* broken: #secure method=pgp mode=signencrypt @ 2003-07-08 21:51 Matthias Andree 2003-07-09 6:06 ` Simon Josefsson 0 siblings, 1 reply; 14+ messages in thread From: Matthias Andree @ 2003-07-08 21:51 UTC (permalink / raw) Hi, apparently, these modes are broken: #secure method=pgp mode=signencrypt #secure method=pgp mode=encrypt this works for me: #secure method=pgpmime mode=signencrypt A method=pgp mode=encrypt emits base64 junk after decrypting. A method=pgp mode=signencrypt emits this fine dung after decrypting (screenshot from mutt, Gnus doesn't do any better). Does Gnus run gnupg twice or something? Once to clearsign, then to encrypt? ^M =2D----BEGIN PGP SIGNED MESSAGE-----^M ^M =E4=F6=FC=DF=C4=D6=DC=A7^M ^M =2D --=20^M Matthias Andree^M =2D----BEGIN PGP SIGNATURE-----^M Version: GnuPG v1.2.2 (GNU/Linux)^M ^M iQCVAwUBPws7fSdEoB0mv1ypAQE4bwP8DVOReiE65r4pQauyt8ipYEeQrrnP1tZN^M ua63HxthCOudN31hZxu8VaF8++kY6Rk26WK0WvDXmSLVi4eEVBHBM6Gk1pKkmf7i^M nQTY3kjUzui7/aXEXld+hGY8TI6Hwk3OUHj8kngMkURzYtLaNMfse/hvY67kbQ5W^M m5qHOYTh+30=3D^M =3DEj5W^M =2D----END PGP SIGNATURE-----^M -- Matthias Andree ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: broken: #secure method=pgp mode=signencrypt 2003-07-08 21:51 broken: #secure method=pgp mode=signencrypt Matthias Andree @ 2003-07-09 6:06 ` Simon Josefsson 2003-07-09 10:29 ` Matthias Andree 2003-07-10 2:39 ` Jan Rychter 0 siblings, 2 replies; 14+ messages in thread From: Simon Josefsson @ 2003-07-09 6:06 UTC (permalink / raw) Cc: ding Matthias Andree <ma@dt.e-technik.uni-dortmund.de> writes: > Hi, > > apparently, these modes are broken: > > #secure method=pgp mode=signencrypt > #secure method=pgp mode=encrypt > > this works for me: > > #secure method=pgpmime mode=signencrypt > > > A method=pgp mode=encrypt emits base64 junk after decrypting. > > A method=pgp mode=signencrypt emits this fine dung after decrypting > (screenshot from mutt, Gnus doesn't do any better). > > Does Gnus run gnupg twice or something? Once to clearsign, then to > encrypt? Yup. See the Message manual on Security. You want: (setq mml-signencrypt-style-alist '(("smime" combined) ("pgp" combined) ("pgpmime" combined))) I think Gnus should default to this, or even better, figure out when it doesn't work and revert back to the combined mode. ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: broken: #secure method=pgp mode=signencrypt 2003-07-09 6:06 ` Simon Josefsson @ 2003-07-09 10:29 ` Matthias Andree 2003-07-09 15:39 ` Florian Weimer 2003-07-09 17:05 ` Simon Josefsson 2003-07-10 2:39 ` Jan Rychter 1 sibling, 2 replies; 14+ messages in thread From: Matthias Andree @ 2003-07-09 10:29 UTC (permalink / raw) On Wed, 09 Jul 2003, Simon Josefsson wrote: > > Does Gnus run gnupg twice or something? Once to clearsign, then to > > encrypt? > > Yup. See the Message manual on Security. You want: > > (setq mml-signencrypt-style-alist '(("smime" combined) > ("pgp" combined) > ("pgpmime" combined))) > > I think Gnus should default to this, or even better, figure out when > it doesn't work and revert back to the combined mode. This convolution is an astonishment, and as such, violates the POLA. :-> What I particularly take offense at is this allegation: Will cause Gnus to sign and encrypt in one pass, thus generating a single signed and encrypted part. Note that combined sign and encrypt does not work with all supported OpenPGP implementations (in particular, PGP version 2 do not support this). I have just verified this with mutt and pgp-2.6.3i, and pgp on the command line, it just works. It has always worked as long as I can remember. (Plus, PGP-2 certainly doesn't claim OpenPGP conformance, it's too old to.) The other issue (might be a feature request or yet another question for help with the configuration) is that Gnus doesn't show me the boundaries of the encrypted part of such a mail unless I press W s, and if I do, it still doesn't tell me the part was signed, I only get to know it was encrypted. Strange? -- Matthias Andree ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: broken: #secure method=pgp mode=signencrypt 2003-07-09 10:29 ` Matthias Andree @ 2003-07-09 15:39 ` Florian Weimer 2003-07-09 16:06 ` Matthias Andree 2003-07-09 17:05 ` Simon Josefsson 1 sibling, 1 reply; 14+ messages in thread From: Florian Weimer @ 2003-07-09 15:39 UTC (permalink / raw) Matthias Andree <matthias.andree@gmx.de> writes: > What I particularly take offense at is this allegation: > > Will cause Gnus to sign and encrypt in one pass, thus generating a > single signed and encrypted part. Note that combined sign and encrypt > does not work with all supported OpenPGP implementations (in > particular, PGP version 2 do not support this). > > I have just verified this with mutt and pgp-2.6.3i, and pgp on the > command line, it just works. It has always worked as long as I can > remember. (Plus, PGP-2 certainly doesn't claim OpenPGP conformance, it's > too old to.) The problem is that GnuPG cannot encrypt + sign in one pass in a way that yields a message that can be processed by PGP 2.6.x (even after patching the necessary algorithms into PGP or GnuPG). This problem does not arise if you sign and encrypt separately. ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: broken: #secure method=pgp mode=signencrypt 2003-07-09 15:39 ` Florian Weimer @ 2003-07-09 16:06 ` Matthias Andree 2003-07-09 16:59 ` Simon Josefsson 0 siblings, 1 reply; 14+ messages in thread From: Matthias Andree @ 2003-07-09 16:06 UTC (permalink / raw) Florian Weimer <fw@deneb.enyo.de> writes: > The problem is that GnuPG cannot encrypt + sign in one pass in a way > that yields a message that can be processed by PGP 2.6.x (even after > patching the necessary algorithms into PGP or GnuPG). This problem > does not arise if you sign and encrypt separately. Creating messages that even Gnus itself cannot read back properly is certainly not a solution to this lack, and the "garbage in encrypt without sign" issue has been lost in the course of this thread. -- Matthias Andree ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: broken: #secure method=pgp mode=signencrypt 2003-07-09 16:06 ` Matthias Andree @ 2003-07-09 16:59 ` Simon Josefsson 0 siblings, 0 replies; 14+ messages in thread From: Simon Josefsson @ 2003-07-09 16:59 UTC (permalink / raw) Cc: ding Matthias Andree <ma@dt.e-technik.uni-dortmund.de> writes: > Florian Weimer <fw@deneb.enyo.de> writes: > >> The problem is that GnuPG cannot encrypt + sign in one pass in a way >> that yields a message that can be processed by PGP 2.6.x (even after >> patching the necessary algorithms into PGP or GnuPG). This problem >> does not arise if you sign and encrypt separately. > > Creating messages that even Gnus itself cannot read back properly is > certainly not a solution to this lack, and the "garbage in encrypt > without sign" issue has been lost in the course of this thread. The problem, FWIW, is that mm-uu decoded data is not recursively feed to mm-uu again. So the PGP encrypted data that mm-uu decrypts is displayed instead of being checked for a correct signature, which mm-uu can do too. (Although the PGP blob regexp in mm-uu probably should be changed from ^-----BEGIN to ^\(=2D\|-\)----BEGIN to cater for the header escaping that Gnus perform for other purposes.) ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: broken: #secure method=pgp mode=signencrypt 2003-07-09 10:29 ` Matthias Andree 2003-07-09 15:39 ` Florian Weimer @ 2003-07-09 17:05 ` Simon Josefsson 2003-07-10 0:34 ` Matthias Andree 1 sibling, 1 reply; 14+ messages in thread From: Simon Josefsson @ 2003-07-09 17:05 UTC (permalink / raw) Matthias Andree <matthias.andree@gmx.de> writes: > The other issue (might be a feature request or yet another question for > help with the configuration) is that Gnus doesn't show me the boundaries > of the encrypted part of such a mail unless I press W s, and if I do, it > still doesn't tell me the part was signed, I only get to know it was > encrypted. Strange? Probably not; Gnus doesn't know that a PGP message blob is signed or not, it just assume it is (only) encrypted. Parsing the output from GnuPG and looking for GOODSIG and similar text could work (although one should be careful not to use data from the message itself), but perhaps the proper solution is to write a simple OpenPGP message decoder, like Gnus do to distinguish between signed, encrypted or enveloped PKCS#7 aka CMS aka S/MIME messages. ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: broken: #secure method=pgp mode=signencrypt 2003-07-09 17:05 ` Simon Josefsson @ 2003-07-10 0:34 ` Matthias Andree 0 siblings, 0 replies; 14+ messages in thread From: Matthias Andree @ 2003-07-10 0:34 UTC (permalink / raw) Simon Josefsson <jas@extundo.com> writes: > Probably not; Gnus doesn't know that a PGP message blob is signed or > not, it just assume it is (only) encrypted. Parsing the output from > GnuPG and looking for GOODSIG and similar text could work (although > one should be careful not to use data from the message itself), but > perhaps the proper solution is to write a simple OpenPGP message > decoder, like Gnus do to distinguish between signed, encrypted or > enveloped PKCS#7 aka CMS aka S/MIME messages. I wonder if Gnus is the only software that needs to go these lenghts, or if gpgme could somehow be married to Gnus. -- Matthias Andree ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: broken: #secure method=pgp mode=signencrypt 2003-07-09 6:06 ` Simon Josefsson 2003-07-09 10:29 ` Matthias Andree @ 2003-07-10 2:39 ` Jan Rychter 2003-07-10 4:16 ` Simon Josefsson 1 sibling, 1 reply; 14+ messages in thread From: Jan Rychter @ 2003-07-10 2:39 UTC (permalink / raw) Cc: ding [-- Attachment #1: Type: text/plain, Size: 1062 bytes --] Simon Josefsson: > Matthias Andree <ma@dt.e-technik.uni-dortmund.de> writes: > > Hi, > > > > apparently, these modes are broken: > > > > #secure method=pgp mode=signencrypt > > #secure method=pgp mode=encrypt > > > > this works for me: > > > > #secure method=pgpmime mode=signencrypt > > > > > > A method=pgp mode=encrypt emits base64 junk after decrypting. > > > > A method=pgp mode=signencrypt emits this fine dung after decrypting > > (screenshot from mutt, Gnus doesn't do any better). > > > > Does Gnus run gnupg twice or something? Once to clearsign, then to > > encrypt? > > Yup. See the Message manual on Security. You want: > > (setq mml-signencrypt-style-alist '(("smime" combined) > ("pgp" combined) > ("pgpmime" combined))) > > I think Gnus should default to this, or even better, figure out when > it doesn't work and revert back to the combined mode. I got bitten by the same thing. IMHO it should default to this. --J. [-- Attachment #2: Type: application/pgp-signature, Size: 188 bytes --] ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: broken: #secure method=pgp mode=signencrypt 2003-07-10 2:39 ` Jan Rychter @ 2003-07-10 4:16 ` Simon Josefsson 2003-07-10 13:14 ` how to signencrypt with gpg for pgp2 (was: broken: #secure method=pgp mode=signencrypt) Matthias Andree 0 siblings, 1 reply; 14+ messages in thread From: Simon Josefsson @ 2003-07-10 4:16 UTC (permalink / raw) Cc: Matthias Andree, ding Jan Rychter <jan@rychter.com> writes: >> Yup. See the Message manual on Security. You want: >> >> (setq mml-signencrypt-style-alist '(("smime" combined) >> ("pgp" combined) >> ("pgpmime" combined))) >> >> I think Gnus should default to this, or even better, figure out when >> it doesn't work and revert back to the combined mode. > > I got bitten by the same thing. IMHO it should default to this. Florian explained that the compatibility problem wasn't at the sender, but rather at the receiver, so I changed my opinion and now think that we shouldn't use combined mode by default since it isn't interoperable. We should make the "separate" mode work correctly though. This is somewhat unfortunate though. An alternative would be to state that we cannot talk to PGP 2.x properly. Hm. OTOH, since we are encrypting the message, we know who the receivers are. Can't we look at the receivers OpenPGP keys to see if any of them suggest that a broken applications is used? Florian? ^ permalink raw reply [flat|nested] 14+ messages in thread
* how to signencrypt with gpg for pgp2 (was: broken: #secure method=pgp mode=signencrypt) 2003-07-10 4:16 ` Simon Josefsson @ 2003-07-10 13:14 ` Matthias Andree 2003-07-10 13:19 ` Florian Weimer 2003-07-10 15:14 ` Simon Josefsson 0 siblings, 2 replies; 14+ messages in thread From: Matthias Andree @ 2003-07-10 13:14 UTC (permalink / raw) Simon Josefsson <jas@extundo.com> writes: > Florian explained that the compatibility problem wasn't at the sender, > but rather at the receiver, so I changed my opinion and now think that > we shouldn't use combined mode by default since it isn't > interoperable. Maybe I can make you change your mind yet again. > We should make the "separate" mode work correctly though. This is > somewhat unfortunate though. An alternative would be to state that we > cannot talk to PGP 2.x properly. "Replacing PGP 2.x with GnuPG" by Kyle Hasselbacher et al, <URL:http://www.gnupg.org/gph/en/pgp2x.html>, comes to our rescue: it documents a workaround (with minor errors in the first of the four stages). It's not trivial, but works. I've cast this workaround into a sh script, and I've successfully "signencrypt"ed a mail with GnuPG 1.2.2 that I can decode with pgp 2.6.3in without difficulties. Script and screenshots below. Here's the unpolished script, you may test it but please don't include it with Gnus or distribute otherwise. If we want to use such a wrapper script in Gnus (rather than have someone - not me, I don't speak Elisp - reimplement it in pgg.el), I can polish and document it, add getopt parsing for the keys and put it under the GPL. When testing, adjust the localkey (signing key) and remotekey (recipient's key), and send yourself an email. :-) --cut-here------------------------------------------------------------------ #! /bin/sh # (C) Copyright 2003, Matthias Andree. All rights reserved. localkey=0x26bf5ca9 remotekey=0x26bf5ca9 input=${1:=test} tmppfx=gs2p2.$$. armor=--armor trap "rm -f \"${tmppfx}\"* ; exit 1" 0 1 2 3 15 set -e gpg --detach-sign --local-user "$localkey" --output "${tmppfx}sig" "$input" gpg --store -z 0 --output "${tmppfx}lit" "$input" cat "${tmppfx}sig" "${tmppfx}lit" \ | gpg --no-options --no-literal --store --compress-algo 1 --output "${tmppfx}z" gpg --rfc1991 --cipher-algo idea --no-literal --encrypt \ --recipient "$remotekey" --output `basename "$input"`.asc "${tmppfx}z" rm -f "${tmppfx}"* trap 0 1 2 3 15 exit 0 --cut-here------------------------------------------------------------------ Here are the screenshots: signencrypt stage, GnuPG 1.2.2 + above script at work: |$ gpg-signencrypt-to-pgp2.sh test | |You need a passphrase to unlock the secret key for |user: "Matthias Andree <matthias.andree@gmx.de>" |1024-bit RSA key, ID 26BF5CA9, created 1996-01-18 | |gpg: NOTE: --no-literal is not for normal use! |gpg: NOTE: --no-literal is not for normal use! |gpg: 0x26bf5ca9: skipped: public key already present |File `test.asc' exists. Overwrite (y/N)? y |gpg: forcing symmetric cipher IDEA (1) violates recipient preferences |gpg: this cipher algorithm is deprecated; please use a more standard one! decrypt/verify stage, PGP 2.6.3in: |$ pgp test.asc |Pretty Good Privacy(tm) 2.6.3in - Public-key encryption for the masses. |(c) 1990-96 Philip Zimmermann, Phil's Pretty Good Software. 2000-10-07 |International version - not for use in the USA. Does not use RSAREF. |Current time: 2003/07/10 13:01 GMT | |File is encrypted. Secret key is required to read it. |Key for user ID: Matthias Andree <matthias.andree@gmx.de> |1024-bit key, key ID 26BF5CA9, created 1996/01/18 [...] | |You need a pass phrase to unlock your RSA secret key. |Enter pass phrase: Pass phrase is good. Just a moment...... |File has signature. Public key is required to check signature. |. |Good signature from user "Matthias Andree <matthias.andree@gmx.de>". |Signature made 2003/07/10 13:01 GMT using 1024-bit key, key ID 26BF5CA9 | |Plaintext filename: test |Output file 'test' already exists. Overwrite (y/N)? y Bonus: |$ cat test |testäöüß -- Matthias Andree ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: how to signencrypt with gpg for pgp2 (was: broken: #secure method=pgp mode=signencrypt) 2003-07-10 13:14 ` how to signencrypt with gpg for pgp2 (was: broken: #secure method=pgp mode=signencrypt) Matthias Andree @ 2003-07-10 13:19 ` Florian Weimer 2003-07-11 9:40 ` how to signencrypt with gpg for pgp2 Matthias Andree 2003-07-10 15:14 ` Simon Josefsson 1 sibling, 1 reply; 14+ messages in thread From: Florian Weimer @ 2003-07-10 13:19 UTC (permalink / raw) Cc: ding On Thu, Jul 10, 2003 at 03:14:59PM +0200, Matthias Andree wrote: > "Replacing PGP 2.x with GnuPG" by Kyle Hasselbacher et al, > <URL:http://www.gnupg.org/gph/en/pgp2x.html>, comes to our rescue: > it documents a workaround (with minor errors in the first of the four > stages). It's not trivial, but works. <http://muppet.faveve.uni-stuttgart.de/~gero/gpg-2comp/> gpg.el can be trivially reconfigured to use this script, and it once worked. ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: how to signencrypt with gpg for pgp2 2003-07-10 13:19 ` Florian Weimer @ 2003-07-11 9:40 ` Matthias Andree 0 siblings, 0 replies; 14+ messages in thread From: Matthias Andree @ 2003-07-11 9:40 UTC (permalink / raw) Florian Weimer <fw@deneb.enyo.de> writes: >> "Replacing PGP 2.x with GnuPG" by Kyle Hasselbacher et al, >> <URL:http://www.gnupg.org/gph/en/pgp2x.html>, comes to our rescue: >> it documents a workaround (with minor errors in the first of the four >> stages). It's not trivial, but works. > > <http://muppet.faveve.uni-stuttgart.de/~gero/gpg-2comp/> > > gpg.el can be trivially reconfigured to use this script, and it once > worked. It does the same thing. A /bin/sh is ubitquitous though, Perl is not. I wonder why this hasn't been implemented in GnuPG itself. Is --pgp2signencrypt hard to implement if so many people want it? Oh, and the script doesn't like to be used for this purpose: (C)opyright 1999 by Gero Treuner <gero@faveve.uni-stuttgart.de> $Id: gpg-2comp,v 1.3 1999/10/28 15:19:23 gero Exp gero $ Important note: This script is not designed to be called from other places as the Mutt mail user agent, especially not instead of gpg from a shell. -- Matthias Andree ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: how to signencrypt with gpg for pgp2 2003-07-10 13:14 ` how to signencrypt with gpg for pgp2 (was: broken: #secure method=pgp mode=signencrypt) Matthias Andree 2003-07-10 13:19 ` Florian Weimer @ 2003-07-10 15:14 ` Simon Josefsson 1 sibling, 0 replies; 14+ messages in thread From: Simon Josefsson @ 2003-07-10 15:14 UTC (permalink / raw) Cc: ding Matthias Andree <ma@dt.e-technik.uni-dortmund.de> writes: >> We should make the "separate" mode work correctly though. This is >> somewhat unfortunate though. An alternative would be to state that we >> cannot talk to PGP 2.x properly. > > "Replacing PGP 2.x with GnuPG" by Kyle Hasselbacher et al, > <URL:http://www.gnupg.org/gph/en/pgp2x.html>, comes to our rescue: > it documents a workaround (with minor errors in the first of the four > stages). It's not trivial, but works. OK, this convinced me. Apparently pure GnuPG users can't talk to PGP 2.x anyway, so this only affect people that have imported their old PGP 2.x into GnuPG but still want to talk to PGP 2.x users. It doesn't look like a broad audience, and they are probably competent enough to either configure PGG to use PGP 2.x (which is supported), or customize pgg-gpg-program to "gpg-2comp", or customize mml-signencrypt-style-alist (although the output doesn't look right in Gnus due to the recursive UU decoding problem, but that may be fixed in the future), or add support for the two-pass mode in pgg-gpg.el, or talk their PGP 2.x users into using GnuPG. I have written down some things learned from this thread in the Message manual, in the Security node. The relevant section included below, comments appreciated. Thanks to everyone who provided information. (Of course, if someone disagree with this, I can be convinced otherwise again. :-)) Using PGP/MIME -------------- PGP/MIME requires an external OpenPGP implementation, such as GNU Privacy Guard (http://www.gnupg.org/). Pre-OpenPGP implementations such as PGP 2.x and PGP 5.x are also supported. One Emacs interface to the PGP implementations, PGG (see *note PGG: (pgg)Top.), is included, but Mailcrypt and Florian Weimer's `gpg.el' are also supported. Note, if you are using the `gpg.el' you must make sure that the directory specified by `gpg-temp-directory' have permissions 0700. Creating your own key is described in detail in the documentation of your PGP implementation, so we refer to it. If you have imported your old PGP 2.x key into GnuPG, and want to send signed and encrypted messages to your fellow PGP 2.x users, you'll discover that the receiver cannot understand what you send. One solution is to use PGP 2.x instead (i.e., if you use `pgg', set `pgg-default-scheme' to `pgp'). If you do want to use GnuPG, you can use a compatibility script called `gpg-2comp' available from <http://muppet.faveve.uni-stuttgart.de/~gero/gpg-2comp/>. You could also convince your fellow PGP 2.x users to convert to GnuPG. As a final workaround, you can make the sign and encryption work in two steps; separately sign, then encrypt a message. If you would like to change this behavior you can customize the `mml-signencrypt-style-alist' variable. For example: (setq mml-signencrypt-style-alist '(("smime" separate) ("pgp" separate) ("pgpauto" separate) ("pgpmime" separate))) This causes to sign and encrypt in two passes, thus generating a message that can be understood by PGP version 2. (Refer to <http://www.gnupg.org/gph/en/pgp2x.html> for more information about the problem.) ^ permalink raw reply [flat|nested] 14+ messages in thread
end of thread, other threads:[~2003-07-11 9:40 UTC | newest] Thread overview: 14+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2003-07-08 21:51 broken: #secure method=pgp mode=signencrypt Matthias Andree 2003-07-09 6:06 ` Simon Josefsson 2003-07-09 10:29 ` Matthias Andree 2003-07-09 15:39 ` Florian Weimer 2003-07-09 16:06 ` Matthias Andree 2003-07-09 16:59 ` Simon Josefsson 2003-07-09 17:05 ` Simon Josefsson 2003-07-10 0:34 ` Matthias Andree 2003-07-10 2:39 ` Jan Rychter 2003-07-10 4:16 ` Simon Josefsson 2003-07-10 13:14 ` how to signencrypt with gpg for pgp2 (was: broken: #secure method=pgp mode=signencrypt) Matthias Andree 2003-07-10 13:19 ` Florian Weimer 2003-07-11 9:40 ` how to signencrypt with gpg for pgp2 Matthias Andree 2003-07-10 15:14 ` Simon Josefsson
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).