I tested KMail (+ vsd appimage) Mails against Outlook/GpgOL and found multiple issues in GpgOL.
At least one of them has security implications, so this ticket is internal for now.
This bug is entwined with several others, so I'll give here an overview of all the problems and create subtickets on demand.
**The security issue in GpgOL a nutshell:**
- The check for unsigned/unencrypted parts in mails ignores the last unsigned/unencrypted part (min 1 part).
- Any signed/encrypted mail could be wrapped in a `multipart/mixed` part and arbitrary many unsigned+unencrypted attachments can be added,
which will not raise any warnings and will be displayed as signed/encrypted
- So this could be used to inject arbitrary files (i.e. mitm on transfer, or probably by just resending some adjusted old mail)
and obtain the trust of the original sender
**Background**
- KMail allows for attachments to have a different sign/encrypt configuration than the mail body, which results in a different mail structure and additional mail parts being added
- I analyzed all those combinations and found, that GpgOL has issues with several of them
- Note that this ticket is not about KMail, but about GpgOLs handling of the structures of KMail mails, which could also be handcrafted
**Setup**
- Tested:
- Alice: `Kubuntu 23.04.3`, `KMail: 5.24.5 (23.08.5)`, `Appimage: vsd-3.3.4`
- Bob: `vsd-3.3.4 @ win10`
- I prepared a tarball with all necessary files (certs, mails, screenshots) to reproduce each issue:
{F36084109}
**Issues**
Notes about the screenshots:
- KMail: shows the correct actual structure
- GpgOL: issues are marked
- Mailviewer: also tested on this occasion, display is correct in most cases
---
1) **{icon circle color=green} mail encrypted/signed, 1 attachment encrypted/signed** (just for reference)
- issues
- none
- mail structure
- multipart/encrypted
- version: application/pgp-encrypted
- msg.asc inline: application/octet-stream
| kmail | outlook | mailviewer
| {F36084574} | {F36084603} | {F36084620}
---
2) **{icon circle color=orange} mail encrypted/signed, 1 attachment !!unencrypted!!/signed**
- issues
- unencrypted attachment displayed as encrypted (no warning)
- mail structure
- multipart/mixed
- multipart/encrypted
- version: application/pgp-encrypted
- msg.asc inline: application/octet-stream
- multipart/signed
- test.txt: text/plain
- signature.asc: application/pgp-signature
| kmail | outlook | mailviewer
| {F36087741} | {F36087766} | {F36087777}
---
3) **{icon circle color=red} mail encrypted/signed, 1 attachment encrypted/!!unsigned!!**
- issues
- unsigned attachment displayed as signed (no warning)
- attachment not parsed right
- attachment 00033.dat: pgp version part
- msg.asc: encrypted text.txt file
- mail structure
- multipart/mixed
- multipart/encrypted
- version: application/pgp-encrypted
- msg.asc inline: application/octet-stream
- multipart/encrypted
- version: application/pgp-encrypted
- msg.asc inline: application/octet-stream
| kmail | outlook | mailviewer
| {F36087794} | {F36087811} | {F36087840}
---
4) **{icon circle color=red} mail encrypted/signed, 1 attachment !!unencrypted!!/!!unsigned!!**
- issues
- unencrypted/unsigned attachment displayed as encrypted/signed (no warning)
- mail structure
- multipart/mixed
- multipart/encrypted
- version: application/pgp-encrypted
- msg.asc inline: application/octet-stream
- test.txt: text/plain
| kmail | outlook | mailviewer
| {F36087921} | {F36087925} | {F36087930}
---
5) **{icon circle color=orange} mail encrypted/signed, 2 attachments !!unencrypted!!/signed**
- issues
- warning is raised, but only the first attachment listed as unsigned/unencrypted
- mail structure
- multipart/mixed
- multipart/encrypted
- version: application/pgp-encrypted
- msg.asc inline: application/octet-stream
- multipart/signed
- test2.txt: text/plain
- signature.asc: application/pgp-signature
- multipart/signed
- test.txt: text/plain
- signature.asc: application/pgp-signature
| kmail | outlook | mailviewer
| {F36089161} | {F36089172} | {F36089182}
---
6) **{icon circle color=orange} mail encrypted/signed, 2 attachments encrypted/!!unsigned!!**
- issues
- warning is raised, but only the first (?) attachment listed as unsigned/unencrypted
- mail structure
- multipart/mixed
- multipart/encrypted
- version: application/pgp-encrypted
- msg.asc inline: application/octet-stream
- multipart/encrypted
- version: application/pgp-encrypted
- msg.asc inline: application/octet-stream
- multipart/encrypted
- version: application/pgp-encrypted
- msg.asc inline: application/octet-stream
| kmail | outlook | mailviewer
| {F36089274} | {F36089283} | {F36089296}
---
7) **{icon circle color=red} mail encrypted/signed, 2 attachments !!unencrypted!!/!!unsigned!!**
- issues
- all unencrypted/unsigned attachments displayed as encrypted/signed (no warning)
- mail structure
- multipart/mixed
- multipart/encrypted
- version: application/pgp-encrypted
- msg.asc inline: application/octet-stream
- test2.txt: text/plain
- test.txt: text/plain
| kmail | outlook | mailviewer
| {F36089700} | {F36089714} | {F36089725}
---
8) **{icon circle color=yellow} encrypted/signed vcard attachment**
- issues
- This one is weird - as it also could have security implications, I added it here, too
- KMail breaks signature, when a vCard is added (no matter if via automatism, manual file attachment, even attaching renamed `.vcf` files with `.txt` ending)
- All reports are contradicting/wrong i guess
- KMail reports a bad signature and unknown key, although the key is in keyring
- GpgOL just reports no signature, but should probably warn on a bad one
- Mailviewer reports a correct signature, but fails to parse the uid, but the key link to kleopatra is right, but the validity is unknown, but the key is certified/valid in keyring
- mail structure
- multipart/encrypted
- version: application/pgp-encrypted
- msg.asc inline: application/octet-stream
| kmail | outlook | mailviewer
| {F36090072} | {F36090074} | {F36090078}