Pages: 1
RSS
OpenPGP; Decrypting Signed Message, without Sender's Public Key
 
When I receive an encrypted AND signed message from an unknown sender I should be able to decrypt the message  even if I don't know the sender's public key. I will not be able to verify the sender's signature without his public key, but I should be able to encrypt his message.

Now when I receive such an email, The Bat! always tries to do both. There is nothing wrong with trying both, but when it fails to verify the signature - simply because the sender's public key is not available - it also does not display the encrypted message.

Is there any way to tell The Bat! to ONLY decrypt the message while ignoring the signature, just like it is possible to encrypt a message without signing it?
 
Hmm... What do others The Bat users do when they receive an email from an unknown sender which is both signed and encrypted? Maybe I'm the only one with the problem I described above?
 
I've never had this problem happen to me. I'll send you my public key via private mail, so we can try.
__________________________________
I'm just a user of The Bat! I don't work for Ritlabs.
 
Thanks, I just sent a reply.
 
Are you using S/MIME internal implementation or Microsoft CryptoAPI in The Bat!

What kind of e-mail client software does your correspondent use?
 
Quote
Are you using S/MIME internal implementation or Microsoft CryptoAPI in The Bat!

Sorry but how do I find out if I'm using S/MIME or Microsoft CryptoAPI?

Quote
What kind of e-mail client software does your correspondent use?

I'm using Mozilla Thunderbird on a second computer where I created a new PGP key pair for testing purposes. I signed and encrypted a message with Thunderbird and sent it to my primary email address. I received the message with The Bat, opened it and clicked on the icon with the open envelope and the golden padlock. Now I entered my pass phrase and The Bat displayed a window with "OpenPGP Error" in its title and the following error log:

Quote
gpg: encrypted with ELG-E key, ID 9FBB4DED
gpg: encrypted with 2048-bit ELG-E key, ID 7FA260DB, created 2007-07-19
     "name <primary@address>"
gpg: Signature made 08/06/07 19:47:30 using DSA key ID FF52181A
gpg: Can't check signature: public key not found

Now I removed my public key from the computer running Thunderbird. On the The Bat computer I signed and encrypted a new email with The Bat and sent it to the Thunderbird address. Thunderbird couldn't verify the signature either but it decrypted the message. It even displayed a message saying something like "message decrypted, signature NOT verified".
 
Maxim asked about SMIME (Options | SMIME), but as I see, You are trying PGP.

Problem with OpenPGP (Tools | OpenPGP | Choose OpenPGP version) can be in version You are trying. In The Bat!, You must select what OpenPGP You want to use, if internal but old implementation based on PGP 2.6.3 or external PGP, which is installed on HDD, or external GnuPG, which is installed on HDD.

As I think, Thunderbird uses Enigmail, which is based on GnuPG, so in The Bat!, You must select GnuPG too.

I didn't tested it, so tell us if it works for You.
 
Happytulip is using GnuPG v1.4.7, so the problem isn't a conflict with GPG. When he sends me a signed message that's encrypted to my PGP key, TB has problems verifying the signature, but it decrypts the message just fine.
I'm using PGP 8.1, so I think the problem is either with GPG or with the interface between TB and GPG or maybe a settings issue, but without an installed version of GPG I can't comment on the third option.
__________________________________
I'm just a user of The Bat! I don't work for Ritlabs.
 
Quote
As I think, Thunderbird uses Enigmail, which is based on GnuPG, so in The Bat!, You must select GnuPG too.

Yes, I did it exactly as you said.



I just installed Thunderbird on my main computer so I could open the same email on the same computer (and thus the same GnuPG configuration) to make sure it's not a problem related to my GnuPG installation. I then signed and encrypted a message on my second computer and sent it to the first computer, where I opened the message with The Bat and Thunderbird:

http://saved.im/njy0mtrvmtg/thebat1.png

Then I tried to decrypt the message:

http://saved.im/njy0mnq2b2i/thebat2.png

... with this result:

http://saved.im/njy0m3f3z2c/thebat3.png

Thunderbird decrypted the message ("test2") but displayed a small notice about the "unverified signature" while The Bat left the message undecrypted and complained about the missing public key.
 
This problem does still exist with TB 3.99.24. If there is anything I can do to assist Ritlabs in solving this problem, please let me know.  
 
Today I experienced the opposite problem. I created a message and checked the "sign when completed" and "encrypt when completed" option. The message was encrypted to both my own and the recipients public key.

When I later tried to decrypt the message, The Bat! displayed the OpenPGP Signature dialog and the PGP status window and said all was fine, yet the message area was completely empty. I tried "decrypt AND SAVE" instead of "decrypt" only and the decrypted message showed up.

Not as bad as the other problem since there's an easy workaround to this one but still worth mentioning (and fixing :))
 
Steps:
1. Install on both computers GnuPG
2. Create on both computers keypairs
3. Send to other computers public keys and import this keys to GnuPG keyring
4. TB configuration:
a) SetUP GnuPG
- Tools > OpenPGP > OpenPGP Version
choose GNU Privacy Guard, when this option is not available you must edit windows registry:
HKEY_LOCAL_MACHINE\SOFTWARE\GNU\GnuPG
gpgProgram - set gpg.exe path up
HomeDir - set home directory path
OptFile - set options file gpg.conf path
b) SetUP GnuPG encyption
- Tools > OpenPGP > OpenPGP Preferencess
in GENERAL check always encrypt to default key
in FILES set all directories
c) try to create new message and only sign this message
5. Create new message in Tbird. Sign this message and encrypt. Send to The Bat
6. In TB try to verify received message
 
Thanks for your reply.

Receiving and decrypting messages with the sender's public key present works and always has been. The problem I described at 10/24/2007 04:38:58 is limited to emails created, signed and encrypted by myself. I'm starting to think TB sometimes has a problem with decrypting signed messages which are encrypted to an email address not present in the email's headers. On the other hand, as I wrote before, decrypting via "Decrypt and save" instead of just "Decrypt" works fine so this is probably really just a problem with the implementation and having "Decrypt and save" as a workaround is not too  painful.

Not being able to decrypt signed messages just because I don't have the sender's public key causes bigger problems to me.  
 
Here's another The Bat! bug regarding GnuPG encrypted emails.

If I encrypt an email to someone else and myself (default address), I should always be able to decrypt it.

If my (pre-encryption) email body is "test:test", The Bat! will NOT show the decrypted messages (just blank space where the message body would be).

However, if the email body is "test-test", decryption and displaying the decrypted body works fine.

I reproduced this behavior several times how and there seems to be some kind of problem whenever colons appear early in (unencrypted) mail bodies.

Just like in the problems I decribed above, the "Decrypt AND SAVE" workaround solves the problem temporarily.

Needless to say, all emails could be decrypted with two different GPG GUIs (WinPT, GPA) and Mozilla Thunderbird without any problems.  
 
Quote
happytulip wrote:
This problem does still exist with TB 3.99.24. If there is anything I can do to assist Ritlabs in solving this problem, please let me know.
The issue still exists in TB! Version 7.4.16.14 (BETA) (64-bit). I reported it on the bug tracker at https://bt.ritlabs.com/view.php?id=1239.
Pages: 1