PGP Problem when sending Mail

[jens-maus]

Originally by starkillers@web.de on 2013-09-20 20:57:13 +0200

---

Description: Tried PGP with YAM on A4000T / OS3.9 / 68060 / YAM2.8p1 After editing a mail and choosing sign/encrypt I receive the message (when trying to send) : Error trying to add the file "RamDisk:T/YAMtxxxx.asc" The file definetly doesnt exist in ram:t so the encrypted part cannot be sent. The mail is send without it.

On my MorphOS pc it goes to high CPU Usage and freezes.

[tboeckel]

Originally on 2013-09-24 16:02:04 +0200

---

So far I was able to reproduce a similar issue only once. But in that case it was PGP itself crashing and causing all kinds of trouble. Since then all PGP encrypted mails were created successfully.

Just to be sure that everything is working properly on your side, please create a UTIL debug log using the debug version of the next nightly build and attach the log here. Details about the debug version can be found in the FAQ.

[jens-maus]

Originally by starkillers@web.de on 2013-09-26 07:44:52 +0200

---

I created a logfile with the "debug" option of YAM2.8p1 and a second one with the yam2.8p1_debug version . wasnt easy cause enforcer is a crappy piece of software. The attachment function above doesnt work for me so where can I put those files ??

[tboeckel]

Originally on 2013-09-26 07:46:16 +0200

---

Replying to trekman:

The attachment function above doesnt work for me so where can I put those files ??

Just send them to me privately.

[jens-maus]

Originally by starkillers@web.de on 2013-09-26 07:48:05 +0200

---

I would like to ;-) just need the email-adress. Cannot really find it.

[tboeckel]

Originally on 2013-09-28 20:28:16 +0200

---

Replying to trekman:

I would like to ;-) just need the email-adress. Cannot really find it.

tboeckel@gmx.de

[tboeckel]

Originally on 2013-10-04 20:04:46 +0200

---

In (1bcb4ed):

• YAM_UT.c: don't ignore the return code when executing PGP commands. This refs #427.

[jens-maus]

Originally on 2013-10-21 01:25:30 +0200

---

What is the current status of this ticket? Is it still valid or can it be closed now that thore comitted a change two weeks ago related to it?

[tboeckel]

Originally on 2013-10-21 15:16:26 +0200

---

Replying to damato:

What is the current status of this ticket? Is it still valid or can it be closed now that thore comitted a change two weeks ago related to it?

I'd say it can be closed, but let's wait for trekman's answer. I had a little private discussion with him and as it seems this bug is not a bug in YAM, but in PGP5. This requires the own key to be trusted by other persons in order to be able to use it for encryption or signature. And even if this hurdle has been taken PGP5 still likes to crash more or less easily, even with a fully correct command line. Thus I'd say better drop PGP5 support and concentrate on PGP 2.6.3 or even better S/MIME as suggested by #130.

[jens-maus]

Originally by starkillers@web.de on 2013-10-21 18:50:27 +0200

---

Im still working on it. As Thore said it could be a problem pgp5 related. Give me some time to investigate. I`ll report asap.

[jens-maus]

Originally by starkillers@web.de on 2013-10-23 11:26:01 +0200

---

I tried to work with PGP 2.63i and I dropped it because this old version obviously does not support newer keys created with PGP5 or openPGP. So in my opinion its not useable nowadays. I made extensive tests with pgp5 and I can say that it works on my A4000/060 . I can decrypt and encrypt files without problems. (even decrypt openpgp encrypted files). So this should be the way to go :) (considering openpgp or S/MIME is a way too) When it comes to YAM I could decrypt messages sent to me by a friend. Sometimes it asks the password but does not decrypt. When I try to send encrypted messages (using that pubkey of him (created with openpgp)) the .asc file in ram:t like reported seems not to be created, so that YAM is not able to attach this file and send it. The keys are signed and marked as trusted as Thore suggested.

[jens-maus]

Originally by starkillers@web.de on 2013-10-23 11:32:26 +0200

---

Im going to run a few more tests and Ill report the findings.

[jens-maus]

Originally by starkillers@web.de on 2013-10-24 08:39:43 +0200

---

ok... I returned to V2.4p1 on my Amiga . This version of YAM works flawlessly with pgp5. The other versions unfortunately did not work satisfying with pgp here. :( sry ... I tried everything I could think of. Im going to test on morphos 3.3 now and will report.

[jens-maus]

Originally by starkillers@web.de on 2013-10-24 22:35:48 +0200

---

Morphos tests show that I can encrypt/decrypt and send encrypted mails with pgp5 installed. when I try to sign a mail with YAM, cpu power increases to 100% and the program freezes. So it could have to do with signing messages out of YAM. I can however sign and/or sign and encrypt/decrypt via commandline without problems. Im using V2.8p1 here. Maybe that is the same problem on the amiga which shows me the error message about the missing file in ram. I hope this helps locating the problem. :)

[tboeckel]

Originally on 2013-10-25 09:12:55 +0200

---

In (1ae708c):

• YAM_RE.c, mui/ReadMailGroup.c: don't assume that the letter part is directly followed by the PGP signature part, but search for both independently. This refs #427.

[tboeckel]

Originally on 2013-10-25 09:32:31 +0200

---

I am currently at a point where I am out of ideas why the signature check is crashing the machine (AmigaOS3 inside WinUAE currently).

Before the last changes YAM might have used the wrong mail parts in case the PGP signature part was not the direct successor of the letter part. This could easily happen for "multipart/alternative" mails where the text letter part was followed by an alternative HTML letter part and finally the PGP signature part.

However, the pgpv binary of PGP5 is crashing always now, no matter if run from YAM or manually in shell. The stack size should be large enough. YAM uses 64K while the shell uses 256K. Raising this by factor 10 makes no difference. According to the WinUAE log pgpv is doing some very weird stuff and is accessing invalid memory regions. Thus YAM is out of the scope here and hence innocent.

I didn't do any tests like signing or encrypting mails myself yet.

[jens-maus]

Originally by starkillers@web.de on 2013-10-26 22:11:20 +0200

---

I tried pgpv , pgps , pgpe and pgpk on my Amiga in the shell. No crashes on the real machine ... hmmmmm PGP5 seems to run fine itself here. Im running OS3.9 with all available BoingBags. Processor is a 68060/50 2MBchip/70MBfastram A4000T

[jens-maus]

Originally by starkillers@web.de on 2013-11-03 20:30:32 +0100

---

tried some more things... biggest problem seems to be that pgp5.0i does not support openpgp keys entirely. I could encrypt mail with an openpgp pub key from a friend of mine, but he cannot decrypt the mail. (the mailer he uses says something about the wrong key was used to encrypt) I created some new keys with openpgp and could import them into the keyring of pgp5 but couldnt sign them. pgp5 says : detected wrong ciphers . hmmm ... knowing that S/MIME is based on ssl certifikates in which nsa is involved somehow ;-), maybe openpgp support should be the way to go. At least for morhpos should exist a port of gnupg I think.

[jens-maus]

Originally on 2013-11-03 20:50:27 +0100

---

Replying to trekman:

tried some more things... biggest problem seems to be that pgp5.0i does not support openpgp keys entirely. I could encrypt mail with an openpgp pub key from a friend of mine, but he cannot decrypt the mail. (the mailer he uses says something about the wrong key was used to encrypt) I created some new keys with openpgp and could import them into the keyring of pgp5 but couldnt sign them. pgp5 says : detected wrong ciphers . hmmm ... knowing that S/MIME is based on ssl certifikates in which nsa is involved somehow ;-), maybe openpgp support should be the way to go. At least for morhpos should exist a port of gnupg I think.

Here are my two cents to the discussion regarding this ticket and current pgp support in yam:

I would of course love to add openpgp support to YAM. However, there is one important problem with that: Nobody has yet ported gnupg to any AmigaOS platform. Even more important, nobody has yet tried or were interested in porting the gpgme library to any AmigaOS platform which would be required for a sensible and reliable OpenPGP support in YAM. As you might know, our resources are very limited and besides YAM, thore and me are maintaining a bunch of other MUI classes to keep YAM running. We are even the maintainers of the MUI port to OS4 so that we can make sure that YAM keeps running in future. Taking this all together we are really lacking more resources to even port GnuPG now to all AmigaOS-platform. So here we are highly relying on the rest of the Amiga-Developer-community. So if nobody will ever port GnuPG to AmigaOS you will never see any support for it in YAM, I am afraid.

However, while I would love to see support of OpenPGP/GnuPG in YAM, I think it is more likely that you will see S/MIME support in some of the upcoming versions of YAM. This is simply, because we have all stuff that is required for S/MIME support already in the OpenSSL Port for AmigaOS (AmiSSL) which YAM uses already to provide SSL support for secure Server connections. All that is required is to update AmiSSL to a newer OpenSSL Version and then we can perfectly integrate S/MIME support in one of the next YAM versions (not 2.9, I am afraid).

And to stop you from speculating that S/MIME might be any less secure than OpenPGP/GnuPG. This is not true as S/MIME is based on OpenSSL which is as open as GnuPG/OpenPGP. The only thing you have to take care to ensure that your keys are safe is that you generate the keys completely on your own and don't rely on a public key generating engine which might come with some NSA backdoors in their root SSL keys/certificates. However, this should be easily possible.

So, to finally conclude this ticket: We know that PGP support is currently suboptimal in YAM and that especially PGP5 support seems to be a problem. However, as long as nobody fulfills the task to port GnuPG/GPGME to AmigaOS you will never see any improvement on that.

[jens-maus]

Originally by starkillers@web.de on 2013-11-03 21:07:04 +0100

---

I agree to most of that, but at least some "first steps" have been tried :

see:

http://aminet.net/search?query=gnupg http://morphware.schwarzes.net/

at the time beeing I give up on YAM to use with mail encryption. Hope you guys will manage to do the job :) I would really like that !

[jens-maus]

Originally on 2013-11-03 21:19:18 +0100

---

Thanks for the links. However, as I said, what we would require in addition to binaries of the gnupg command-line programs, is a properly ported version of the gpgme library (see http://www.gnupg.org/related_software/gpgme/). And here I would like to especially point out the fact that we would need a proper port and not just such a quick and dirty port like this is unfortunately performed today by so many people in the Amiga community. Just getting a binary running and doing something and pushing it to aminet to see the own name popping up there isn't the way to go. What we would need instead is someone creating a GPG or AmiGPG project, which comes with a source code repository and calling himself a real maintainer of that port and not just getting the sources compiled and fine.

Compiling/Porting stuff is mostly easy, but maintaining it properly is what is important!

[jens-maus]

Originally on 2013-11-04 07:42:55 +0100

---

Moving this ticket to "future release" as there is no permanent solution for the 2.9 milestone. It also refs #77 and #130.