu3bP/f+OvycIflUsY
hc4QfXS92+RJGQLEXLAOYN3cB44GXQl3qf3hQASG36uqb6TvfY32UlVx8NbXvtey
4fZZ4tU5isAWxMdBT4Sr3bIqombJTNkFjmyTUWT9m5+NdgO7x0nrNg1bfipljsrs
yjjuWVrp1G4yqjFZEHA1ujmUqD816Nyk39rh/qOzbdaLUzD33dnGsu1Zlc9XFASp
Zv1+NZam/HChjUxkfDxQjPMejZv7KqAVaGyEuRsVFdYXwwWyPHdZb7iqgGoIJ9xY
2FE1r8xMntYHZOEnGF/hC/4tg/FvGJ0G/EUuxc4s2K3B6tWR21DDgrfl0ejt+VkB
4OOKpJv7dhj2olXoiAl11KCYZblonnmnd/Cg2J8ypwpFEkhTp+dN5M7q2r2kSADG
MJgr5yurUdS1n7c22zjxhefZbVLuSOU4RWxDa/5X6XaPcVI7adHSUt8u66WtE+YK
xYESpqFE5lFbnlVgSNQLErHbTG1y0MDqdkbGdJbe5W+cPOyrQlHlR4M0m/0vuPpW

Here are parts of the header of the email sent with Balsa to the MS Exchange server and retrieved with Balsa from the my private email account:

MIME-Version: 1.0
Content-Type: multipart/encrypted; protocol=\"application/pgp-encrypted\";
\tboundary=\"=-d1XgDxa087HZZkKiP8tD\"
X-Originating-IP:
X-ClientProxiedBy:
X-VISP-Virus-Check: clean
X-VISP-Spam-Max-Score: +++++
X-SA-Exim-Connect-IP:
X-SA-Exim-Mail-From:
X-SA-Exim-Scan-Truncated: Fed 512000 bytes of the body to SA instead of 3639336 X-SA-Exim-Scanned: No (on martini.ops.eusc.inter.net); SAEximRunCond expanded to false
X-VISP-UniqueID: 9fc69f9aecb72738ee0253c07849396ea2f1575f

--=-d1XgDxa087HZZkKiP8tD
Content-Type: application/pgp-encrypted
Content-Transfer-Encoding: 7bit

Version: 1

--=-d1XgDxa087HZZkKiP8tD
Content-Type: application/octet-stream
Content-Transfer-Encoding: 7bit

-----BEGIN PGP MESSAGE-----

hQMOAxkymeMHo4wMEAwAubLJk5LlNiskEM6AtUzlUYt5MFXVJjA6+b1iCziRXs1L
dJXzYtkEuhALtfO9BEDRAq3qi5qCnPJFl2PqtU0wp1G1NEKzHDTJ8NEzKtxTAuvj
5tG5L8ZZnYr1VrImRbRXXTMeJYtUV+sbR15F6jTqgtLfidQ2V0v2DFEmig0evKzU
784Dc85PRrkRo73jDa+OanPsr6G8xZvG7vDW2753MndLyRlu3bP/f+OvycIflUsY
hc4QfXS92+RJGQLEXLAOYN3cB44GXQl3qf3hQASG36uqb6TvfY32UlVx8NbXvtey
4fZZ4tU5isAWxMdBT4Sr3bIqombJTNkFjmyTUWT9m5+NdgO7x0nrNg1bfipljsrs
yjjuWVrp1G4yqjFZEHA1ujmUqD816Nyk39rh/qOzbdaLUzD33dnGsu1Zlc9XFASp
Zv1+NZam/HChjUxkfDxQjPMejZv7KqAVaGyEuRsVFdYXwwWyPHdZb7iqgGoIJ9xY
2FE1r8xMntYHZOEnGF/hC/4tg/FvGJ0G/EUuxc4s2K3B6tWR21DDgrfl0ejt+VkB
4OOKpJv7dhj2olXoiAl11KCYZblonnmnd/Cg2J8ypwpFEkhTp+dN5M7q2r2kSADG
MJgr5yurUdS1n7c22zjxhefZbVLuSOU4RWxDa/5X6XaPcVI7adHSUt8u66WtE+YK
xYESpqFE5lFbnlVgSNQLErHbTG1y0MDqdkbGdJbe5W+cPOyrQlHlR4M0m/0vuPpW

If yes, please Albrecht could you build a new Balsa package for me from git?

I could build a Debian Stretch package for you…

However, it raises a more general question – shouldn't we prepare a new release anyway? I think there have been many improvements since the last one last year. I still have a new GUI for managing IMAP subscriptions in my pipeline, and I wanted to look into XOAUTH2 for gmail or yahoo (which is *not* safer than the methods Balsa supports now, opposed to what Google claims!), but those shouldn't be show-stoppers. And the README and help files are really outdated, which seems to be more critical.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]