Encrypted attachments sent with FlowCrypt cannot be opened on the newest Thunderbird

[seisvelas]

Newer versions of Thunderbird have built in PGP capabilities. Normal encrypted mail works fine, however file attachments are broken.

When opening the file, it says 'null undefined', which looks like this:

And then, when I actually open it:

And it's not just me, I learned about this from this support thread: https://mail.google.com/mail/u/human@flowcrypt.com/#inbox/FMfcgxwKjxHWSvfTzMnjlSkknmltppDt

[tomholub]

Thank you for the report. Is this when sending rich-text (pgp/mime) or an inline pgp message? Can you please export the whole mime message from Thunderbird as text and paste or attach it here?

[seisvelas]

This was without PGP/MIME (I sent it from Chromium, so PGP/MIME was not an option)

Here is the raw message:

Delivered-To: khetyaviles1612@gmail.com
Received: by 2002:a05:6504:134f:0:0:0:0 with SMTP id m15csp9795772ltp;
        Mon, 28 Dec 2020 21:44:19 -0800 (PST)
X-Received: by 2002:a4a:98a3:: with SMTP id a32mr32637412ooj.51.1609220659556;
        Mon, 28 Dec 2020 21:44:19 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1609220659; cv=none;
        d=google.com; s=arc-20160816;
        b=bHAOhNGq+nejXLAVWqj+ef0w8RRM4ROOFilg+RGwsJS6Q6n4YLcQ4AfI7PMGYLI4FE
         bZpYJt1Exgvdd/wXrjIgGZ4oz+9G3itUYLZveZKP2nx5RTpBA+vR/7APotc66Xdn/obJ
         wHJe4zK7GhdopO8CwRDglN6+ihygFqjn1XoO0M7Gdyk1j4IUUbAV1XCSoa8Vg9e73tqH
         kIws4QPQYpG1ofqMCd6czjhCoTisezjDTXQgitN/Ni0Kwegd/S2YH4SZfmZ3F9K/6jkt
         VCQUdFgAkomnsRFEOyLNS/+5KAco9GhR4wplfI7dXZK07AG6fFEqFgEXDAI6ly2/hKhq
         TI1Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=to:subject:message-id:date:mime-version:from:openpgp:dkim-signature;
        bh=ZRjaMuHKeSGRTXc1TAcLufOxMG64lOUjbENuvlo0yIQ=;
        b=QPia7rrOao1HRKg+RiEh2OgYKHUkY/hMWbP6IApjn6uhScOYDP9b0CEv7+NzSAPG05
         EqpLnOefACyRWo4dnoYburzhjrQ7GzDkycLtLsMI6Bq9dR387K2VdM3XZ71DQ2AfdtQs
         uAMIW4EgXKORT2KIwWI9RnH4ijGfxYv1J9SpYWz9HrdYGw5NDYPBl7a8V4btwMbQhoiM
         2DVwcdNfnTiR47Z9ZpFbviEFLtlWPTATzTELYEL1heVJ07ZPH7uIKBv9eZCscJLxs2UC
         yNaOE56xIwBunExoz25O4AAaAVvw9H+Omdzvo1LMYvzykdL/Y4lx8Uu42AKhn1E7PCO4
         WfKw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@flowcrypt.com header.s=google header.b=JSLjYVql;
       spf=pass (google.com: domain of alex@flowcrypt.com designates 209.85.220.41 as permitted sender) smtp.mailfrom=alex@flowcrypt.com;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=flowcrypt.com
Return-Path: <alex@flowcrypt.com>
Received: from mail-sor-f41.google.com (mail-sor-f41.google.com. [209.85.220.41])
        by mx.google.com with SMTPS id b18sor7406991otq.172.2020.12.28.21.44.19
        for <khetyaviles1612@gmail.com>
        (Google Transport Security);
        Mon, 28 Dec 2020 21:44:19 -0800 (PST)
Received-SPF: pass (google.com: domain of alex@flowcrypt.com designates 209.85.220.41 as permitted sender) client-ip=209.85.220.41;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@flowcrypt.com header.s=google header.b=JSLjYVql;
       spf=pass (google.com: domain of alex@flowcrypt.com designates 209.85.220.41 as permitted sender) smtp.mailfrom=alex@flowcrypt.com;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=flowcrypt.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=flowcrypt.com; s=google;
        h=openpgp:from:mime-version:date:message-id:subject:to;
        bh=ZRjaMuHKeSGRTXc1TAcLufOxMG64lOUjbENuvlo0yIQ=;
        b=JSLjYVqleNQZRsyjFwOsWTDbypHKkWhc9J3RnWGTH7NB+L6Lv+svAdYqV0x2vgLbt1
         58qnxAWqtVEoBKMmjoofRdQ4pjNh3iickiJJ9JVmMbtq1WOTdvce3jucn2B6VK8obFNC
         SoJJkX6DEQoEZexGe2PCEMAMRngMx0Bb00q3s=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:openpgp:from:mime-version:date:message-id
         :subject:to;
        bh=ZRjaMuHKeSGRTXc1TAcLufOxMG64lOUjbENuvlo0yIQ=;
        b=Ty06EBy+Gj1zUMMLtH91SnOIozSRY94qRCEtCRj+VeCxg2tuH0rpnhWlZAqd6a7I2x
         kGD5xCXZStiaeHyPIIwUOH7bRReL+MHSerlH+kvCYxJOKMzPzesRThTUh8cZLgQ6kf77
         09ZjG2c6AZ7kcJaQ+wOENsa17DtttkUvXs/YLuDbXixyxtbrcXCokxFfxfqlJG3sOvbD
         19l7KN4PYBfMMvnLLJGC1mF4D/L+pQ5DSXkK1PrGZg8qKkU+PrMhpRVGdHRSW8+LIgJH
         KjDJkHpFNdGgenc0PzcjBrIxKhV5q0QfUe0881hN0m6oYV7/tqQYUCTLUXQqR4wdRP96
         JKeQ==
X-Gm-Message-State: AOAM5306dHALRYTrRZGbuzOh/z6jU26zKC4cMYqKu1M6KsFzE1fuqwQL
    Z5OFO18rZ5L6lGUOpS7AhIToVNGSgJtf0YjGKnLeRBVIOCs=
X-Google-Smtp-Source: ABdhPJzRkLqLEJys/muS7QkWDSuKQgth1mFRQZrey+Wi2GeQYcCDNbpGIR6L20Ki6SPfdWVgBnslLfXQCFxwbAUfYiU=
X-Received: by 2002:a9d:4793:: with SMTP id b19mr34247765otf.193.1609220658916;
 Mon, 28 Dec 2020 21:44:18 -0800 (PST)
Received: from 717284730244 named unknown by gmailapi.google.com with
 HTTPREST; Mon, 28 Dec 2020 23:44:17 -0600
Openpgp: id=BD0636F1589AD798
From: Alejandro Alvarado <alex@flowcrypt.com>
MIME-Version: 1.0
Date: Mon, 28 Dec 2020 23:44:17 -0600
Message-ID: <CAAVtiawdPXuViV_3AeGGYp4oDv6E-5GJsBusGJZ8LwTxOT3eZg@mail.gmail.com>
Subject: Encrypted attachment test for Enigmail
To: Khety Aviles <khetyaviles1612@gmail.com>
Content-Type: multipart/mixed; boundary="000000000000bdb85b05b793e1f7"

--000000000000bdb85b05b793e1f7
Content-Type: text/plain; charset="UTF-8"

-----BEGIN PGP MESSAGE-----
Version: FlowCrypt Email Encryption 8.0.0
Comment: Seamlessly send and receive encrypted email

wcFMA+nCMbB4KnKWAQ//aH95J+PWQQgemg52A5DvgPWCDW1p9EsUcJA/5uxA
xfRLhvXnaOqTsff0aKpLBRasUiJPwbhJ6m/R3RC4+byjJZdemJcZUXjVwOm/
pkq0saRvZbzuEAe17kwfNa2aAHYpH1ZbaVVtvXq6C0K/Z20YQIjr/woBqkci
n8LD7KLcYffz/gdC0xEryfAM3kIpjZqTRWxcjteXA5kL1I0NRdLxDGaCpOQv
3qvJxsjvXOrI2fLCaQFRMTRGfPdjSbGg8LFE/xCagoFkV8lpYuamSUhbvBIQ
jVaJ7koHnv5iUpPQf2L7Za1+tWWKKgRjeIDAo6QAxbw1RQNhsYxwXWDVKb5C
V3phpVzxSohPXhDs0YzdnjO/rT2U3Q/n2VoSgKG2vOAOMC4U8vJgOEsgs+8m
JvQARoCwt+4SU3eT4fK7pGaIsHfKp5qVZCxutRWpTjBxJM8JjDM1epmT5stD
A0AoTC1SmklOMjyIRmEcVafta+rexOW10CSuP2hiP8nD/YiZ9rLHy5Gk0+jF
J3AU0eGyedV3bblcry5NHrMuBv8721/D1uupv25yG519LCIrBQGKXZw8OrnG
ERt2F9I1qKJqN+8UVk/ijl5n2V5Ed+kFmiglK19nA5m8Olp50tzRMxO5BPrA
HTp+3soHEqwpmJS0YEH3kqGAYS71nkNH44pAtjfqM6rBXgNLM4sEjIBXyBIB
B0C+ZCYALTEzUOwh5kpIA1CYLbDAhQyg+P9+r2LuikrNWDAtOJFVUkKri6p9
LSCyArV045PlnTeLVDgWK18jup0VCof+xYgZWpOeuwK87VYzIErSYwFyWF/L
MzybAFd4DIbR+lhKexc4L7vlbKMqd+wKxTzw6twa4pUhDl1TrD97M0RUl3AU
Vy7KZ/tJdlmnUx0BjdUEzhzzdSTUk1fEyN6sER+/gBQObsErbKjNIZSnsHxp
nlHzJg==
=/198
-----END PGP MESSAGE-----

--000000000000bdb85b05b793e1f7
Content-Type: application/octet-stream; name="please.c.pgp"
Content-Disposition: attachment; filename="please.c.pgp"
Content-Transfer-Encoding: base64
Content-ID: <f_UPgckYHbRvOwyOrQsbWhJcmxrtrcaS@flowcrypt>
X-Attachment-Id: f_UPgckYHbRvOwyOrQsbWhJcmxrtrcaS@flowcrypt

wcFMA+nCMbB4KnKWAQ//chgfHS/Q0p778+q04kkO6xWzimOIA7H4KRX6F/qWOH8Bb836eL/TIhpl
LXe4w+VPK1sKFuVY4mH02hDRd9wrIXY1h+Ir++UdztopISZ1rD0qYrrFDwUU5ixge0lpfCMLhIFp
ezbqO8dr9aLsnNEIjwRr3ouj51ygR9YvotRBLjTOPsp3Lr3Tf53WD8PDOZvlfcGr0VZpI7uviCWN
R+tzSSvBN03PZQrWD//IfJ1hpjgg000CuGVYgdQiO0IjEYkpPEm9nlTvum/4U8cgAzz4EcwY6Add
5vpOL8ofVFQR/4+Xpe012GDzxm6Cb8W/gKoF5uKKCZZswlkzkAFXx8USMEaKR9MyQG/vIngN6+wY
rgdYRAr6Dmy4KjFy79PjbKfap3liU49SYXrkuIM7nQ6+DVntdq5luTKTXdd97nrxzFsR+bh4LN6J
9r3KgJfNTEy1c1jSbtroU4bXkFypId2cPiOUvxHJWKeRnOMP12VcB/TGYgQykBUJafKGTGLiTupq
hue1TptNDrB4+4cbDYS+CSEqSLoQxMjHaHdAsTmtkHn+32064BNdX2wODL5084mGA6Rbry0K40AI
THlMOJl+ofQQgEUqZON3UXOXrCSiJjwsJC0J1G05RZ9hfHmEw0AcVYa/xBzsRaRfee87hgqXPMhu
i+TlsYr0+1swzLiPqb3BXgNLM4sEjIBXyBIBB0At8ZoNqQrunH8PUpG+/oiD/qQPJCOCuu40lJyS
Nbz+VTBAWKj/E4eJq2+I9tCu1m65l0BMJbLEnKXGETbMlG4oJ4FrlPFP5UH8EP82ZHDsiG3SwlIB
ykyN7C4zlamLEBD9TXirQSW/R/9WQUwL/RSfslV2NF5WNs0/dV5beZimDT/fk+DYsJYTUlOfimEq
vOzgEDgNFKrhAMrX196eOtZmia8y5uD3mWpn2YcWAKrdB6JlC6KwtgKJvhKk4zONrlJw9XZkuM5d
1MajAmWfpcBlqHrnbj0sBtqUiUOgdBYxbW1BRTX08sN8JldWhAfUyq4ND+EyxjlJ8RMSjqBeHaG+
63nr6gslm9M1LA3jRQ34ghPxW/u+gcVjAI4xFNhs/pohrXzZsxDBxwGQ+ZW8/PjeE2UfbKufKKlh
LC8sqnQIjMw0zkJp2tFLW2X9GrjOgiv+CbdB+b4P+WN9tT/vajneFM+MQzQNzmRAy+Y3CKevzp7m
KLh80UA6Os6DclscuQAsVOIBI1YFEWRtkJI3LQK6+FtrtrkpH8Db9usnfje6o90oYVoes0rSo9zI
iK5Zv2Ln+GW1IYXaWw7i9ceUi3yz6kW2HsNLFCuFjhAzmA4bKHXaEVIqKUvZtq+iGfRY/51mmGBa
rXFrxzn4fIRH2cdePUtggMW+LcJJIX7hnGdk7Kju3FAMFC+Fz6NDcN6WI6Ij3J1YDPTC2qHj8QKQ
pa44F/98lnHn0yTcy1RG/NRyH0WMPKS4dcsz03oM6h6121DDp/mySNjwlrIsNzjSDM4TOWQ4fa2c
IZIQNOQPMLiSSFKZslvHhDMENCLxjVFjfHgWtwBz72FgRQv5acx0YNSrdCF8FVXS4KeIize731uH
oUScXaSFnSOLeyqrSINWfxOxf4mfzi522hJo9MvM+A0AmRFxMBLBH48YmOutILNSPZ+dSUHkYOgm
ZMPkWeVaHoXNoyzjgYV/IHO6tMnhs3jpnF0o/NRvoo3tORa0tkb3mvYnRkxsTtbOpBAZGbxeRqu7
SnXg9G1oQm0FXw6iRMJno1NhDUYGnuBfAx0FPOpqr4Uvv4KKGNzD+H0le5HqA5t8bRqSe+vxwaG9
ONfE4wxuSDHNE4Yxegu6OKES15BfHxvHX0Q+tc8fz1QooZ4cCrTRwuhulqQ=
--000000000000bdb85b05b793e1f7--

[tomholub]

I'm assigning bilal to later have a look at what causes this.

[fleish]

I can open a separate issue if needed, but this also seems to reveal an issue with the way Flowcrypt handles attachments. By adding them on as separately encrypted files and then appending them to the rest of the PGP-signed message it causes issues with recipients who do receive it to show the message as "partly signed" since the encrypted attachments are not signed.

It also seems to cause the messages to bounce when received by a Schleuder encrypted list that enforces messages received are signed & encrypted by a subscriber due to the message not being properly signed.

Is this something that can be addressed with existing settings to change how the attachments are handled by Flowcrypt or will it require updated code?

[tomholub]

Unfortunetely what you are asking for likely requires PGP/MIME which we have implemented but it doesn't work because of how Gmail API mangles up outgoing messages. If you want to give it a try, install Firefox extension instead and then you'll see an option to send a rich-text message. That should also encrypt and sign the attachment as part of the body. However, the sent message will not conform to PGP/MIME standard fully because of how Gmail messes it up, so it may or may not be understood as an OpenPGP message on the receiving end. Worth a try though.

We are talking to Google to get this resolved but they are taking ages.

[fleish]

Thanks for the quick reply, but yeah the results are also wonky using PGP/MIME in the Firefox plugin too. Ironically, the resulting message ends up being fully signed but partly encrypted See attached screenshots for what I received on the far end in macOS Mail.app + GPGTools/GPGMail

[tomholub]

yes - probably the result of gmail api mangling. unfortunately we can’t improve this until gmail google fixes this.

On Wednesday, June 30, 2021, fleish @.***> wrote:

[image: Screen Shot 2021-06-30 at 13 00 58] https://user-images.githubusercontent.com/2106430/124023821-44142680-d9a3-11eb-8410-3cbdd7a467e8.png

[image: Screen Shot 2021-06-30 at 13 00 36] https://user-images.githubusercontent.com/2106430/124023823-45455380-d9a3-11eb-89fc-8eec35b25371.png

Thanks for the quick reply, but yeah the results are also wonky using PGP/MIME in the Firefox plugin too. Ironically, the resulting message ends up being fully signed but partly encrypted See attached screenshots for what I received on the far end in macOS Mail.app + GPGTools/GPGMail

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/FlowCrypt/flowcrypt-browser/issues/3278#issuecomment-871691142, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABQDZEKO6DRWJ2TNYDKIQXDTVN2EHANCNFSM4VM774YA .

--

Tom James Holub http://holub.me/

[rrrooommmaaa]

Is this actionable now?

[tomholub]

Yes - please try to send a pgp message that does is pgp/inline with separate encrypted attachment files, and open in Thunderbird.

This flow is unaffected by Gmail API bug but based on the description of this issue, still doesn't work when opening.

Please triage the issue to confirm you can reproduce it and if yes, see what may be the problem.

[rrrooommmaaa]

I tried with Thunderbird 78.12.0 and was able to reproduce the error, but it had something to do with file extension rather than message format error. Make sure Thunderbird opens plain "C" file (you can save this mapping from the plain file open dialogue only, I guess) After that, the encrypted file will open (simultaneously with the pop-up dialogue) on double-clicking this icon Opening the file from the pop-up dialogue will open it in raw encrypted form, so don't do that unless you want to save it for later decryption

[rrrooommmaaa]

This is the message I tested it with

Received: from 717284730244
    named unknown
    by gmailapi.google.com
    with HTTPREST;
    Wed, 21 Jul 2021 01:44:08 -0700
Content-Type: multipart/mixed;
 boundary="----sinikael-?=_1-16268570479440.10164582326062122"
Openpgp: id=07481C8ACF9D49FE
From: Gmail CI Test <ci.tests.gmail@flowcrypt.dev>
To: Gmail CI Test <ci.tests.gmail@flowcrypt.dev>
Subject: try with the latest version
Date: Wed, 21 Jul 2021 01:44:08 -0700
Message-Id: <CAO9FY9uqW3ESKpQwiP8-2mFEEXK5SvtqDLri6PFasK5Lv6be3w@mail.gmail.com>
MIME-Version: 1.0

------sinikael-?=_1-16268570479440.10164582326062122
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

-----BEGIN PGP MESSAGE-----
Version: FlowCrypt Email Encryption 8.1.1
Comment: Seamlessly send and receive encrypted email

wV4DeWfgCtVtdnoSAQdAwRWLrLllmFVxS+2awcN41qwozbGiNrMnFFA73nYw
WQMwFZ/94uk/fLThcs6ap9MHomTvJIgcIm4/u6LjuEEo/EUpfCEtwWrQ4UUX
lKIk9oBLwV4DeWfgCtVtdnoSAQdAcZsJObIImMtG3SbtVcZuHxyMhAk/TN+H
cHC0rrB28EUwAy2cNp7NcrIgK3D8tMeYvvm9EhdjyIAhbunx12p3+WjAEUfg
4SYyEMvb8hjNXX670kMBvDboqSxP9B9Nksm7f3mgcVSyoTUor9B3+VTvU48I
/l9V2swMa9yuEl1oO2cEC3a2M7jY/vZtuPX990qYDI4zPZa8
=3DcGgg
-----END PGP MESSAGE-----

------sinikael-?=_1-16268570479440.10164582326062122
Content-Type: application/octet-stream; name=please.c.pgp
Content-Disposition: attachment; filename=please.c.pgp
X-Attachment-Id: f_uCrAyGVbjxXoCeYYwsTCXpGCbQIFug@flowcrypt
Content-Id: <f_uCrAyGVbjxXoCeYYwsTCXpGCbQIFug@flowcrypt>
Content-Transfer-Encoding: base64

wV4DeWfgCtVtdnoSAQdAHU7lJ9aasrvBvxGTumOc/q1m6L81kpbj3NFxc7MOJ1IwRlql7JqoofNL
8KmYzaQlj/Rd71ualFEW0TRaetc2reRmi0TfeqLTOLXmR4uLwRuGwV4DeWfgCtVtdnoSAQdAS1RU
CoPl+3u0knu1j7cszTBMO1TaPPl+jodboOph6w8wbKXl2Evtn6++HrflvT3vyb0DwCqpKfIx+C09
ZkhJWDMzbhBhiH6YTeFjteb0+tws0kMBK6XCgBKwRzMnR/+wlnkH58yliierHZ6uO3/vVG66PJk3
SVL1rO3Yx0s3mdZysrWxzZN61AaOMVDPnQXx5p9nxnas
------sinikael-?=_1-16268570479440.10164582326062122--

[github-actions[bot]]

There were 3 email addresses found in the above comment. Please:

1) click three dots -> edit to remove the email addresses 2) click edited in the comment header, and click on the previous revision of the comment 3) when viewing the old revision with an email in it, click options -> delete this revision from history

[tomholub]

Opening the file from the pop-up dialogue will open it in raw encrypted form, so don't do that unless you want to save it for later decryption

Could Thunderbird be convinced somehow to recognize this as an encrypted file? Do you think it's a bug on their end, or something we could do (like a application/pgp-encrypted header?)

[rrrooommmaaa]

Could Thunderbird be convinced somehow to recognize this as an encrypted file? Do you think it's a bug on their end, or something we could do (like a application/pgp-encrypted header?)

It does decrypt it on double-click, so it recognizes it. It just saves the original encrypted file from the dialogue.

[rrrooommmaaa]

Or, perhaps, the "null undefined" may be connected with missing OpenPGP key for decryption. I'm seeing this when trying to double-click on a file when having this red strip. There is certainly a bug in Thunderbird printing such an undescriptive message, The only way the error may appear without the red strip (by our fault), is when the message body and the attachment are encrypted with different (sets of) keys. I'll add a test to check this.

[tomholub]

When you send a message with Thunderbird itself that contains attachment, and then try to open it, does it make you jump through the same hoops?

[rrrooommmaaa]

When you send a message with Thunderbird itself that contains attachment, and then try to open it, does it make you jump through the same hoops?

Nope, Thunderbird uses multipart/encrypted OpenPGP/MIME format. And it is handled properly by both Thunderbird and Flowcrypt.

[rrrooommmaaa]

It is still possible to open the file in our workaround format when encrypted to a single recipient. Would you like me to do more tests with multiple keys/recipients, @tomholub ?

[tomholub]

I suppose this is more of a bug in thunderbird then our own software. you could try reporting it in their project.

last thing too they would be if they recognise our pgp/mime format. that would be interesting to know. otherwise i think we can close this. thank you for looking into it!

On Wednesday, July 21, 2021, Roman @.***> wrote:

It is still possible to open the file in our workaround format when encrypted to a single recipient. Would you like me to do more tests with multiple keys/recipients, @tomholub https://github.com/tomholub ?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/FlowCrypt/flowcrypt-browser/issues/3278#issuecomment-884373225, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABQDZEJVESTACNKQY5WBF7TTY4BYDANCNFSM4VM774YA .

--

Tom James Holub http://holub.me/