IMAPCrypt doesn't encrypt some mails containing attachments

[ghost]

Hi,

Thanks for this great tool, I managed to encrypt years of clear text emails. I got into trouble for some emails, they were not encrypted by IMAPCrypt. They were not corrupted, IMAPCrypt just skipped them. I got the following output:

2018-03-29 13:43:47 INFO  IMAPCrypt:316 - Message #31 on REDACTED REDACTED
2018-03-29 13:43:47 DEBUG IMAPCrypt:341 - Encrypting the MultiPartMime message
2018-03-29 13:43:47 ERROR IMAPCrypt:363 - The message failed to encrypt because of a IllegalWriteException: javax.mail.IllegalWriteException: IMAPBodyPart is read-only

It mainly affected messages with inline attachments, mails with .pdf or images attachments.

[chrislee35]

Fascinating! I'll try to replicate this bug on my server tonight.

What imap server are you using?

Chris Lee

On Mar 29, 2018, at 8:01 AM, 0xroy notifications@github.com wrote:

Hi,

Thanks for this great tool, I managed to encrypt years of clear text emails. I got into trouble for some emails, they were not encrypted by IMAPCrypt. They were not corrupted, IMAPCrypt just skipped them. I got the following output:

2018-03-29 13:43:47 INFO IMAPCrypt:316 - Message #31 on REDACTED REDACTED 2018-03-29 13:43:47 DEBUG IMAPCrypt:341 - Encrypting the MultiPartMime message 2018-03-29 13:43:47 ERROR IMAPCrypt:363 - The message failed to encrypt because of a IllegalWriteException: javax.mail.IllegalWriteException: IMAPBodyPart is read-only It mainly affected messages with inline attachments, mails with .pdf or images attachments.

― You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.

[ghost]

I ran a dovecot server on my computer and duplicated some email there to avoid data loss!

[chrislee35]

Looks like I need to fix a few things before I fix this issue. I need to parse the new format of gpg --list-secret-keys output.

[chrislee35]

I was able to reproduce it. Now for the fun part.

[ghost]

I just noticed that signed only emails are not encrypted.

[chrislee35]

That was by design, but I should probably make it an option.

The thought was that if it were signed, it was already reviewed to be stored plaintext.

On Mar 30, 2018, at 8:35 AM, 0xroy notifications@github.com wrote:

I just noticed that signed only emails are not encrypted.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/chrislee35/IMAPCrypt/issues/4#issuecomment-377515454, or mute the thread https://github.com/notifications/unsubscribe-auth/AAiGBbvF_Y88WcVWRXdD5itVC24pNFzqks5tjiaTgaJpZM4TANu0.

[ghost]

It might be useful for people that wishes to store their emails on a server they can’t trust for storage, to encrypt some conversations initiated with a signature (to show that you use PGP), or to correct an error!

[chrislee35]

Ok, I've studied the problem enough to know that this will take me a good while to fix. I've got to brush up on multipart mime and my pgp encoding options again... fun times reading RFCs... or I could try a bunch of random changes and see if something works for all my test cases... I think I'll try that and then see if I can get help with the first option.

[chrislee35]

I got it passing the first round of tests. I had one error masking another. I'll look at the signed issue as well for my second round of tests.

[chrislee35]

I received mixed results on my signed test. Out of 4 messages, 3 signed messages encrypted fine with 1 throwing an error: 2018-03-30 23:16:03 ERROR IMAPCrypt:364 - The message failed to encrypt because of a IllegalWriteException: javax.mail.IllegalWriteException: IMAPBodyPart is read-only I'm still researching

[chrislee35]

I still have a few signed messages that won't encrypt. They begin with: This is an OpenPGP/MIME signed message (RFC 4880 and 3156) For your messages that are signed, but won't encrypt, were they OpenPGP/MIME signed.

[ghost]

Yes most of them have the same line in the raw file! Some doesn't have anything standing out outside of the message boundaries I think?

[chrislee35]

It's been a one-step-forward, two-steps-back kinda week. I'm still working this, just haven't had a lot of luck yet.

[chrislee35]

AFAICT, the problem is in how PGPMime for Java is adding the header to IMAP. I asked for help.

javax.mail.IllegalWriteException: IMAPBodyPart is read-only
at com.sun.mail.imap.IMAPBodyPart.setHeader(IMAPBodyPart.java:325)
at de.buelowssiege.mail.pgp_mime.gpg.GnuPGExecuter.updateHeaders(GnuPGExecuter.java:201)
at de.buelowssiege.mail.pgp_mime.gpg.GnuPGExecuter.updateHeaders(GnuPGExecuter.java:153)
at de.buelowssiege.mail.pgp_mime.gpg.GnuPGExecuter.updateHeaders(GnuPGExecuter.java:170)
at de.buelowssiege.mail.pgp_mime.gpg.GnuPGExecuter.writeBodyPart(GnuPGExecuter.java:123)
at de.buelowssiege.mail.pgp_mime.gpg.GnuPGBodyPartEncrypter.encrypt(GnuPGBodyPartEncrypter.java:89)
at de.buelowssiege.mail.pgp_mime.MimeMultipartEncrypted.createInstance(MimeMultipartEncrypted.java:92)
at de.buelowssiege.mail.pgp_mime.MimeMultipartEncrypted.createInstance(MimeMultipartEncrypted.java:67)
at [org.dhs.chrislee.IMAPCrypt.encrypt(IMAPCrypt.java:344)](https://github.com/chrislee35/IMAPCrypt/blob/master/src/org/dhs/chrislee/IMAPCrypt.java#L344)

[intika]

Hi, thanks for this nice tool :) ... what's the status here ?

Do you thing encrypting the subject line would be possible ?