Re: [BUG] Decryption fails if message was signed with an unknown key

diff --git a/df/a7105427285169d38f280949987b21e10b6703 b/df/a7105427285169d38f280949987b21e10b6703
new file mode 100644 (file)
index 0000000..1920844
--- /dev/null
+++ b/df/a7105427285169d38f280949987b21e10b6703
@@ -0,0 +1,142 @@
+Return-Path: <public@simonhirscher.de>\r
+X-Original-To: notmuch@notmuchmail.org\r
+Delivered-To: notmuch@notmuchmail.org\r
+Received: from localhost (localhost [127.0.0.1])\r
+       by olra.theworths.org (Postfix) with ESMTP id 3EEE7431FBC\r
+       for <notmuch@notmuchmail.org>; Mon, 23 Sep 2013 16:24:16 -0700 (PDT)\r
+X-Virus-Scanned: Debian amavisd-new at olra.theworths.org\r
+X-Spam-Flag: NO\r
+X-Spam-Score: 0.363\r
+X-Spam-Level: \r
+X-Spam-Status: No, score=0.363 tagged_above=-999 required=5\r
+       tests=[RDNS_DYNAMIC=0.363] autolearn=disabled\r
+Received: from olra.theworths.org ([127.0.0.1])\r
+       by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024)\r
+       with ESMTP id a5Bs8cbVvl2z for <notmuch@notmuchmail.org>;\r
+       Mon, 23 Sep 2013 16:24:11 -0700 (PDT)\r
+Received: from cloudia.org (lvps176-28-19-116.dedicated.hosteurope.de\r
+       [176.28.19.116])\r
+       (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))\r
+       (No client certificate requested)\r
+       by olra.theworths.org (Postfix) with ESMTPS id 60925431FB6\r
+       for <notmuch@notmuchmail.org>; Mon, 23 Sep 2013 16:24:11 -0700 (PDT)\r
+X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;\r
+       d=1e100.net; s=20130820;\r
+       h=mime-version:in-reply-to:references:from:date:message-id:subject:to\r
+       :content-type:content-transfer-encoding;\r
+       bh=z1RLu2Zm1FYnMMxstEwHh3BXS/9pKG/AmeZn6G9+1W8=;\r
+       b=eySy24lJM+YlprFzB1oJkmDtyXAl8f5a8Bbw1X+/lFzOvT5/SJP+IZwQFuE+gagpR/\r
+       mf1puluJQFs7qpV10LOM0O5UEeidlYo0ozRkQrjri4ZwB56+UIiIIhHOh5SiF+1zM5QW\r
+       5GvqpuXL2YWCvnv/yJfi6XcwbgpCoFD+gEznlYfZyFmZLcxWOaln54ahqaly1g1IJ7ry\r
+       t+SeTVVgBgDX6fP0oI8R/ho+VtseOVE4Vegm4xbqUjB5/KWeNoZkHvovwZK9cTjCLkN5\r
+       /A6RixmpzCBuPYc2hEN9BrLW611NtGed6zYojVkF+R7gbhYaQ/PSdcwW+8qAA48vYsDa\r
+       uCag==\r
+X-Received: by 10.112.51.166 with SMTP id l6mr21852036lbo.5.1379978642770;\r
+       Mon, 23 Sep 2013 16:24:02 -0700 (PDT)\r
+MIME-Version: 1.0\r
+In-Reply-To: <52289D36.2060006@fifthhorseman.net>\r
+References:\r
+ <CAEj42wtt9O1-k9hm9DNCh7En=b-eDYQWham5-FR-wzrt+sij+g@mail.gmail.com>\r
+       <52289D36.2060006@fifthhorseman.net>\r
+From: Simon Hirscher <public@simonhirscher.de>\r
+Date: Tue, 24 Sep 2013 01:23:32 +0200\r
+Message-ID:\r
+ <CAEj42wuNziY65Q=9cS7kJquNrmrsd91gp34b4=4xrsoBcYfZnQ@mail.gmail.com>\r
+Subject: Re: [BUG] Decryption fails if message was signed with an unknown key\r
+To: notmuch <notmuch@notmuchmail.org>\r
+Content-Type: text/plain; charset=UTF-8\r
+Content-Transfer-Encoding: quoted-printable\r
+X-Mailman-Approved-At: Tue, 24 Sep 2013 03:47:39 -0700\r
+X-BeenThere: notmuch@notmuchmail.org\r
+X-Mailman-Version: 2.1.13\r
+Precedence: list\r
+List-Id: "Use and development of the notmuch mail system."\r
+       <notmuch.notmuchmail.org>\r
+List-Unsubscribe: <http://notmuchmail.org/mailman/options/notmuch>,\r
+       <mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>\r
+List-Archive: <http://notmuchmail.org/pipermail/notmuch>\r
+List-Post: <mailto:notmuch@notmuchmail.org>\r
+List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>\r
+List-Subscribe: <http://notmuchmail.org/mailman/listinfo/notmuch>,\r
+       <mailto:notmuch-request@notmuchmail.org?subject=subscribe>\r
+X-List-Received-Date: Mon, 23 Sep 2013 23:24:16 -0000\r
+\r
+Hi Daniel,\r
+\r
+First of all, sorry for the delay =E2=80=93 I had locked myself out from\r
+everything digital to study for my exams.\r
+\r
+On Thu, Sep 5, 2013 at 5:03 PM, Daniel Kahn Gillmor\r
+<dkg@fifthhorseman.net> wrote:\r
+> I just tried to replicate this, and i do not see this misbehavior.  I'm\r
+> using notmuch 0.16-1 on a debian testing/unstable system.\r
+\r
+I'm using notmuch 0.15.2 on Ubuntu 12.04. Maybe the bug got fixed\r
+somehow in the meantime? If you really can't reproduce the bug (see\r
+below) I will build the newest version from source (as well as send\r
+you the output of notmuch show --format=3Draw id:xyz@example.com |\r
+devel/printmimestructure).\r
+\r
+>  A) how does it know that there was a signature if the message was\r
+> encrypted?  normal PGP/MIME messages contain a single OpenPGP chunk that\r
+> contains signatures wrapped inside the encryption, so that an observer\r
+> can't tell whether there is a signature or not (or who made the signature=\r
+)\r
+\r
+That's a good question. I suppose that although GnuPG successfully\r
+decrypts the message, notmuch somehow discards the decrypted content\r
+because the signature verification failed. As I said: GnuPG is\r
+perfectly able to decrypt the message if I do it manually.\r
+\r
+>  B) the date of the message is the unix epoch date (1970-01-01), and the\r
+> date of the signature appears to be the unix epoch date as well.  this\r
+> seems suspicious and likely to be false.  how are these messages being\r
+> generated?\r
+\r
+I'm sorry, that was just me being ultra paranoid. :)\r
+\r
+>  C) you appear to be using gnupg 2.0.17.  the latest version of the\r
+> 2.0.x line of gpg is 2.0.21.  maybe you can upgrade your gpg\r
+> installation and try again?\r
+\r
+>  D) you have the mingw32 version of gpg.  Does this mean you're running\r
+> notmuch on windows?\r
+\r
+No, as far as I can see this was the sender's GPG version. I'm using\r
+GnuPG 1.4.11 on Ubuntu.\r
+\r
+>  E) i'd be curious to see what printmimestructure looks like on the\r
+> message in question.  if you've got a decent shell and the notmuch\r
+> source code, you should be able to do:\r
+>\r
+> [=E2=80=A6]\r
+>\r
+> if you can clarify any of the above, i'd appreciate it.\r
+>\r
+> Also, if you can, you're welcome to send a signed/encrypted message\r
+> using the same framework that generated the problematic message directly\r
+> to me (my OpenPGP fingerprint is\r
+> 0EE5BE979282D80B9F7540F1CCD2ED94D21739E9), and i'd be happy to take a\r
+> look at it.\r
+\r
+Well, so far the problematic messages have always come from my\r
+contacts, i.e. I didn't generate them myself. But I just tried out the\r
+following in order to reproduce the bug: I created a fresh dummy key\r
+pair, sent a signed and encrypted email (via Emacs'\r
+mml-secure-message-sign-encrypt) in the dummy's name to my regular\r
+email address and checked whether I could open that email. Of course I\r
+could =E2=80=93 because I had both, the recipient's private key (for\r
+decryption) and the sender's public key (for signature verification).\r
+Then I removed the dummy key pair from my key ring =E2=80=93 and voil=C3=A0=\r
+:\r
+notmuch failed at decrypting the message (or at least told me there\r
+was a decryption error, as described in my previous mail).\r
+\r
+Now, in order for you to test that behavior I'm going to send you a\r
+signed and encrypted message because that should exactly reproduce the\r
+bug, as long as you don't import my key (id EBACABE5 /\r
+http://simonhirscher.de/public_key.asc) for signature verification.\r
+\r
+Best,\r
+\r
+Simon\r