|

»

strange behavior/maybe a critical bug?

View: New views

3 Messages — Rating Filter: Alert me

	strange behavior/maybe a critical bug? by wittau :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hello everyone, I´m not a developer but I encountered a strange behavior regarding gpg encrypted messages. Maybe I discovered a critical bug, maybe I´m absolutely wrong. I try to be as precise as possible. The situation was an Enigmail installation at a USB-Stick for Windows, with encrypted mails. We tried to find a possibility for decrypting some .pdf files at MacOS 9 from this USB-Stick. So we searched about the right mails in the text-files, and copied the encrypted code to a text file. At BBEdit I added the lines "----- begin pgp message -----" and "------ end pgpg message -----" to the encrypted text. Than I installed PGP 6.0 at my Mac G3 and imported the private key. After importing, I went to PGP-Tools and "decrypt/veryfy" and selected the textfile for decryption. PGP 6 produces an error and tells me: "the file "xy" could not be decrypted/verified because an error occured: ascii armor input incomplete." BUT - PGP produces an file at my desktop! After renaming this file "xy" to "xy.pdf" I can read the pdf without any password! That behavior is reproduceable! It´s possible to read every encrypted attachements from enigmail without the need of an password, ... Any ideas? _______________________________________________ Gnupg-devel mailing list Gnupg-devel@... http://lists.gnupg.org/mailman/listinfo/gnupg-devel
	Re: strange behavior/maybe a critical bug? by John Clizbe-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message wittau@... wrote: > > That behavior is reproduceable! > It´s possible to read every encrypted attachements from enigmail without > the need of an password, ... > > Any ideas? Yep. I'd bet your "Encrypted attachments" are nothing more than attachments. Check the MIME headers in the original message. Individual files are attached unencrypted. If the sender wants them encrypted, PGP/MIME must be used to encrypt the _entire_ email as one unit. Rather than PGP 6.0 on the Mac, why didn't you install a recent GnuPG version? Checkout the MacGPG project. -- John P. Clizbe Inet:John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net or mailto:pgp-public-keys@...?subject=HELP Q:"Just how do the residents of Haiku, Hawai'i hold conversations?" A:"An odd melody / island voices on the winds / surplus of vowels" _______________________________________________ Gnupg-devel mailing list Gnupg-devel@... http://lists.gnupg.org/mailman/listinfo/gnupg-devel signature.asc (693 bytes) Download Attachment
	Re: strange behavior/maybe a critical bug? by Robert J. Hansen-3 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message wittau@... wrote: > It´s possible to read every encrypted attachements from enigmail without > the need of an password, ... Let's not jump to conclusions. If what you say is true, then there is a critical bug in Enigmail. That said, I think a little more investigation is necessary before we start a panic. A discussion about this has been started on the Enigmail users list; let's take the discussion there. _______________________________________________ Gnupg-devel mailing list Gnupg-devel@... http://lists.gnupg.org/mailman/listinfo/gnupg-devel