Page MenuHome GnuPG
Create Task
Maniphest T6624

GpgOL: S/MIME Opaque signed mails show up empty after failed verification
Closed, ResolvedPublic
Actions

Description

To test this I actually used a revoked certificate but likely other verification errors will trigger this, too.

It works completely as expected with normal S/MIME Mails. The verification / decryption happened as expected but the signature status was "Insecure" because the certificate was revoked or a verification error happened.

Normal S/MIME mails meaning mails that could be read in an S/MIME unaware client but just would show the signature as attachment. This is the default for KMail and the only thing that GpgOL sends. But other MUAs might still do this differently. And in KMail there is a way to switch to S/MIME Opaque format so I could use that for testing.

In that case GpgOL seems to run into a fallback which was actually meant for Inline PGP Mails that might have been sent with corrupted encoding.

10:04:32/2008/parsecontroller.cpp:parse:00000252ea1a5280 inline verify error trying native to utf8.

Which will mangle the binary data of the S/MIME structure and then return nothing as a result.

Revisions and Commits

rO GpgOL
rO300efe6da94d Disable reparse code for S/MIME opaque mails

Event Timeline

aheinecke triaged this task as High priority.Aug 1 2023, 12:32 PM
aheinecke created this task.
aheinecke added a commit: rO300efe6da94d: Disable reparse code for S/MIME opaque mails.Aug 1 2023, 12:38 PM
aheinecke closed this task as Resolved.Aug 1 2023, 1:03 PM
aheinecke moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.

This fix was pretty minimal and I could test:

Both the bad case:

And the fixed case:

myself. Since the setup of signing / encrypting with a revoked S/MIME certificate an S/MIME Opaque mail is extremely difficult to reproduce I will skip the QA queue on this and move it directly to done.