ArchangeGabriel
commented
7 years ago Open sharpe5 opened 7 years ago
ArchangeGabriel
commented
7 years ago 
Valodim
commented
7 years ago also, https://k9mail.github.io/2017/01/30/OpenPGP-Considerations-Part-II.html
I recommend simply generating a new key on your phone for this purpose. They're free, you don't have to publish them on keyservers (it's opt-out right now but that will soon change), and you can simply not use the one you generated for this purpose anywhere else :)
sharpe5
commented
7 years ago @Valodim I've already tried this. I generated a passive, sign-only key on my mobile, and used it to verify my public key, I didn't upload this sign-only key to any keyservers.
Notice in the screenshot that the key has three green dots next to it, which indicates that its verified.
If K9 is going to fail, how about adding a "Fix this issue" button which does exactly that? The user shouldn't have to have a degree in computer science to have a chance at getting everything working!
Valodim
commented
7 years ago Much of this is still a work in progress, and there is a bigger picture we're working on that isn't quite there yet. I apologize for the lack of polish in the meantime.
However, simplifying things and optimizing for the core use case (secure communication) also means getting rid of problematic workflows: What you are trying to do is encrypt a message without signing it. That's no longer supported, please see the link I gave above for our reasoning.
\\ edit
Whoops, missed the edited part of your post. Your approach with generating a "passive sign-only key" should have worked. Did you select it in the settings before sending a mail?
sharpe5
commented
7 years ago Yes, the key is definitely signed (see all of the screenshots above).
sharpe5
commented
7 years ago Let me tell you a story that involves murder, freedom of speech, and plausible deniability.
I was chatting to a journalist that works at a big news organization (I won't name the exact one for, for reasons that will shortly become apparent).
A few years ago, during the Arab spring, another journalist was talking to a person in Syria using Skype. The Syrian government, under Bashar al-Assad, was monitoring all of the internet communciations to the outside world. They noticed that somebody was talking to an IP address at the news organization in question. They looked up records at the ISP, and found the subscribers address. They then sent a death squad around to the persons house, who examined the computers in the house, then promptly disappeared the person who had been reporting stories of atrocities to the international press. We don't know what happened that person, but they were never heard of again. They were more than likely shot in the back of the head, or suffocated to death with a plastic bag, and their body discarded in an unmarked grave.
This wasn't an isolated incident: people were disappeared for posting comments that were not complimentary to the regime on social media, such as Facebook.
You mentioned that "plausbile deniability" is not a good enough reason to allow sending of non-signed messages.
Plansible deniability is as a good reason as any. It can prevent murder.
philipwhiuk
commented
7 years ago Not signing your email doesn't provide plausible deniability. So your argument is irrelevant. There's way too much meta-data.
sharpe5
commented
7 years ago @philipwhiuk. Incorrect. Currently, it appears as if K9 requires me to upload my private key to my android to send an email, which proves that I (and I alone) sent whatever was in that email. You're still left with that pesky problem of murder by Syrian death squads. They examine my computer, find that private key - and this absolutely proves it was me that sent it.
sharpe5
commented
7 years ago Another use case:
Imagine in some hypothetical world that I want to whistleblow inside a corporate. See the official government use case. Whistleblowing involves sending an anonymous message straight to the compliance department, to kick off an official investigation into another departments behavior. I find the public key for the compliance department, encrypt an anonymous message to that public key, and send this off to the designated 3rd party whistleblowing service, as per corporate policy. K9 forces me to sign that message.
At work, compliance presents my boss with the whistleblowing email, and asks him to explain himself. My boss then grabs phones from myself and another team member when we are not looking, and obtains our private keys. There is now definitive proof that could tie one of us back to the original message, despite the fact that the message was anonymised by the 3rd party whisteblowing service.
Again, that pesky problem of being fired for doing the right thing. The meta-data argument is irrelevant, because the 3rd party whistleblowing service destroyed that meta-data trail.
philipwhiuk
commented
7 years ago The solution to that problem is encrypt your device or delete the key after using it...
If we want to support whistleblowing, we should add a 'Send whistleblowing email' option to either K-9 or OpenKeychain.
The application would then ask OpenKeychain to create a key and then permanently remove the key after using it to send the email. The email wouldn't be saved in the Sent Items folder - it would be completely wiped once it had been sent.
In other words, K-9 should build solutions around use cases we want to support, not what's technically feasible.
sharpe5
commented
7 years ago @philipwhiuk No, that's no a solution. If you refuse to unlock your device, it can be turned into a crime:
https://www.rt.com/news/238241-canadian-charged-cellphone-passcode/
And the Syrian death squads? I'm sure they would just beat you with a metal pipe until you divulged the password to your phone.
philipwhiuk
commented
7 years ago I added some stuff.
And the security services can just intercept the email and burn you with the meta-data - email is not a suitable medium for that attack profile. You need #2139 for that
Again, this is about designing solutions for specific problems rather than just 'what you think sounds reasonable'.
sharpe5
commented
7 years ago If you use an email anonymiser with Tor, even the NSA would have a difficult time tracing that email back to its source.
You really do have to support the whistleblowing profile.
In addition, it's just way too complex the way it is. There are now many layers of complexity that prevent things from working, and the error messages are unhelpful. I havn't been able to use PGP since the upgrade.
I've been programming for 20 years. All of my error message have the following two parts:
Why don't you simply add some text to any error messages that tells the user how to fix the problem?
philipwhiuk
commented
7 years ago Feel free to submit a PR to improve our error messages.
sharpe5
commented
7 years ago Ok. Sounds reasonable!
I should also take this opportunity to thank you and your friends for the excellent work you have put in. I really do appreciate it. My apologies if I got a little excited over this issue :)
philipwhiuk
commented
7 years ago sharpe5
commented
7 years ago I think I know what caused the issue. I have edited my original post to add an update. This bug is either in OpenKeyChain or K9, I'm not sure which.
philipwhiuk
commented
7 years ago It's definitely an OpenKeychain issue (that error is from OpenKeychain). We can keep this open though to track it.
sharpe5
commented
7 years ago I thought I knew how to reproduce the issue, but it didnt work. I have edited my original post with an update.
sharpe5
commented
7 years ago @philipwhiuk I uninstalled/reinstalled OpenKeyChain, and am still getting the same error in K9. Thus, I suspect the issue is not in OpenKeychain, because I remember I was able to send PGP email within a week of installing K9/OpenKeyChain.
I have edited my original post with update 3.
Valodim
commented
7 years ago I think the error indicates that the key you selected for signing doesn't actually have a signing capable subkey - either there is no subkey with the capability, or it's stripped, or revoked.
Note that "signing" of keys has nothing to do with this at all. Whether the receiving key is confirmed by any of your keys makes no difference, other than the orange or green dots.
jcrowgey
commented
6 years ago I believe I've got a related issue. It's sort of like the converse of what's reported above. Instead of wanting to encrypt without signing, I find that I cannot sign without encrypting.
I've got a 'stripped' keypair where the private key of the master keypair isn't included. There are subkeys for signing and encryption with their private keys available. If I try to sign a message only by clicking 'enable PGP sign-only' then when I try to send the message I get the same error as above: "send-failed: signing subkey not found". I believe that the issue is not with openkeychain, because I can use openkeychain to generate a sign-only message by clicking the button that looks like a talking bubble with a lock on it (presumably, the "encrypt" button, but there is no text label on the interface"), then, if I simply leave the encrypt field blank, I can type my message in the text box and fill out 'sign with' and viola. Obviously, I can also copy-pasta this back into k-9 so I'm not really missing functionality. Nevertheless, the fact that K-9 is saying 'no signing subkey found' when openkeychain can indeed sign a message, seems like a bug to me.
If this is separate enough from the issue reported here, let me know and I'll start a separate issue.
nimbius
commented
5 years ago If your subkey is a signing subkey, you first need to cross-certify it before PGP libraries will accept it as safe for signatures. cross-certification warnings are often caught as a failure. for example, neomutt with gpgme will report a general fault when trying to verify a signature from a non cross-signed key.
it may be possible that the absence of cross-certification causes openkeychain/k9 to fail to load the key at all. I cross-certified my 2048 bit PGP card key and reimported the public keyring into my openkeychain, which allowed me to complete a signature using a stripped subkey on card. Please test.
Expected behavior
I should be able to send PGP encrypted email.
Actual behavior
I can no longer send PGP encryped email.
The new version of K9 that uses OpenKeyChain is simply broken.
I've been using K9 + AGP for years, and it always worked 100%.
If it was possible to get it working, I should have been able to do so: I have been professionally programming for 20 years, and I understand how PGP ticks at a basic mathematical level. If I failed, how much chance would a beginner have?
Steps to reproduce
Note: these steps work 100% with K9 + the old APG (which is now deprecated).
Discussion
The error that K9 throws is not very helpful. It gives no real clue that would help solve the issue. I must admit - I'm stuck. I havn't been able to send an encrypted email since OpenKeyChain was introduced into K9.
Environment
K-9 Mail version: Latest as of 2017-02-04.
Android version: LG G4 + Android 6.0 + Kernel 3.10.84
Account type (IMAP, POP3, WebDAV/Exchange): IMAP.
Update 1
I think i know what the issue is.
Update 2
I deleted all keys in OpenKeyChain.
I then imported my public key again, and verified it with a temporary signing only key.
Its still giving the same error.
Update 3
Uninstalled OpenKeyChain, reinstalled, and am still getting the same error in K9.
When I first installed K9/OpenKeyChain, I was able to send PGP email. If unininstalling/reinstalling OpenKeyChain fails to fix the issue, then I would suspect the issue is with K9.