Page MenuHome GnuPG
Create Task
Maniphest T8110

GpgOL: Parsing issues with KMail mails
Testing, NormalPublic
Actions

Description

I tested KMail (+ vsd appimage) Mails against Outlook/GpgOL and found multiple issues in GpgOL.
At least one of them has security implications, so this ticket is internal for now.
This bug is entwined with several others, so I'll give here an overview of all the problems and create subtickets on demand.

The security issue in GpgOL a nutshell:

  • The check for unsigned/unencrypted parts in mails ignores the last unsigned/unencrypted part (min 1 part).
  • Any signed/encrypted mail could be wrapped in a multipart/mixed part and arbitrary many unsigned+unencrypted attachments can be added, which will not raise any warnings and will be displayed as signed/encrypted
  • So this could be used to inject arbitrary files (i.e. mitm on transfer, or probably by just resending some adjusted old mail) and obtain the trust of the original sender

Background

  • KMail allows for attachments to have a different sign/encrypt configuration than the mail body, which results in a different mail structure and additional mail parts being added
  • I analyzed all those combinations and found, that GpgOL has issues with several of them
  • Note that this ticket is not about KMail, but about GpgOLs handling of the structures of KMail mails, which could also be handcrafted

Setup

  • Tested:
    • Alice: Kubuntu 23.04.3, KMail: 5.24.5 (23.08.5), Appimage: vsd-3.3.4
    • Bob: vsd-3.3.4 @ win10
  • I prepared a tarball with all necessary files (certs, mails, screenshots) to reproduce each issue:

kmail-tests.tar.gz1 MBDownload

Issues

Notes about the screenshots:

  • KMail: shows the correct actual structure
  • GpgOL: issues are marked
  • Mailviewer: also tested on this occasion, display is correct in most cases
  1. mail encrypted/signed, 1 attachment encrypted/signed (just for reference)
    • issues
      • none
    • mail structure
      • multipart/encrypted
        • version: application/pgp-encrypted
        • msg.asc inline: application/octet-stream
kmailoutlookmailviewer
  1. mail encrypted/signed, 1 attachment unencrypted/signed
    • issues
      • unencrypted attachment displayed as encrypted (no warning)
      • signature.asc shown additionally as attachment
    • mail structure
      • multipart/mixed
        • multipart/encrypted
          • version: application/pgp-encrypted
          • msg.asc inline: application/octet-stream
        • multipart/signed
          • test.txt: text/plain
          • signature.asc: application/pgp-signature
kmailoutlookmailviewer
  1. mail encrypted/signed, 1 attachment encrypted/unsigned
    • issues
      • unsigned attachment displayed as signed (no warning)
      • attachment not parsed right
        • attachment 00033.dat: pgp version part
        • msg.asc: encrypted text.txt file
    • mail structure
      • multipart/mixed
        • multipart/encrypted
          • version: application/pgp-encrypted
          • msg.asc inline: application/octet-stream
        • multipart/encrypted
          • version: application/pgp-encrypted
          • msg.asc inline: application/octet-stream
kmailoutlookmailviewer
  1. mail encrypted/signed, 1 attachment unencrypted/unsigned
    • issues
      • unencrypted/unsigned attachment displayed as encrypted/signed (no warning)
    • mail structure
      • multipart/mixed
        • multipart/encrypted
          • version: application/pgp-encrypted
          • msg.asc inline: application/octet-stream
        • test.txt: text/plain
kmailoutlookmailviewer
  1. mail encrypted/signed, 2 attachments unencrypted/signed
    • issues
      • warning is raised, but only the first attachment listed as unsigned/unencrypted
    • mail structure
      • multipart/mixed
        • multipart/encrypted
          • version: application/pgp-encrypted
          • msg.asc inline: application/octet-stream
        • multipart/signed
          • test2.txt: text/plain
          • signature.asc: application/pgp-signature
        • multipart/signed
          • test.txt: text/plain
          • signature.asc: application/pgp-signature
kmailoutlookmailviewer
  1. mail encrypted/signed, 2 attachments encrypted/unsigned
    • issues
      • warning is raised, but only the first (?) attachment listed as unsigned/unencrypted
    • mail structure
      • multipart/mixed
        • multipart/encrypted
          • version: application/pgp-encrypted
          • msg.asc inline: application/octet-stream
        • multipart/encrypted
          • version: application/pgp-encrypted
          • msg.asc inline: application/octet-stream
        • multipart/encrypted
          • version: application/pgp-encrypted
          • msg.asc inline: application/octet-stream
kmailoutlookmailviewer
  1. mail encrypted/signed, 2 attachments unencrypted/unsigned
    • issues
      • all unencrypted/unsigned attachments displayed as encrypted/signed (no warning)
    • mail structure
      • multipart/mixed
        • multipart/encrypted
          • version: application/pgp-encrypted
          • msg.asc inline: application/octet-stream
        • test2.txt: text/plain
        • test.txt: text/plain
kmailoutlookmailviewer
  1. encrypted/signed vcard attachment
    • issues
      • This one is weird - as it also could have security implications, I added it here, too
      • KMail breaks signature, when a vCard is added (no matter if via automatism, manual file attachment, even attaching renamed .vcf files with .txt ending)
      • All reports are contradicting/wrong i guess
        • KMail reports a bad signature and unknown key, although the key is in keyring
        • GpgOL just reports no signature, but should probably warn on a bad one
        • Mailviewer
          • reports a correct signature
          • but fails to parse the uid
          • but the key link to kleopatra is right
          • but the validity is unknown, although the key is certified/valid in keyring
          • the color/icon of the feedback is a bit confusing - is it a warning or not?
    • mail structure
      • multipart/encrypted
        • version: application/pgp-encrypted
        • msg.asc inline: application/octet-stream
kmailoutlookmailviewer

Details

Version
vsd-3.3.4 @ win10

Revisions and Commits

rO GpgOL
rOfcc322105e2b Attachment check failed

Related Objects

Event Timeline

timegrid created this task.Tue, Feb 17, 7:03 PM
timegrid created this object in space Restricted Space.
timegrid created this object with visibility "g10code (Project)".
timegrid created this object with edit policy "g10code (Project)".
timegrid updated the task description. (Show Details)Tue, Feb 17, 7:22 PM
timegrid mentioned this in Unknown Object (Maniphest Task).Tue, Feb 17, 7:27 PM
timegrid added a comment.Wed, Feb 18, 3:10 PM

Regarding 8. encrypted/signed vcard attachment:

I can confirm a bad signature. I saved the decrypted mail parts (message, signature) and verified the message manually.
This works for other mails, e.g.:

>gpg --verify 01-signature.asc 01-message.txt
gpg: Signature made 02/16/26 16:24:06 W. Europe Standard Time
gpg:                using RSA key 5EFA7F06281A002A21B52D35AC8676A41A2B1047
gpg: Good signature from "Alice <alice@gnupg.test>" [full]

But not for the vCard message:

>gpg --verify 08-signature.asc 08-message.txt
gpg: Signature made 02/17/26 01:16:04 W. Europe Standard Time
gpg:                using RSA key 5EFA7F06281A002A21B52D35AC8676A41A2B1047
gpg: BAD signature from "Alice <alice@gnupg.test>" [full]

I also tried to change 08-message.txt (add/remove LFs, remove vCard part), but haven't found the actual signed text.

Conclusions (about the handling of bad signatures):

  • KMail is right regarding the bad signature
  • GpgOL at least doesn't display the message as signed, but probably should raise a warning about the bad signature
  • Mailviewer is wrong about the correct signature (or applies some sanitation before verification)

For reference, the multipart/signed part of the vcard message:

Content-Type: multipart/signed; boundary="nextPart13963890.uLZWGnKmhe";
 micalg="pgp-sha256"; protocol="application/pgp-signature"

--nextPart13963890.uLZWGnKmhe
Content-Type: multipart/mixed; boundary="nextPart2267428.irdbgypaU6";
 protected-headers="v1"
Content-Transfer-Encoding: 7Bit
From: Alice <alice@gnupg.test>
To: bob@gnupg.test
Date: Tue, 17 Feb 2026 01:16:04 +0100
Message-ID: <1961079.tdWV9SEqCh@kubuntu24043>
MIME-Version: 1.0

This is a multi-part message in MIME format.

--nextPart2267428.irdbgypaU6
Content-Transfer-Encoding: 7Bit
Content-Type: text/plain; charset="us-ascii"

mail encrypted signed, only vcard attachment encrypted signed
--nextPart2267428.irdbgypaU6
Content-Disposition: attachment; filename="Alice.vcf"
Content-Transfer-Encoding: 7Bit
Content-Type: text/x-vcard; charset="utf-8"; name="Alice.vcf"

BEGIN:VCARD
VERSION:3.0
EMAIL;TYPE=PREF:alice@gnupg.test
FN:Alice
N:Alice;;;;
NAME:alice
UID:596644bb-53cb-4bc6-8a45-96be8b5aa814
X-KADDRESSBOOK-CRYPTOENCRYPTPREF:always
X-KADDRESSBOOK-CRYPTOPROTOPREF:inline openpgp\,openpgp/mime\,s/mime\,s/mime
  opaque\,any s/mime\,any openpgp
X-KADDRESSBOOK-CRYPTOSIGNPREF:always
X-KADDRESSBOOK-OPENPGPFP:5EFA7F06281A002A21B52D35AC8676A41A2B1047
END:VCARD


--nextPart2267428.irdbgypaU6--

--nextPart13963890.uLZWGnKmhe
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part.
Content-Transfer-Encoding: 7Bit

-----BEGIN PGP SIGNATURE-----

iQGzBAABCAAdFiEEXvp/BigaACohtS01rIZ2pBorEEcFAmmTs0QACgkQrIZ2pBor
EEf7pAv/eDq8e8bJFvBA3fWBMT9OVopFMlM0+P3zrZlbXQSnwt4MV8C5V+C+Wo2x
+mr7g9nAo6ip9RC2mNeBv+g+t3tbsTQ6Alg6IOl0on/q18hmWkXQ7zx//gM9Bd9D
YtlXy7HfpZe8IpQvo0gvXL+dFPWisHEZSOROO6ZJo7J6v+AfWOOyHSsPgXmNVVDk
/1VtLIx+hpNgVpJ5rFXj+qNLAoOogZ71Cxxpv5zvnzwNZQNDBp92SlCCwTniEhQN
UmjkmdSjXNEjiIrxoc4gUqcKrl+/lvWxowSy6OGizMZ8z/5i5G26f52/uwr4PPWz
IhKxUPgL+qGDIcrjfS5sath540xp6cUqJUjYI8R0SWW2VyFbn0r4kbJiyrG10Ys+
gi7qWxzZZvelqdmsqp8KhYaly7/7FnZCdIGGyCNJ/hir5jhpk3TMUIZLNtTCLyWg
gjkf00dB7PIV0fwMj17ev2Nq0im79hnUw1Y71wUzSsTn782sl8LfMu8YxlAW9mIb
3VADTfWV
=ZUFY
-----END PGP SIGNATURE-----

--nextPart13963890.uLZWGnKmhe--
timegrid added a comment.EditedWed, Feb 18, 3:26 PM

Note for mails with 2 attachments, where the warning is displayed: Those mails can't be moved in Outlook/GpgOL

mmontkowski mentioned this in Unknown Object (Maniphest Task).Mon, Feb 23, 9:01 AM
mmontkowski added a commit: rOfcc322105e2b: Attachment check failed.Mon, Feb 23, 5:14 PM
ebo triaged this task as High priority.Tue, Feb 24, 1:47 PM
ebo moved this task from Backlog to WIP on the gpgol board.
ebo moved this task from Backlog to QA on the gpd5x board.Thu, Feb 26, 8:49 AM
mmontkowski mentioned this in Unknown Object (Maniphest Task).Mon, Mar 2, 9:35 AM
timegrid lowered the priority of this task from High to Normal.EditedTue, Mar 3, 10:01 AM
timegrid moved this task from QA to WIP on the gpd5x board.

The basic fix for the msg box looks good to me on gpg4win-5.0.2-beta2 @ win11.
There's only no signature shown anymore, not even for the formerly working case 1.
Note: I also tested those mails sent to an exchange server with the same result as via IMAP.

  1. mail encrypted/signed, 1 attachment encrypted/signed

  1. mail encrypted/signed, 1 attachment unencrypted/signed


  1. mail encrypted/signed, 1 attachment encrypted/unsigned


  1. mail encrypted/signed, 1 attachment unencrypted/unsigned


  1. mail encrypted/signed, 2 attachments unencrypted/signed


  1. mail encrypted/signed, 2 attachments encrypted/unsigned


  1. mail encrypted/signed, 2 attachments unencrypted/unsigned


Still open as discussed:

  • Add a hint in the warning box, that the mail could be saved and opened in kleopatra to have a better feedback on what is encrypted/signed
  • Rename attachments with different encryption/signature: "UNGEPRÜFT: <NAME>"
  • Adding a new tag "Ungeprüfte Anhange" for mails with one or more such attachments
  • If possible and applicable, offer other mail parts als "<NAME>.eml" (instead of separate attachments test.txt and signature.asc, or Untilted attachment 00033.dat and msg.asc. This way the mail can be opened and decryption/verification just works as expected
timegrid added a comment.Tue, Mar 3, 10:53 AM

The missing signature indication can also be seen now in the customer mails sent via kmail (ted:INBOX, e.g. 18.02. 12:52). This was fine before.

mmontkowski added a comment.Wed, Mar 4, 11:41 AM

Hmm ich sehe weiterhin die Signatur.


und

timegrid added a comment.Wed, Mar 4, 1:10 PM

The missing signature was a problem on my end. The customer mail (to ted / exchange server) works fine if the cert is in the keyring. The testmails (via outlook imap) are fine, too. I still need a better test setup for mails to our exchange accounts, but this is enough to rule out a problem in gpgol. I adjust my former message accordingly.

mmontkowski mentioned this in Unknown Object (Maniphest Task).Mon, Mar 9, 8:58 AM
alexk assigned this task to mmontkowski.Mon, Mar 9, 3:11 PM
ebo mentioned this in T8168: GpgOL: improve visibility of warning in case of not signed attachments.Thu, Mar 12, 2:24 PM
ebo moved this task from WIP to Done on the gpgol board.Thu, Mar 12, 2:40 PM
ebo edited projects, added gpd5x (gpd-5.0.2); removed gpd5x.
ebo edited projects, added vsd33; removed vsd34.
ebo moved this task from Backlog to WiP on the vsd33 board.Thu, Mar 12, 3:01 PM
timegrid changed the task status from Open to Testing.Fri, Mar 13, 8:42 AM
ebo moved this task from WiP to QA on the vsd33 board.Fri, Mar 13, 3:44 PM
ebo moved this task from QA to vsd-3.3.6 on the vsd33 board.Fri, Mar 13, 4:25 PM
ebo edited projects, added vsd33 (vsd-3.3.6); removed vsd33.
werner shifted this object from the Restricted Space space to the S1 Public space.Mon, Mar 16, 9:57 AM
werner changed the visibility from "g10code (Project)" to "Public (No Login Required)".