After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 701483 - Inline GPG decryption sometimes hides the decrypted text
Inline GPG decryption sometimes hides the decrypted text
Status: RESOLVED FIXED
Product: evolution
Classification: Applications
Component: Mailer
3.10.x (obsolete)
Other Linux
: Normal normal
: ---
Assigned To: evolution-mail-maintainers
Evolution QA team
Depends on:
Blocks:
 
 
Reported: 2013-06-02 22:39 UTC by huw
Modified: 2015-06-23 02:35 UTC
See Also:
GNOME target: ---
GNOME version: ---


Attachments
screenshot of broken Security Information dialog (11.40 KB, image/png)
2015-06-22 08:06 UTC, Paul Wise
Details

Description huw 2013-06-02 22:39:24 UTC
A friend has been sending me emails encrypted via the Gmail web interface and OpenPGP, but Evolution cannot decrypt them.  This is a new install of OpenSuse but I had the same problem with a completely different distro.  The mail *can* be decrypted if I paste it into a text file and use gpg --decrypt in a terminal.

The first time I opened such an email after installing my distro, I was asked for my passphrase which I entered.  The email was then displayed in encrypted format.  Since then, the emails are simply displayed encrypted without even asking me for a passphrase (I asked it *not* to store the passphrase that first time).

Reproducible: Always

Steps to reproduce:
1. Open encrypted email

Expected result: I should be asked for my passphrase, then the decrypted email should be displayed.

Actual result: I am not asked for my passphrase, and the email is displayed in encrypted format.
Comment 1 Matthew Barnes 2013-06-02 22:55:47 UTC
Works fine for me with 3.8.  I'm prompted for a passphrase and the message is shown decrypted.

Try upgrading to 3.8 and let me know how it goes.
Comment 2 huw 2013-06-03 19:15:16 UTC
Thanks Matthew.  I've used OpenSUSE's "factory" repository to upgrade to 3.8.1.  I was asked for the passphrase the next time I tried to decrypt an email, but the same symptoms remain.
Comment 3 Kai Engert 2013-07-30 19:35:02 UTC
I see this problem, too. For me, it happens if the message isn't nested at all, and the message's content type is either text/plain or missing.

In other words, the body of the message is simply:
-----BEGIN PGP MESSAGE-----
...
-----END PGP MESSAGE-----

When viewing such a message with evolution 3.8.4, it displays the "encrypted" icon and a "plain text document attachment". Selecting "view all inline" doesn't help, the text isn't shown.

Matthew, in order to reproduce, you can use the command line to create a gpg message, e.g.:

echo message | gpg --recipient your-own-key-id --encrypt --armor

In Evolution, compose and paste above plain text into the body (don't select encrypt in evolution) and send it to yourself.
Comment 4 Kai Engert 2013-07-30 19:55:01 UTC
At least for me, that's a regression.

Works: 3.8.3

Fails: 3.8.4
Comment 5 Paul Wise 2013-11-03 11:57:33 UTC
This issue persists in Evolution 3.10.1 and is a bit annoying since I need to save to mbox and then decrypt on the command-line.
Comment 6 Geir Horn 2014-06-12 06:33:09 UTC
Confirmed also for Evolution 3.10.4 on Fedora 20. Encrypted mails can be saved and decrypted on the command line.
Comment 7 Milan Crha 2015-04-21 12:59:54 UTC
Thanks for a bug report. I retested this with current development version, which is pretty much the same as 3.16.1, and the steps from comment #3 works fine here.

There is one caveat, the part with the inline GPG should be set to text/plain, otherwise the message content is not searched for inline encryption. The reason is simple, there are just too many ways for line separators in text/html parts (it can be <br>, it can be <div>,...).

Please retest with either 3.12.11 or 3.16.x, and if you'll still see this issue then provide a test message. Thanks in advance.
Comment 8 Paul Wise 2015-05-02 13:47:52 UTC
It sill happens with 3.12.9~git20141130.241663-1+b1, I'll re-test with later versions when they reach Debian.
Comment 9 Paul Wise 2015-06-02 09:15:04 UTC
evolution 3.12.11-1 is now available in Debian unstable, but this version did not fix the issue.
Comment 10 Paul Wise 2015-06-20 07:19:06 UTC
I just upgraded to evolution 3.16.3-1 from Debian unstable but this version did not fix the issue either. Could someone reopen this bug please?
Comment 11 Milan Crha 2015-06-22 07:07:43 UTC
Thanks for the update. I hoped it would fix things, at least because I recall some similar issues being addressed and because the PGP decryption works fine with the emails I have here.

Are the steps and circumstances the same in 3.16.3? Could you run evolution as this:
   $ CAMEL_DEBUG=gpg evolution
and see what will be printed when you select an encrypted message which fails with the decryption? Would it be possible to send me an encrypted message, in case you can decrypt some, but not all GPG messages?
Comment 12 Paul Wise 2015-06-22 08:06:28 UTC
Created attachment 305808 [details]
screenshot of broken Security Information dialog

I can decrypt inline PGP messages but evolution doesn't show the decrypted contents (all encrypted inline PGP messages), just the text "Encrypted" with a button on the left that brings the Security Information dialog up, which is pretty broken as it doesn't contain any key or fingerprint information (screenshot attached). PGP/MIME messages are decrypted and display fine though.

This is what the debug log looks like for a successful decryption when I input my passphrase into the GNOME passphrase dialog:

status: [GNUPG:] ENC_TO 9BEA62A2FF344030 1 0
status: [GNUPG:] USERID_HINT 9BEA62A2FF344030 Paul Wise <pabs@debian.org>
status: [GNUPG:] NEED_PASSPHRASE 9BEA62A2FF344030 3116BA5E9FFA69A3 1 0
status: [GNUPG:] GOOD_PASSPHRASE
status: [GNUPG:] BEGIN_DECRYPTION
status: [GNUPG:] DECRYPTION_INFO 2 9
status: [GNUPG:] PLAINTEXT 62 1433894401 
status: [GNUPG:] PLAINTEXT_LENGTH 446
status: [GNUPG:] DECRYPTION_OKAY
status: [GNUPG:] GOODMDC
status: [GNUPG:] END_DECRYPTION

This is what it looks like when I cancel the GNOME passphrase entry dialog but enter the passphrase into the evolution passphrase entry dialog:

status: [GNUPG:] GOT_IT
status: [GNUPG:] GOOD_PASSPHRASE
status: [GNUPG:] BEGIN_DECRYPTION
status: [GNUPG:] DECRYPTION_INFO 2 9
status: [GNUPG:] PLAINTEXT 62 1433203201 
status: [GNUPG:] PLAINTEXT_LENGTH 314
status: [GNUPG:] DECRYPTION_OKAY
status: [GNUPG:] GOODMDC
status: [GNUPG:] END_DECRYPTION

This is what it looks like when I cancel the decryption in both the GNOME and evolution passphrase entry dialogs:

status: [GNUPG:] ENC_TO 9BEA62A2FF344030 1 0
status: [GNUPG:] USERID_HINT 9BEA62A2FF344030 Paul Wise <pabs@debian.org>
status: [GNUPG:] NEED_PASSPHRASE 9BEA62A2FF344030 3116BA5E9FFA69A3 1 0
status: [GNUPG:] GET_HIDDEN passphrase.enter

There are two keys for you on the keyservers, which one would you like me to encrypt to?

$ gpg --search-keys 'Milan Crha'
gpg: searching for "Milan Crha" from hkp server ...
(1)	Milan Crha (Red Hat) <mcrha@redhat.com>
	  1024 bit DSA key 0xFB183E7EF3C36A0D, created: 2007-06-13
(2)	Milan Crha <mcrha@redhat.com>
	  1024 bit DSA key 0x41B26360065A3690, created: 2007-06-07

BTW:

The keys I found on the keyservers for you are 1024-bit DSA, which is considered insecure these days, I'd suggest reading these OpenPGP best practices and migrating to a new key:

https://help.riseup.net/en/security/message-security/openpgp/best-practices

Evolution really should drop the custom passphrase entry stuff and rely on GNOME/GnuPG/pinentry for that.

I think evolution should require the user to press a button to decrypt as the GNOME password input dialog is modal and that is annoying when I accidentally click on an encrypted message.
Comment 13 Milan Crha 2015-06-22 09:06:00 UTC
(In reply to Paul Wise from comment #12)
> I can decrypt inline PGP messages but evolution doesn't show the decrypted
> contents (all encrypted inline PGP messages), just the text "Encrypted" with
> a button on the left...

Inline encrypted works fine for me too.

> ...that brings the Security Information dialog up, which
> is pretty broken as it doesn't contain any key or fingerprint information
> (screenshot attached).

Hmm, even that dialog shows correctly for me.

> This is what the debug log looks like for a successful decryption when I
> input my passphrase into the GNOME passphrase dialog:

The logs look fine. You probably chose a different message, as the plain text length differs, but that's only a detail.

> There are two keys for you on the keyservers, which one would you like me to
> encrypt to?
> (1)	Milan Crha (Red Hat) <mcrha@redhat.com>
> 	  1024 bit DSA key 0xFB183E7EF3C36A0D, created: 2007-06-13

Use this one, please. Also verify that the message to me in the sent folder exhibits the same issues as in the other folder.
Comment 14 Paul Wise 2015-06-22 09:34:07 UTC
Hmm, sent you a mail, encrypted to both of us. That worked fine. Investigating further.
Comment 15 Milan Crha 2015-06-22 09:41:30 UTC
(In reply to Paul Wise from comment #14)
> Hmm, sent you a mail, encrypted to both of us. That worked fine.
> Investigating further.

Right, the first was empty as such, the second was with unencrypted header and footer, with an encrypted middle part. As you said, worked fine here as well.

Could you try to capture a log of:
   CAMEL_DEBUG=emformat evolution

the new lines when you select the encrypted message, please? Also, maybe as the messages are encrypted, you can send one of the affected messages to me too. I will not be able to decrypt it, but I can check the message structure and so on. Preferably send the message zipped, thus the content will not be changed during the send (like new line delimiters and so on).

Hmm, what if you save of the affected messages into an mbox, then import it somewhere under the On This Computer and try to view the imported message? Will it change anything?
Comment 16 Paul Wise 2015-06-22 10:12:04 UTC
I saved it to an mbox and imported it to a test folder, but there was no change. Here is the output with CAMEL_DEBUG=emformat when clicking on the message.

Thread 0x7fd429d92190 >
EMailParser finished with EMailPartList:
	id: .message | cid: (null) | mime_type: (null) | is_hidden: 0 | is_attachment: 0
	id: .message.headers | cid: (null) | mime_type: application/vnd.evolution.headers | is_hidden: 0 | is_attachment: 0
	id: .message.attachment-bar | cid: (null) | mime_type: application/vnd.evolution.widget.attachment-bar | is_hidden: 0 | is_attachment: 0
	id: .message.text-highlight.plain_text.0 | cid: (null) | mime_type: text/plain | is_hidden: 0 | is_attachment: 0
	id: .message.text-highlight.inlinepgp_encrypted.button.secure_button | cid: (null) | mime_type: application/vnd.evolution.widget.secure-button | is_hidden: 0 | is_attachment: 0
	id: .message.text-highlight.plain_text.2 | cid: (null) | mime_type: text/plain | is_hidden: 0 | is_attachment: 0
< 0x7fd429d92190 >
Thread 0x7fd426d56ea0 >
handle_mail_request: found part-list 0x7fd42a461e80 for full_uri 'mail://local/test/1434967526.23484_0.chianamo?mode=0&headers_collapsable=1&headers_collapsed=0&formatter_default_charset=&formatter_charset='
< 0x7fd426d56ea0 >
Thread 0x7fd426d56ea0 >
handle_mail_request: found part-list 0x7fd42a461e80 for full_uri 'mail://local/test/1434967526.23484_0.chianamo?part_id=.message.text-highlight.plain_text.0&mode=2&__formatas=txt&formatter_default_charset=&formatter_charset='
< 0x7fd426d56ea0 >
Thread 0x7fd426d56ea0 >
handle_mail_request: found part-list 0x7fd42a461e80 for full_uri 'mail://local/test/1434967526.23484_0.chianamo?part_id=.message.text-highlight.plain_text.2&mode=2&__formatas=txt&formatter_default_charset=&formatter_charset='
< 0x7fd426d56ea0 >
Comment 17 Paul Wise 2015-06-22 10:30:23 UTC
Looks like the culprit is the plain text inside the encryption container. When I change the plain text to "encrypted part", it works. When I change it to "--- test" then it does not work. When I change it to just "---", it works.
Comment 18 Paul Wise 2015-06-22 10:33:46 UTC
I've sent you a mail containing "--- test" as the plain text and CCed myself. When I view the mail, it is broken for me, please confirm.
Comment 19 Milan Crha 2015-06-22 16:06:16 UTC
Confirming, I can reproduce it with your message "inline encryption test: broken version".
Comment 20 Milan Crha 2015-06-22 16:10:54 UTC
Hmm, removing /usr/lib/evolution/modules/module-text-highlight.* makes it show the part. I'm investigating further.
Comment 21 Milan Crha 2015-06-22 17:35:36 UTC
I figured out the problem, it was interesting. The inline GPG encrypted part was inside a text/plain. That was decoded and marked as text-highlight part. This mark is used to check in the text-highlight whether there is a recursion, which is supposed to be avoided. The problem was that the inline gpg decrypter decoded the "--- test" and passed it into the parser, which identified the part as text/x-patch, to which is attached the text-highlight, and that noticed that "there is already a text-higlight involved" thus it simply skipped the part and nothing was used.

I changed the code to avoid the recursion only in a direct way, it means if the text-highlight was the last tried parser, otherwise process the part as usual. I also added some runtime warnings in case the situation may repeat in a similar manner.

Created commit 553f855 in evo master (3.17.4+)
Created commit 6e1a37c in evo gnome-3-16 (3.16.4+)
Comment 22 Paul Wise 2015-06-23 02:35:11 UTC
Great, thanks a lot!