Page MenuHome GnuPG
Create Task
Maniphest T4836

GpgOL modifies PGP/Inline email messages stored in the server
Open, LowPublic
Actions

Description

Edit by aheinecke: Changed tltle to clarify that this is about PGP/Inline messages.

GpgOL is sometimes modifying email messages at the mailbox on its own.

Scenario:

There is an external process sending plaintext messages with an inline OpenPGP signature to a mailbox hosted in an Exchange server.
Alice connects to said mailbox natively (MAPI/HTTP?) using Microsoft Outlook, where GpgOL is installed.
Bob connects to the same mailbox via IMAP using thunderbird, with no PGP plugin.

Expected:
Bob would be able to view all email messages exactly as if Microsoft Outlook client was not involved at all.

Actual result:
When Bob accesses the emaiks, some of the messages became multipart/mixed, and now show an attachment identified as GpgOL_original_OpenPGP_message.txt:

Content-Type: text/plain; name="GpgOL_original_OpenPGP_message.txt"
Content-Description: GpgOL_original_OpenPGP_message.txt
Content-Disposition: attachment;
        filename="GpgOL_original_OpenPGP_message.txt"; size=...

(interestingly, the first and second MIME parts -which both show as base64- contain exactly the same content, except that the first one has a new line prepended, which is probably wrong)

Not all of the emails opened by Alice change in the mailbox. Probably depending on some timing, the "decrypted" version of the signed email, which would be prepared for display, get saved into the mailbox, thus affecting other clients.

Related Objects

Event Timeline

Angel created this task.Feb 4 2020, 12:29 AM
aheinecke claimed this task.Feb 5 2020, 11:49 AM
aheinecke triaged this task as High priority.
aheinecke added a subscriber: aheinecke.

Thank you for the detailed report.

We recently had a similar problem with S/MIME Mails. T4543 I think that we can apply the same fix we did for S/MIME also for OpenPGP. So I give this high priority as I think that this can be easily fixed and is a big problem in mixed environments.

werner mentioned this in Unknown Object (Phriction Wiki Document).Sep 26 2024, 3:36 PM
alexk mentioned this in Unknown Object (Phriction Wiki Document).Wed, May 7, 2:05 PM
aheinecke renamed this task from GpgOL sometimes modifying email messages stored in the server to GpgOL modifies PGP/Inline email messages stored in the server.Wed, May 28, 10:52 PM
aheinecke updated the task description. (Show Details)
aheinecke lowered the priority of this task from High to Low.Wed, May 28, 10:58 PM
In T4836#132493, @aheinecke wrote:

Thank you for the detailed report.

We recently had a similar problem with S/MIME Mails. T4543 I think that we can apply the same fix we did for S/MIME also for OpenPGP. So I give this high priority as I think that this can be easily fixed and is a big problem in mixed environments.

In this comment I thought about a different problem, changing the message class of the mail. We do this all the time now but in a way that we stay compatible with other clients. Since there are not many reports about this I think the prio here is low as the report then only relates to PGP/Inline. We have to move the inline parts out of the body to display them, so we store them as an attachment. That attachment should not be synced to the server but it is not catastrophic. When the mail is reopened with outlook the situation should be fixed by itself.

What could improved here would be to ensure even harder that on kill / unload / wipe / revert in GpgOL we take the PGP/Inline message and put it back into MAPI, because as soon as we put it in OOM it gets broken by outlook. I doubt that we will make the effort since we most strongly suggest to use PGP/MIME and even if you use PGP/Inline this is mostly an issue if you mix a non PGP aware client with a PGP aware client. Yes that might be the case for clearsigned mails in a webinterface,... but worst case. Then you have to open the attachment in Kleopatra and verify it there.