close
Comments you submit will be routed for moderation. If you have an account, please log in first.
Modify

Opened 11 months ago

Last modified 3 months ago

#427 accepted bug

PGP Problem when sending Mail

Reported by: trekman Owned by:
Priority: normal Milestone: YAM future release
Component: PGP/GPG encryption Version: 2.8
Severity: major Keywords:
Cc: OS Platform: All
Blocked By: Blocking:
Release Notes:

Description

Description:
Tried PGP with YAM on A4000T / OS3.9 / 68060 / YAM2.8p1
After editing a mail and choosing sign/encrypt I receive the message (when trying to send) : Error trying to add the file "RamDisk:T/YAMtxxxx.asc"
The file definetly doesnt exist in ram:t so the encrypted part cannot be sent. The mail is send without it.

On my MorphOS pc it goes to high CPU Usage and freezes.

Attachments (0)

Change History (24)

comment:1 Changed 11 months ago by tboeckel

  • Milestone set to YAM 2.9
  • Status changed from new to accepted

comment:2 Changed 11 months ago by tboeckel

  • Component changed from undefined to PGP/GPG encryption

comment:3 follow-up: Changed 11 months ago by tboeckel

  • Owner set to tboeckel
  • Status changed from accepted to assigned

So far I was able to reproduce a similar issue only once. But in that case it was PGP itself crashing and causing all kinds of trouble. Since then all PGP encrypted mails were created successfully.

Just to be sure that everything is working properly on your side, please create a UTIL debug log using the debug version of the next nightly build and attach the log here. Details about the debug version can be found in the FAQ.

comment:4 follow-up: Changed 11 months ago by trekman

I created a logfile with the "debug" option of YAM2.8p1 and a second one with the yam2.8p1_debug version . wasnt easy cause enforcer is a crappy piece of software.
The attachment function above doesnt work for me so where can I put those files ??

comment:5 in reply to: ↑ 4 Changed 11 months ago by tboeckel

Replying to trekman:

The attachment function above doesnt work for me so where can I put those files ??

Just send them to me privately.

comment:6 in reply to: ↑ 3 ; follow-up: Changed 11 months ago by trekman

I would like to ;-) just need the email-adress. Cannot really find it.

Last edited 11 months ago by trekman (previous) (diff)

comment:7 in reply to: ↑ 6 Changed 11 months ago by tboeckel

Replying to trekman:

I would like to ;-) just need the email-adress. Cannot really find it.

tboeckel@…

comment:8 Changed 11 months ago by tboeckel

(In [7127]) * YAM_UT.c: don't ignore the return code when executing PGP commands. This refs #427.

comment:9 follow-up: Changed 10 months ago by damato

What is the current status of this ticket? Is it still valid or can it be closed now that thore comitted a change two weeks ago related to it?

comment:10 in reply to: ↑ 9 ; follow-up: Changed 10 months ago by tboeckel

Replying to damato:

What is the current status of this ticket? Is it still valid or can it be closed now that thore comitted a change two weeks ago related to it?

I'd say it can be closed, but let's wait for trekman's answer. I had a little private discussion with him and as it seems this bug is not a bug in YAM, but in PGP5. This requires the own key to be trusted by other persons in order to be able to use it for encryption or signature. And even if this hurdle has been taken PGP5 still likes to crash more or less easily, even with a fully correct command line. Thus I'd say better drop PGP5 support and concentrate on PGP 2.6.3 or even better S/MIME as suggested by #130.

comment:11 in reply to: ↑ 10 Changed 10 months ago by trekman

Im still working on it. As Thore said it could be a problem pgp5 related. Give me some time to investigate. I`ll report asap.

comment:12 Changed 10 months ago by trekman

I tried to work with PGP 2.63i and I dropped it because this old version obviously does not support newer keys created with PGP5 or openPGP. So in my opinion its not useable nowadays. I made extensive tests with pgp5 and I can say that it works on my A4000/060 . I can decrypt and encrypt files without problems. (even decrypt openpgp encrypted files). So this should be the way to go :) (considering openpgp or S/MIME is a way too)
When it comes to YAM I could decrypt messages sent to me by a friend. Sometimes it asks the password but does not decrypt. When I try to send encrypted messages (using that pubkey of him (created with openpgp)) the .asc file in ram:t like reported seems not to be created, so that YAM is not able to attach this file and send it. The keys are signed and marked as trusted as Thore suggested.

comment:13 Changed 10 months ago by trekman

Im going to run a few more tests and Ill report the findings.

comment:14 Changed 10 months ago by trekman

ok... I returned to V2.4p1 on my Amiga . This version of YAM works flawlessly with pgp5. The other versions unfortunately did not work satisfying with pgp here. :( sry ... I tried everything I could think of. Im going to test on morphos 3.3 now and will report.

comment:15 Changed 10 months ago by trekman

Morphos tests show that I can encrypt/decrypt and send encrypted mails with pgp5 installed. when I try to sign a mail with YAM, cpu power increases to 100% and the program freezes. So it could have to do with signing messages out of YAM. I can however sign and/or sign and encrypt/decrypt via commandline without problems. Im using V2.8p1 here. Maybe that is the same problem on the amiga which shows me the error message about the missing file in ram. I hope this helps locating the problem. :)

comment:16 Changed 10 months ago by tboeckel

(In [7208]) * YAM_RE.c, mui/ReadMailGroup.c: don't assume that the letter part is directly followed by the PGP signature part, but search for both independently. This refs #427.

comment:17 Changed 10 months ago by tboeckel

I am currently at a point where I am out of ideas why the signature check is crashing the machine (AmigaOS3 inside WinUAE currently).

Before the last changes YAM might have used the wrong mail parts in case the PGP signature part was not the direct successor of the letter part. This could easily happen for "multipart/alternative" mails where the text letter part was followed by an alternative HTML letter part and finally the PGP signature part.

However, the pgpv binary of PGP5 is crashing always now, no matter if run from YAM or manually in shell. The stack size should be large enough. YAM uses 64K while the shell uses 256K. Raising this by factor 10 makes no difference. According to the WinUAE log pgpv is doing some very weird stuff and is accessing invalid memory regions. Thus YAM is out of the scope here and hence innocent.

I didn't do any tests like signing or encrypting mails myself yet.

comment:19 Changed 10 months ago by trekman

I tried pgpv , pgps , pgpe and pgpk on my Amiga in the shell. No crashes on the real machine ... hmmmmm PGP5 seems to run fine itself here. Im running OS3.9 with all available BoingBags. Processor is a 68060/50 2MBchip/70MBfastram A4000T

comment:20 follow-up: Changed 10 months ago by trekman

tried some more things... biggest problem seems to be that pgp5.0i does not support openpgp keys entirely. I could encrypt mail with an openpgp pub key from a friend of mine, but he cannot decrypt the mail. (the mailer he uses says something about the wrong key was used to encrypt) I created some new keys with openpgp and could import them into the keyring of pgp5 but couldnt sign them. pgp5 says : detected wrong ciphers . hmmm ... knowing that S/MIME is based on ssl certifikates in which nsa is involved somehow ;-), maybe openpgp support should be the way to go. At least for morhpos should exist a port of gnupg I think.

comment:21 in reply to: ↑ 20 Changed 10 months ago by damato

Replying to trekman:

tried some more things... biggest problem seems to be that pgp5.0i does not support openpgp keys entirely. I could encrypt mail with an openpgp pub key from a friend of mine, but he cannot decrypt the mail. (the mailer he uses says something about the wrong key was used to encrypt) I created some new keys with openpgp and could import them into the keyring of pgp5 but couldnt sign them. pgp5 says : detected wrong ciphers . hmmm ... knowing that S/MIME is based on ssl certifikates in which nsa is involved somehow ;-), maybe openpgp support should be the way to go. At least for morhpos should exist a port of gnupg I think.

Here are my two cents to the discussion regarding this ticket and current pgp support in yam:

I would of course love to add openpgp support to YAM. However, there is one important problem with that: Nobody has yet ported gnupg to any AmigaOS platform. Even more important, nobody has yet tried or were interested in porting the gpgme library to any AmigaOS platform which would be required for a sensible and reliable OpenPGP support in YAM. As you might know, our resources are very limited and besides YAM, thore and me are maintaining a bunch of other MUI classes to keep YAM running. We are even the maintainers of the MUI port to OS4 so that we can make sure that YAM keeps running in future. Taking this all together we are really lacking more resources to even port GnuPG now to all AmigaOS-platform. So here we are highly relying on the rest of the Amiga-Developer-community. So if nobody will ever port GnuPG to AmigaOS you will never see any support for it in YAM, I am afraid.

However, while I would love to see support of OpenPGP/GnuPG in YAM, I think it is more likely that you will see S/MIME support in some of the upcoming versions of YAM. This is simply, because we have all stuff that is required for S/MIME support already in the OpenSSL Port for AmigaOS (AmiSSL) which YAM uses already to provide SSL support for secure Server connections. All that is required is to update AmiSSL to a newer OpenSSL Version and then we can perfectly integrate S/MIME support in one of the next YAM versions (not 2.9, I am afraid).

And to stop you from speculating that S/MIME might be any less secure than OpenPGP/GnuPG. This is not true as S/MIME is based on OpenSSL which is as open as GnuPG/OpenPGP. The only thing you have to take care to ensure that your keys are safe is that you generate the keys completely on your own and don't rely on a public key generating engine which might come with some NSA backdoors in their root SSL keys/certificates. However, this should be easily possible.

So, to finally conclude this ticket: We know that PGP support is currently suboptimal in YAM and that especially PGP5 support seems to be a problem. However, as long as nobody fulfills the task to port GnuPG/GPGME to AmigaOS you will never see any improvement on that.

comment:22 Changed 10 months ago by trekman

I agree to most of that, but at least some "first steps" have been tried :

see:

http://aminet.net/search?query=gnupg
http://morphware.schwarzes.net/

at the time beeing I give up on YAM to use with mail encryption.
Hope you guys will manage to do the job :) I would really like that !

comment:23 Changed 10 months ago by damato

Thanks for the links. However, as I said, what we would require in addition to binaries of the gnupg command-line programs, is a properly ported version of the gpgme library (see http://www.gnupg.org/related_software/gpgme/). And here I would like to especially point out the fact that we would need a *proper* port and not just such a quick and dirty port like this is unfortunately performed today by so many people in the Amiga community. Just getting a binary running and doing something and pushing it to aminet to see the own name popping up there isn't the way to go. What we would need instead is someone creating a GPG or AmiGPG project, which comes with a source code repository and calling himself a real maintainer of that port and not just getting the sources compiled and fine.

Compiling/Porting stuff is mostly easy, but maintaining it *properly* is what is important!

comment:24 Changed 10 months ago by damato

  • Milestone changed from YAM 2.9 to YAM future release
  • Owner tboeckel deleted
  • Status changed from assigned to accepted

Moving this ticket to "future release" as there is no permanent solution for the 2.9 milestone. It also refs #77 and #130.

comment:25 Changed 3 months ago by damato

  • OS Platform set to All
  • Priority changed from undecided to normal

Add Comment

Modify Ticket

Action
as accepted .
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.

This list contains all users that will be notified about changes made to this ticket.

These roles will be notified: Reporter, Owner, Subscriber

  • Bernd Assenmacher(Reporter, Participant)