[Users] [Bug 3045] New: Claws prompts for passphrase on PGP message inside text/plain MIME part

Manfred Schmitt claws at slashproc.org
Sun Jan 5 14:51:07 CET 2014


Michael Schwendt wrote:
> 
> and with the password in there one can decrypt the small part that
> is included inline.

... if it had been encrypted to yourself ;-)

I just did a few tests with ASCII armor PGP messages encrypted to myself:

1) MIME with only one text/plain part and ASCII armor PGP anywhere in the
   the body
2) Multipart MIME with an attachment and ASCII armor PGP anywhere inside 
   a text/plain part
3) Simple plain text without any content-type/transfer encoding at all 
   and ASCII armor PGP anywhere in the body send with mailx (sSMTP sendmail 
   emulation)

So all these messages aren't encrypted with gpg inside Claws but just
include a pasted ASCII armor PGP message anywhere in the body. 
In all cases the ASCII armor PGP message decrypts successfully.

Can I assume that all these messages are legit PGP encrypted (!) mails and 
all works as expected or is there something along the line of robustness 
(Be conservative in what you send, be liberal in what you accept) involved?

However, I'm now assuming that my bug report is invalid, sorry for the noise.
I was just a little bit surprised that Claws prompts me for my gpg passphrase 
while reading a message sent to an open mailing list.

Btw: There is a small translation error in po/de.po:

-msgstr "--- Ende der der PGP/Inline verschl├╝sselten Daten ---\n"
+msgstr "--- Ende der PGP/Inline verschl├╝sselten Daten ---\n"

Should I open another bugreport with a patch?

Bye,
Manne












More information about the Users mailing list