Incoming Mail that cannot be decrypted (due to wrong key / missing private key) raises mail-gpg EncodingError
Expected Behavior
If an incoming mail is encrypted but cannot be decrypted, I expect a reply to the sender, that she send a mail encrypted to the wrong key. I don't expect an exception, since this is not such an exceptional event, is it?
Actual Behavior
If an incoming mail is encrypted but cannot be decrypted, because it was encrypted to the wrong key, Mail::Message#setup
will still call if new.signed?
. This raises an error inside mail-gpg because you cannot check if an encrypted mail is signed.
Specifications
- Version: 3.2.2-1~bpo9+1
- Installation method: package / debian
- Mail client version: unknown
Other information
----- Forwarded message from schleuder@schleuder -----
Date: some date
From: schleuder
To: root@localhost
Subject: Error
Unable to determine signature on an encrypted mail, use :verify option on decrypt()
/usr/lib/ruby/vendor_ruby/mail/gpg.rb:98:in `signed?'
/usr/lib/ruby/vendor_ruby/mail/gpg/message_patch.rb:77:in `signed?'
/usr/lib/ruby/vendor_ruby/schleuder/mail/message.rb:31:in `setup'
/usr/lib/ruby/vendor_ruby/schleuder/runner.rb:15:in `run'
/usr/lib/ruby/vendor_ruby/schleuder/cli.rb:35:in `work'
/usr/lib/ruby/vendor_ruby/thor/command.rb:27:in `run'
/usr/lib/ruby/vendor_ruby/thor/invocation.rb:126:in `invoke_command'
/usr/lib/ruby/vendor_ruby/thor.rb:359:in `dispatch'
/usr/lib/ruby/vendor_ruby/thor/base.rb:440:in `start'
/usr/bin/schleuder:19:in `<main>'
Date: some date
From: "someuser@example.com" <someuser@example.com>
To: somelist@cryptolists.domain.tld
Subject: Fwd: Neuer KP PGP Key
Error: decryption/verification failed: No secret key
The code in our version of schleuder:
def setup
if self.encrypted?
new = self.decrypt(verify: true)
## Work around a bug in mail-gpg: when decrypting pgp/mime the
## Date-header is not copied.
#new.date ||= self.date
# Test if there's a signed multipart inside the ciphertext
# ("encapsulated" format of pgp/mime).
if new.signed?
new = new.verify
end
elsif self.signed?
new = self.verify
else
new = self
end
https://github.com/jkraemer/mail-gpg/blob/master/lib/mail/gpg.rb
# true if a mail is signed.
#
# throws EncodingError if called on an encrypted mail (so only call this method if encrypted? is false)
def self.signed?(mail)
return true if signed_mime?(mail)
return true if signed_inline?(mail)
if encrypted?(mail)
raise EncodingError, 'Unable to determine signature on an encrypted mail, use :verify option on decrypt()'
end
false
end
I just found encapsulated_signed?
method in master. So maybe that solves our problem already? In that case, nevermind.
Edited by init void