Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: GnuPG: devel

strange behavior/maybe a critical bug?

  

 
GnuPG devel RSS feed   Index | Next | Previous | View Threaded


wittau at lnxnt

Sep 7, 2009, 6:53 AM

Post #1 of 3 (603 views)
Permalink
strange behavior/maybe a critical bug?
Hello everyone,

I´m not a developer but I encountered a strange behavior regarding gpg
encrypted messages. Maybe I discovered a critical bug, maybe I´m
absolutely wrong. I try to be as precise as possible.

The situation was an Enigmail installation at a USB-Stick for Windows,
with encrypted mails. We tried to find a possibility for decrypting some
.pdf files at MacOS 9 from this USB-Stick. So we searched about the right
mails in the text-files, and copied the encrypted code to a text file. At
BBEdit I added the lines "----- begin pgp message -----" and "------ end
pgpg message -----" to the encrypted text.

Than I installed PGP 6.0 at my Mac G3 and imported the private key. After
importing, I went to PGP-Tools and "decrypt/veryfy" and selected the
textfile for decryption.

PGP 6 produces an error and tells me:
"the file "xy" could not be decrypted/verified because an error occured:
ascii armor input incomplete."

BUT - PGP produces an file at my desktop! After renaming this file "xy" to
"xy.pdf" I can read the pdf without any password!

That behavior is reproduceable!
It´s possible to read every encrypted attachements from enigmail without
the need of an password, ...

Any ideas?


_______________________________________________
Gnupg-devel mailing list
Gnupg-devel [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-devel


John at Mozilla-Enigmail

Sep 7, 2009, 8:07 AM

Post #2 of 3 (549 views)
Permalink
Re: strange behavior/maybe a critical bug? [In reply to]
wittau [at] lnxnt wrote:
>
> That behavior is reproduceable!
> It´s possible to read every encrypted attachements from enigmail without
> the need of an password, ...
>
> Any ideas?

Yep. I'd bet your "Encrypted attachments" are nothing more than attachments.
Check the MIME headers in the original message. Individual files are attached
unencrypted. If the sender wants them encrypted, PGP/MIME must be used to
encrypt the _entire_ email as one unit.

Rather than PGP 6.0 on the Mac, why didn't you install a recent GnuPG version?
Checkout the MacGPG project.

--
John P. Clizbe Inet:John (a) Mozilla-Enigmail.org
You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net or
mailto:pgp-public-keys [at] gingerbear?subject=HELP

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"
Attachments: signature.asc (0.66 KB)


rjh at sixdemonbag

Sep 7, 2009, 9:51 AM

Post #3 of 3 (548 views)
Permalink
Re: strange behavior/maybe a critical bug? [In reply to]
wittau [at] lnxnt wrote:
> It´s possible to read every encrypted attachements from enigmail without
> the need of an password, ...

Let's not jump to conclusions.

If what you say is true, then there is a critical bug in Enigmail. That
said, I think a little more investigation is necessary before we start a
panic.

A discussion about this has been started on the Enigmail users list;
let's take the discussion there.


_______________________________________________
Gnupg-devel mailing list
Gnupg-devel [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-devel

GnuPG devel RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.