Page MenuHome GnuPG
Create Task
Maniphest T7858

GpgOL: Opened/Closed encrypted pgp messages unencrypted when read as plain is enabled
Closed, ResolvedPublic
Actions

Description

To reproduce:

  1. Active the setting "read as plain": File -> Options -> Trustcenter: Trust Center Settings -> Email Security: (x) Read all standard mail in plain text
  2. Send a pgp encrypted mail with some content (signed/unsigned does not matter)
  3. Preview the mail -> "converted into plain text", no content
  4. Open the mail -> "converted into plain text", but no content
  5. Close the mail, deselect and reselect the mail in the list -> no "converted into plain text" message anymore, mail content is shown (converted, unencrypted)

Notes:

  • S/MIME mails are not affected by this.
  • Probably related issue regarding the content not shown: https://dev.gnupg.org/T7843
  • This is independent of mail format (html/rich/text)
  • The message is saved on close (at least it's still ok in the list, while the mail is open)

gpgol.log:

gpgol.log521 KBDownload

Details

Version
vsd-3.3.3-beta90.19 @ win10

Revisions and Commits

rO GpgOL
rOa8a4a90e5daf Camelcase attachment prefix
rO4642e9b36910 Rename created attachments
rO762493fda7fa Body update fail with read as plain
rO88ab93687c3d Opened/Closed encrypted pgp messages unencrypted with read as plain
rO6557ef3d5011 Opened/Closed encrypted pgp messages keep categories with read as plain
rO955f550d5e76 Opened/Closed encrypted pgp messages unencrypted with read as plain

Related Objects

Event Timeline

timegrid created this task.Mon, Oct 13, 1:01 PM
timegrid created this object in space Restricted Space.
timegrid created this object with visibility "g10code (Project)".
timegrid created this object with edit policy "g10code (Project)".
timegrid added a comment.EditedMon, Oct 13, 1:12 PM

In pgp signed unencrypted text mails it happens, too, that first the "converted to plain text" message is shown without content, and after open/close the message is gone and the content is displayed.

werner added a subscriber: werner.Mon, Oct 13, 1:46 PM

At which point did were you asked for the passphrase for decryption? You flushed the gpg-agent cache, right?

timegrid added a comment.Mon, Oct 13, 1:59 PM

Happens on vsd 3.3.2, too.

I can read the plain text message in outlook web, so it is definitly unencrypted:

mmontkowski added a comment.Thu, Oct 16, 12:19 PM

We did decrypt the mail successfully and called put_oom_string to update the Body successfully, but for some reason for new mails the put calls succeed but the displayed Text is not updated i.e. no "OpenGPG Message Please wait..." or decrypted message.
When closing the mail window the mail is still open in the preview pane and we should get back the mail content (Body), but we don't get back what we set with the put call but what is displayed i.e nothing (empty string).
So we pass on the close call which does write back our put value. (Plaintext leak)

Fix we put an empty string into the body before passing.

Note: if you select an other mail in explorer and then back to the new empty mail, it gets decrypted again and no longer is empty showing the decrypted content.

mmontkowski added a commit: rO955f550d5e76: Opened/Closed encrypted pgp messages unencrypted with read as plain.Thu, Oct 16, 1:03 PM
ebo added a comment.Thu, Oct 16, 4:06 PM

With the beta-25 the body of the mail is not saved back to the server any more but the security level tags are. So the test mail still seems to be a signed and decrypted empty mail even if you deactivate gpgol.

mmontkowski added a commit: rO6557ef3d5011: Opened/Closed encrypted pgp messages keep categories with read as plain.Thu, Oct 16, 4:37 PM
ebo added a comment.Fri, Oct 17, 12:09 PM

additionally, the body of the messages is (in most cases) not shown any more.

Even if the body of the decrypted mail is shown (in plain text), choosing "display as HTML" does not show the HTML part (msg to Edward, 2025-10-17, 11:10)
When no message at all is shown in the plain part, this does not change with choosing "display as HTML" either (msg to edward, 11:42 and 11:48)

When deactivating "Read as plain", the messages HTML version is shown and the text is there.

timegrid added a comment.Mon, Oct 20, 9:58 AM

that's probably at least partly another issue: https://dev.gnupg.org/T7843

mmontkowski added a commit: rO88ab93687c3d: Opened/Closed encrypted pgp messages unencrypted with read as plain.Fri, Oct 24, 3:08 PM
ebo changed the task status from Open to Testing.Wed, Oct 29, 8:43 AM
ebo triaged this task as High priority.
ebo moved this task from Backlog to QA on the vsd33 board.
ebo moved this task from Backlog to Done on the gpgol board.
ebo added a comment.Wed, Oct 29, 9:49 AM

with 3.3.90.29-Beta:

It looks on the first checks as if this fixes the leak but a) the UX is really bad for decrypting a mail for the fist time, it is NOT a case of click a second time, see gif.
And b) some other signed/encrypted mails can't be selected any more, too, see example gif for the sent folder. Seen also for a pgp-inline mail. Also, these mails are always empty, even if I open them in a separate window (instead of preview, where no mail at all is shown, not even the header).

Have a look at the log.

I saw no "the message was changed, do you want to save?" messages any more

ebo added a comment.EditedWed, Oct 29, 9:54 AM

This is a gif to show the UX. It is to complicated for words…

ebo changed the task status from Testing to Open.Wed, Oct 29, 9:56 AM
ebo moved this task from Done to WIP on the gpgol board.
ebo added a comment.Wed, Oct 29, 10:15 AM

And when I switch of read-as-plain, both testmails in the inbox are displayed as expected but one of the ones from the sent-folder has an empty body:

mmontkowski added a commit: rO762493fda7fa: Body update fail with read as plain.Mon, Nov 3, 2:32 PM
mmontkowski added a commit: rO4642e9b36910: Rename created attachments.Tue, Nov 4, 1:21 PM
mmontkowski added a commit: rOa8a4a90e5daf: Camelcase attachment prefix.Tue, Nov 4, 3:36 PM
ebo added a comment.Wed, Nov 5, 4:30 PM

Test with beta32

with read-as-plain set, gpg al combinations with sign+encrypt:

  • no leak with the procedure from the description any more
  • the security level tags are kept encrypted, too
  • mail is displayed on first reception like this, with the content in a .txt file:


Which is necessary to avoid the leak due to a seeming bug in Outlook.
After deselecting and selecting the mail again (it has to be marked as read when reselecting it) the text is then displayed in the body as normal:

Should the text not be displayed in the body in some few cases (in the Sent folder it is always the case), toggling read/unread helps.
For S/MIME the text is usually directly shown in the body, only text of signed only mails is shown on the first view as .txt attachment.

Change of displayed security level still works even when the text is displayed as attachment (did not work in an earlier test version).

So far for today. But timegrid seems to have found some data loss issue regarding S/MIME encrypted mails with this beta-version which is probably related to the changes from this ticket. Further investigation needed.

ebo moved this task from QA to vsd-3.3.3 on the vsd33 board.Thu, Nov 6, 2:28 PM
ebo edited projects, added vsd33 (vsd-3.3.3); removed vsd33.
ebo moved this task from WIP to Done on the gpgol board.EditedThu, Nov 6, 2:32 PM

This here is resolved, for timegrids findings see other ticket, the issue is not related to the one from this ticket and no regression, as it turned out. And difficult to trigger.

werner closed this task as Resolved.Thu, Nov 6, 4:54 PM
werner claimed this task.
werner shifted this object from the Restricted Space space to the S1 Public space.
werner changed the visibility from "g10code (Project)" to "Public (No Login Required)".