Incoming Mail that cannot be decrypted (due to wrong key / missing private key) raises mail-gpg EncodingError
If an incoming mail is encrypted but cannot be decrypted, I expect a reply to the sender, that she send a mail encrypted to the wrong key. I don't expect an exception, since this is not such an exceptional event, is it?
If an incoming mail is encrypted but cannot be decrypted, because it was encrypted to the wrong key,
Mail::Message#setup will still call
if new.signed?. This raises an error inside mail-gpg because you cannot check if an encrypted mail is signed.
- Version: 3.2.2-1~bpo9+1
- Installation method: package / debian
- Mail client version: unknown
----- Forwarded message from schleuder@schleuder ----- Date: some date From: schleuder To: root@localhost Subject: Error Unable to determine signature on an encrypted mail, use :verify option on decrypt() /usr/lib/ruby/vendor_ruby/mail/gpg.rb:98:in `signed?' /usr/lib/ruby/vendor_ruby/mail/gpg/message_patch.rb:77:in `signed?' /usr/lib/ruby/vendor_ruby/schleuder/mail/message.rb:31:in `setup' /usr/lib/ruby/vendor_ruby/schleuder/runner.rb:15:in `run' /usr/lib/ruby/vendor_ruby/schleuder/cli.rb:35:in `work' /usr/lib/ruby/vendor_ruby/thor/command.rb:27:in `run' /usr/lib/ruby/vendor_ruby/thor/invocation.rb:126:in `invoke_command' /usr/lib/ruby/vendor_ruby/thor.rb:359:in `dispatch' /usr/lib/ruby/vendor_ruby/thor/base.rb:440:in `start' /usr/bin/schleuder:19:in `<main>' Date: some date From: "email@example.com" <firstname.lastname@example.org> To: email@example.com Subject: Fwd: Neuer KP PGP Key Error: decryption/verification failed: No secret key
The code in our version of schleuder:
def setup if self.encrypted? new = self.decrypt(verify: true) ## Work around a bug in mail-gpg: when decrypting pgp/mime the ## Date-header is not copied. #new.date ||= self.date # Test if there's a signed multipart inside the ciphertext # ("encapsulated" format of pgp/mime). if new.signed? new = new.verify end elsif self.signed? new = self.verify else new = self end
# true if a mail is signed. # # throws EncodingError if called on an encrypted mail (so only call this method if encrypted? is false) def self.signed?(mail) return true if signed_mime?(mail) return true if signed_inline?(mail) if encrypted?(mail) raise EncodingError, 'Unable to determine signature on an encrypted mail, use :verify option on decrypt()' end false end
I just found
encapsulated_signed? method in master. So maybe that solves our problem already? In that case, nevermind.