Notification of successful 'decryption' of ASCII-armored signature without corresponding public key

[koto]

From coruus@gmail.com on July 22, 2014 23:46:15

Extension.

What is the security bug?

Paste in a signed, ASCII-armored message. Click 'Read'. If the signer's public key isn't in the keyring, the extension reports 'Decrypted'.

(Hopefully this is a duplicate by now.)

Original issue: http://code.google.com/p/end-to-end/issues/detail?id=118

[koto]

From koto@google.com on July 23, 2014 05:37:36

We don't notify the user about signatures with the keys we don't have. If the clearsign (or encrypted) message was signed with a key we possess, there would be a information about sig verification there.

Currently we use the same message on processing clearsigned and encrypted messages, hence the incorrect "Decrypted" text. We will branch and change the message texts for clearsigned messages, but the UI decisions have not yet been made.

Maybe we should consider announcing that "no signature is present"? That's tricky for the end users though, as the text should announce that we were not able to verify any of the signatures due to the keys missing in the keyring. That's just a lot of information to process UI-wise.

Labels: -Restrict-View-CoreTeam -Security -Priority-High Component-UI Priority-Medium

[koto]

From evn@google.com on July 23, 2014 12:17:08

Labels: Usability

[koto]

From evn@google.com on August 05, 2014 13:24:59

lack of signatures makes Issue 124 particularly interesting though.. I wonder if there's a way we can check how often messages without signatures are generated :(