jkraemer / mail-gpg Goto Github PK

View Code? Open in Web Editor NEW

69.0 8.0 24.0 3.64 MB

GPG/MIME extension for the Ruby Mail Library

License: MIT License

Ruby 100.00%

mail-gpg's People

Contributors

Stargazers

Watchers

mail-gpg's Issues

In inline mode, fails trying to decrypt application/pgp-encrypted part

When mail-gpg falls back to inline mode during decryption, AND when the message is multipart, it appears mail-gpg is improperly trying to decrypt the version/control portion of the message, of type application/pgp-encrypted, even though the deryptable data lives only in the actual payload part of the message, of type application/octet-stream. This can result in an uncaught exception from GPGMe of type GPGME::Error::NoData.

According to RFC 3156 (and RFC 2015 as well) the application/pgp-encrypted part is for "control information". https://www.ietf.org/rfc/rfc3156.txt

However, Mail::Gpg::InlineDecryptedMessage.new, called from Mail::Gpg.decrypt_pgp_inline, called from Mail::Gpg.decrypt, tries to decrypt any part with a Content-Type matching EITHER application/octet-stream OR application/pgp-encrypted:

cipher_mail.parts.each do |part|
              p = VerifiedPart.new do |p|
                if part.has_content_type? && /application\/(?:octet-stream|pgp-encrypted)/ =~ part.mime_type
                  # encrypted attachment, we set the content_type to the generic 'application/octet-stream'
                  # and remove the .pgp/gpg/asc from name/filename in header fields
                  decrypted = GpgmeHelper.decrypt(part.decoded, options)

Calling GpgmeHelper.decrypt on a part of type application/pgp-encrypted will throw GPGME::Error::NoData.

For example:

2.2.1 :021 > m.class
 => Mail::Message 
2.2.1 :022 > m.parts[1].content_type
 => "application/pgp-encrypted; name=\"PGPMIME Versions Identification\"" 
2.2.1 :023 > Mail::Gpg::GpgmeHelper.decrypt(m.parts[1].decoded)
GPGME::Error::NoData: GPGME::Error::NoData
    from /Users/ryantate/.rvm/gems/ruby-2.2.1/gems/gpgme-2.0.12/lib/gpgme/ctx.rb:428:in `decrypt'
    from /Users/ryantate/.rvm/gems/ruby-2.2.1/gems/mail-gpg-0.2.6/lib/mail/gpg/gpgme_helper.rb:57:in `block in decrypt'
    from /Users/ryantate/.rvm/gems/ruby-2.2.1/gems/gpgme-2.0.12/lib/gpgme/ctx.rb:79:in `new'
    from /Users/ryantate/.rvm/gems/ruby-2.2.1/gems/mail-gpg-0.2.6/lib/mail/gpg/gpgme_helper.rb:51:in `decrypt'
    from (irb):23
    from /Users/ryantate/.rvm/rubies/ruby-2.2.1/bin/irb:11:in `<main>'

I can make a pull request/patch if you're interested in fixing this.

Provide verify_result from ctx

If I'm not mistaken there's currently no way to see the result of the verification of an encrypted+signed message.

GpgmeHelper#decrypt() probably would need to call ctx.verify_result() after ctx.decrypt_verify(). I'm not sure how to provide that result to the caller, though.

Still interested in this project?

@jkraemer I'm wondering if you're still interested in maintaining this library. You hardly reply or show other activity since month.

Version 3 of Schleuder, the crypto mailing list manager https://codecoop.org/schleuder/schleuder3, is depending on mail-gpg and is bound to be released soon. But I need e.g. #35 resolved for that.

I'd rather like to find a cooperative solution than forking, but ultimately I'd have to do it if nothing happens.

Alternatively we could maybe share maintenance? Or will you come back from silence some time soon?

In any case I'd like to again say: Thanks for your work! You made my life easier!

Incorrect hash algorithm advertised

GnuPG defaults to sha256 since 2014. (See d332467)
Back in 2013 it was decided to advertise sha1 in signed mails. (See d1b0666)
Theoretically the hash algorithm is known but it's complex to get this information from where it's signed to Mail::Gpg::Sign.
A quickfix would be to simply advertise pgp-sha256.
Note: Currently the mail I send will advertise pgp-sha1 but it's signed with sha256 anyways. (I use the default gpg configuration.)

undefined method empty? for GPGME::Key

While upgrading a Rails app, I've stumbled over a potential regression.

In 0.3.1, this works:

class UserMailer < ApplicationMailer
  def confirm(user)
    mail to: user.email, gpg: {
      encrypt: true,
      sign_as: GPG_SIGN_EMAIL,
      keys:    { user.email => user.gpg_key },
    }
  end
end

In 0.3.3, this fails with

NoMethodError: undefined method `empty?' for #<GPGME::Key:0x000055b0630c1548>
    mail-gpg (0.3.3) lib/mail/gpg/gpgme_helper.rb:128:in `block in keys_for_data'
    mail-gpg (0.3.3) lib/mail/gpg/gpgme_helper.rb:120:in `map'
    mail-gpg (0.3.3) lib/mail/gpg/gpgme_helper.rb:120:in `keys_for_data'
    mail-gpg (0.3.3) lib/mail/gpg/gpgme_helper.rb:14:in `encrypt'
    mail-gpg (0.3.3) lib/mail/gpg/encrypted_part.rb:20:in `initialize'
    mail-gpg (0.3.3) lib/mail/gpg.rb:43:in `new'
    mail-gpg (0.3.3) lib/mail/gpg.rb:43:in `block in encrypt'
    mail-gpg (0.3.3) lib/mail/gpg.rb:113:in `instance_eval'
    mail-gpg (0.3.3) lib/mail/gpg.rb:113:in `block in construct_mail'
    mail (2.7.0) lib/mail/message.rb:153:in `instance_eval'
    mail (2.7.0) lib/mail/message.rb:153:in `initialize'
    mail (2.7.0) lib/mail/mail.rb:51:in `new'
    mail (2.7.0) lib/mail/mail.rb:51:in `new'
    mail-gpg (0.3.3) lib/mail/gpg.rb:106:in `construct_mail'
    mail-gpg (0.3.3) lib/mail/gpg.rb:29:in `encrypt'
    mail-gpg (0.3.3) lib/mail/gpg/delivery_handler.rb:11:in `deliver_mail'
    mail-gpg (0.3.3) lib/mail/gpg/rails/action_mailer_base_patch.rb:31:in `block in deliver_mail'
    actionmailer (4.2.10) lib/action_mailer/base.rb:543:in `block in deliver_mail'
    activesupport (4.2.10) lib/active_support/notifications.rb:164:in `block in instrument'
    activesupport (4.2.10) lib/active_support/notifications/instrumenter.rb:20:in `instrument'
    activesupport (4.2.10) lib/active_support/notifications.rb:164:in `instrument'
    actionmailer (4.2.10) lib/action_mailer/base.rb:541:in `deliver_mail'
    mail-gpg (0.3.3) lib/mail/gpg/rails/action_mailer_base_patch.rb:30:in `deliver_mail'
    mail (2.7.0) lib/mail/message.rb:260:in `deliver'
    actionmailer (4.2.10) lib/action_mailer/message_delivery.rb:85:in `deliver_now'

The user.gpg_key basically performs a GPGME::Ctx#get_key (+lazy import if it doesn't exist locally), and returns a GPGME::Key instance. It also stores the import time in the database, and does some validation. Originally it was the only way to prevent a double-lookup of the key (which #55 tries to remedy?), but it's broken now.

Why delivery_handler, not interceptor?

Is there a specific reason that mail-gpg has been implemented as a delivery_handler, instead of an interceptor?

The latter seems more appropriate to me. And it would also enable to chain it with other custom code that modifies messages, while with the delivery_handler I must implement my own code as delivery_handler that wraps mail-gpg.

Would it be an option to maybe rebuild mail-gpg as an interceptor?

Background: I want to handle specific headers in a certain way (remove them from the encrypted message) in order to protect headers as suggested by https://github.com/autocrypt/memoryhole

Copy all headers, not only selected ones

gpg.rb:103ff defines and uses a list of "standard" and "more" headers that are to be copied from the cleartext email to the new wrapper email. That list is not sufficient, there's a lot more headers in legitimate use. Personally I'd like to use the List-*-headers.

Is there any reason to exclude them from the list of allowed headers? They're even standardized in own RFCs (e.g. List-Id, from RFC 2919).

[Edit: I see List-Id has been added to the list. Still missing are List-Post, List-Help and others.]

Beyond that I'm wondering what the motivation for this list is. Why not just copy all headers except those that need to change? If I want to include a header of my choice (standardized or not) I should be able to do so, no?

Hkp#search fails for uris with url scheme hkp

When I try to search on a keyserver with url scheme hkp I get a No such file error. I think that is due to mail-gpg's Hkp class using open-uri under the hood, which only works with http, https and ftp (please correct me if I'm wrong).

Steps to reproduce:

hkp = Hkp.new("hkp://keys.gnupg.net")
hkp.search(email)
Errno::ENOENT: No such file or directory @ rb_sysopen - hkp://keys.gnupg.net/pks/lookup?options=mr&search=...

It works when providing the same host and path but with url scheme http (e.g. "http://keys.gnupg.net").

I got really confused, because the README has a hkp url in the Key lookup example.

I would be happy to provide a fix, either as an update to the README or improving the Hkp class, but wanted to get your guys opinions first. Also, please enlighten me if I got it all wrong 😅

Parse decrypted email

Hi,
I have two problem with mail-gpg explain in below
first of all i receive email through http payload with Postal gem, the encoded mail is only one file called msg.asc, I created new mail object with msg.asc source in body ..

      def decrypt_message
        return unless mail_object.encrypted?

        response = mail_object.decrypt(password: Rails.application.secrets.pgp_secret_key)
        params[:html_body] = response
        params[:plain_body] = response
      end
      def mail_object
        mail = Mail.new
        mail.body = Base64.decode64(params[:attachments][0][:data])

        mail
      end

Is this the right way for decode ?
and second problem is :
the result is not a mail object , its just the source of email, something like the structure below:
and i couldn't parse this source, any idea about that ?

gpg: encrypted with 2048-bit RSA key, ID 0A8387EEB8F331211, created 2019-06-18
      "[email protected]"
gpg: encrypted with 2048-bit RSA key, ID 5CA8644C56CC12BD, created 2019-06-18
      "[email protected] <[email protected]>"
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="3c4321aa4bd8591a78df6a5539b7bbb2"

--3c4321aa4bd8591a78df6a5539b7bbb2
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline; filename="msg.txt"

Subject: subject is encrypted too

Why body and subject is encrypted =3F

--3c4321aa4bd8591a78df6a5539b7bbb2
Content-Type: text/plain
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
 filename="Modern.srt"

77u/MQ0KMDA6MDA6MDMsMjM3IC0tPiAwMDowMDowNSw2MzkNCuKAq9qG2LHYpyDYrdix2YEg2YbZ
hduM2LLZhtuM2J8NCuKAq9in2LIg2K/Ys9iqINmF2YYg2LnYtdio2KfZhtuMINmH2LPYqtuM2J8N


--3c5991aa4bd8591a78df6a5539b7aaa2

Support for newer PGP public key servers

Hello!

Thanks for the work done here, it's pretty useful :)

I was wondering if the hkp library could be updated to support newer public keyservers, like https://keys.openpgp.org/as, for me, it seems to be more reliable and more updated than http://pool.sks-keyservers.net:11371.
Furthermore, they are resilient against the recent PGP attacks.

Checking the API specs of keys.openpgp.org it seems the change should be easy to do:

https://github.com/jkraemer/mail-gpg/blob/master/lib/hkp.rb#L86

What do you think of this change?
Thanks in advance.

[Feature Request] disable key lookup

Hi,

in my app I only want to use keys. So I do not want to look up keys given a mail address. If the key (given as string) does not work I would like an exception to be raised.

I think to implement this one would need to warp this line in a options check and raise some error, if the key couldn't be imported. It might well be that there are other things that have to be changed for this.

please do not mix signed+encrypted headers with unsigned+cleartext headers

Over in https://0xacab.org/schleuder/schleuder/merge_requests/46 i learned that mail-gpg handles an encrypted PGP/MIME message this way when asked for decryption:

mail-gpg […] Use[s] the decrypted parts as new mail-object and add all headers from the "outer", encrypted message into it (without overwriting any headers).

Either way we end up with a message that contains the cleartext, and also headers from the "outer" message.

This means that the resulting decrypted message object (which is also associated with some sort of signature status, if there was a signature within the encryption as well) has a mixture of cleartext+unsigned headers and encrypted+signed headers.

This is potentially pretty bad news, if any subsequent message handler infers something about the body of the message based on the headers which it thinks are signed, or had been protected by encryption. Is there no way to distinguish between the "inner" headers and the "outer" headers once decryption is done?

mail-gpg should provide the decrypted part independently from the outer cleartext/forgable layer so that handlers can distinguish between them.

Rails 4.2 -> 5.0 -> 5.1 deprecation warnings

Hello,

I'm working on updating an app that relies on mail-gpg to Rails 5.

The following deprecation warnings crop up when running the tests with Rails 4.2:

DEPRECATION WARNING: `#deliver` is deprecated and will be removed in Rails 5. Use `#deliver_now` to deliver immediately or `#deliver_later` to deliver through Active Job. (called from block (3 levels) in <class:ActionMailerTest> at /home/travis/build/jkraemer/mail-gpg/test/action_mailer_test.rb:97)
DEPRECATION WARNING: `#deliver` is deprecated and will be removed in Rails 5. Use `#deliver_now` to deliver immediately or `#deliver_later` to deliver through Active Job. (called from block (3 levels) in <class:ActionMailerTest> at /home/travis/build/jkraemer/mail-gpg/test/action_mailer_test.rb:112)
DEPRECATION WARNING: `#deliver` is deprecated and will be removed in Rails 5. Use `#deliver_now` to deliver immediately or `#deliver_later` to deliver through Active Job. (called from block (3 levels) in <class:ActionMailerTest> at /home/travis/build/jkraemer/mail-gpg/test/action_mailer_test.rb:87)
DEPRECATION WARNING: `#deliver` is deprecated and will be removed in Rails 5. Use `#deliver_now` to deliver immediately or `#deliver_later` to deliver through Active Job. (called from block (3 levels) in <class:ActionMailerTest> at /home/travis/build/jkraemer/mail-gpg/test/action_mailer_test.rb:52)
DEPRECATION WARNING: `#deliver` is deprecated and will be removed in Rails 5. Use `#deliver_now` to deliver immediately or `#deliver_later` to deliver through Active Job. (called from block (3 levels) in <class:ActionMailerTest> at /home/travis/build/jkraemer/mail-gpg/test/action_mailer_test.rb:66)
DEPRECATION WARNING: `#deliver` is deprecated and will be removed in Rails 5. Use `#deliver_now` to deliver immediately or `#deliver_later` to deliver through Active Job. (called from block (3 levels) in <class:ActionMailerTest> at /home/travis/build/jkraemer/mail-gpg/test/action_mailer_test.rb:42)

And these are raised when running them with Rails 5:

DEPRECATION WARNING: alias_method_chain is deprecated. Please, use Module#prepend instead. From module, you can access the original method using super. (called from block in <module:ActionMailerPatch> at /home/travis/build/jkraemer/mail-gpg/lib/mail/gpg/rails/action_mailer_base_patch.rb:11)
DEPRECATION WARNING: alias_method_chain is deprecated. Please, use Module#prepend instead. From module, you can access the original method using super. (called from singleton class at /home/travis/build/jkraemer/mail-gpg/lib/mail/gpg/rails/action_mailer_base_patch.rb:13)

Considering the Rails maintenance policy do you think that dropping support for Rails < 4.2 is feasible? I don't like the idea of adding logic that checks current Rails version to handle these deprecations.

Strip "headers" from clearsigned inline messages

In InlineSignedMessage#strip_inline_signature() mail-gpg strips the signature and adds an end-of-signed-text-marker.

In my opinion it should also remove the optional OpenPGP-"headers" that may follow the begin-of-signed-text-marker, like these:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

If I understand the idea correctly it is meant to help identifying which section of the text was actually signed. The "headers" are meta-data that don't help humans, but only irritate them. They should be stripped, too.

If you agree I could look into implementing this.

Patch for gpg2/gpg-agent

gpg2 requires the use of gpg-agent to use passphrases. In order to run scripts non-interactivly mail-gpg therefore needs a way to put passphrases into gpg-agent.

One option is to implement a pinentry-kind-of program that speaks the assuan-protocol.

The other, easier option is to run gpg-preset-passphrase. That works like this:

ENV['GPG_AGENT_INFO'] = `eval $(gpg-agent --allow-preset-passphrase --daemon) && echo $GPG_AGENT_INFO`
`gpgconf --list-dir`.match(/libexecdir:(.*)/)                                  
gppbin = File.join($1, 'gpg-preset-passphrase')
fpr = fingerprint_of_key_to_unlock
passphrase = gpg_passphrase_for_key
Open3.popen3(gppbin, '--preset', fpr) do |stdin, stdout, stderr|
  stdin.puts passphrase
  err = stderr.readlines
  $stderr.puts err if ! err.to_s.empty?
end
# Hook to kill gpg-agent when script finishes.
Signal.trap(0, proc {  Process.kill('TERM', ENV['GPG_AGENT_INFO'].split(':')[1]) })

I'm not sure where to put this in mail-gpg so I'm posting it here for now. What do you think?

Properly handle "inline"-encrypted multipart/alternative

Several tools, e.g. Mailvelope, produce multipart/alternative-messages in which both parts contain the ciphertext; and in the html-part it's enclosed in a little HTML.

Example:

Content-Type: multipart/alternative; boundary="94eb2c074e843f8e250550e728d4"

--94eb2c074e843f8e250550e728d4
Content-Type: text/plain; charset="UTF-8"

-----BEGIN PGP MESSAGE-----
Version: Mailvelope v1.7.2
Comment: https://www.mailvelope.com

wcFMA2zW/XKwDLjKAQ//eVs/Ng+IcfUt+QuYLHZbZAsKwD9qhXs06DWRh6zY
1sO2hI59CMvoZ1P+DzMOPBqpBmQ438y3+kxEzOJVh1KxKJukFEv39m/QZDOk
[...]
j15W9B36eQcqqwz9MJ53/V0k5kvGiTTdQt+tH09+NwMHSjQVBFrhat8bVCdM
K3GxDIArXwi/yxRdg0IEqBdZvBxzcL8A3JVS0xzuOUXiErcQ5jTRt9IaiM/d
=wXg6
-----END PGP MESSAGE-----

--94eb2c074e843f8e250550e728d4
Content-Type: text/html; charset="UTF-8"

<div dir="ltr"><pre>-----BEGIN PGP MESSAGE-----
Version: Mailvelope v1.7.2
Comment: <a href="https://www.mailvelope.com">https://www.mailvelope.com</a>

wcFMA2zW/XKwDLjKAQ//eVs/Ng+IcfUt+QuYLHZbZAsKwD9qhXs06DWRh6zY
1sO2hI59CMvoZ1P+DzMOPBqpBmQ438y3+kxEzOJVh1KxKJukFEv39m/QZDOk
[...]
j15W9B36eQcqqwz9MJ53/V0k5kvGiTTdQt+tH09+NwMHSjQVBFrhat8bVCdM
K3GxDIArXwi/yxRdg0IEqBdZvBxzcL8A3JVS0xzuOUXiErcQ5jTRt9IaiM/d
=wXg6
-----END PGP MESSAGE-----
<pre></pre></pre></div>

--94eb2c074e843f8e250550e728d4--

gpgme chokes on the html-part when mail-gpg tries to decrypt the body (GPGME::Error::NoData).

In my eyes it's mail-gpg's reponsibility to find decryptable ciphertext or deal with non-decipherable parts. But should undecryptable ciphertexts be stripped? Or be left untouched in the mime-structure? And how to communicate the failed attempt to the calling code?

A little fix that just leave mime-parts of type 'text/html' alone is already done. If you would like it as a pull request, please let me know.

Debian / ruby2.5 / mail-gpg 0.3.2: Failing tests

Hi,

While importing the last release into Debian, I did run into the following, which blocks the upload currently:

Loaded suite /usr/lib/ruby/vendor_ruby/rake/rake_test_loader
Started
DEPRECATION WARNING: `#deliver` is deprecated and will be removed in Rails 5. Use `#deliver_now` to deliver immediately or `#deliver_later` to deliver through Active Job. (called from block (3 levels) in <class:ActionMailerTest> at /<<PKGBUILDDIR>>/test/action_mailer_test.rb:117)
.DEPRECATION WARNING: `#deliver` is deprecated and will be removed in Rails 5. Use `#deliver_now` to deliver immediately or `#deliver_later` to deliver through Active Job. (called from block (3 levels) in <class:ActionMailerTest> at /<<PKGBUILDDIR>>/test/action_mailer_test.rb:89)
/<<PKGBUILDDIR>>/lib/mail/gpg/message_patch.rb:41: warning: instance variable @gpg not initialized
.DEPRECATION WARNING: `#deliver` is deprecated and will be removed in Rails 5. Use `#deliver_now` to deliver immediately or `#deliver_later` to deliver through Active Job. (called from block (3 levels) in <class:ActionMailerTest> at /<<PKGBUILDDIR>>/test/action_mailer_test.rb:102)
.DEPRECATION WARNING: `#deliver` is deprecated and will be removed in Rails 5. Use `#deliver_now` to deliver immediately or `#deliver_later` to deliver through Active Job. (called from block (3 levels) in <class:ActionMailerTest> at /<<PKGBUILDDIR>>/test/action_mailer_test.rb:53)
.DEPRECATION WARNING: `#deliver` is deprecated and will be removed in Rails 5. Use `#deliver_now` to deliver immediately or `#deliver_later` to deliver through Active Job. (called from block (3 levels) in <class:ActionMailerTest> at /<<PKGBUILDDIR>>/test/action_mailer_test.rb:67)
.DEPRECATION WARNING: `#deliver` is deprecated and will be removed in Rails 5. Use `#deliver_now` to deliver immediately or `#deliver_later` to deliver through Active Job. (called from block (3 levels) in <class:ActionMailerTest> at /<<PKGBUILDDIR>>/test/action_mailer_test.rb:43)
/<<PKGBUILDDIR>>/lib/mail/gpg/message_patch.rb:41: warning: instance variable @gpg not initialized
.E
===============================================================================
Error: test: DecryptedPart should decrypt and verify. (DecryptedPartTest): NoMethodError: undefined method `size' for nil:NilClass
/<<PKGBUILDDIR>>/lib/mail/gpg/gpgme_helper.rb:132:in `keys_for_data'
/<<PKGBUILDDIR>>/lib/mail/gpg/gpgme_helper.rb:14:in `encrypt'
/<<PKGBUILDDIR>>/lib/mail/gpg/encrypted_part.rb:20:in `initialize'
/<<PKGBUILDDIR>>/test/decrypted_part_test.rb:14:in `new'
/<<PKGBUILDDIR>>/test/decrypted_part_test.rb:14:in `block (2 levels) in <class:DecryptedPartTest>'
===============================================================================
E
===============================================================================
Error: test: DecryptedPart should decrypt. (DecryptedPartTest): NoMethodError: undefined method `size' for nil:NilClass
/<<PKGBUILDDIR>>/lib/mail/gpg/gpgme_helper.rb:132:in `keys_for_data'
/<<PKGBUILDDIR>>/lib/mail/gpg/gpgme_helper.rb:14:in `encrypt'
/<<PKGBUILDDIR>>/lib/mail/gpg/encrypted_part.rb:20:in `initialize'
/<<PKGBUILDDIR>>/test/decrypted_part_test.rb:14:in `new'
/<<PKGBUILDDIR>>/test/decrypted_part_test.rb:14:in `block (2 levels) in <class:DecryptedPartTest>'
===============================================================================
E
===============================================================================
Error: test: DecryptedPart should raise encoding error for non gpg mime type. (DecryptedPartTest): NoMethodError: undefined method `size' for nil:NilClass
/<<PKGBUILDDIR>>/lib/mail/gpg/gpgme_helper.rb:132:in `keys_for_data'
/<<PKGBUILDDIR>>/lib/mail/gpg/gpgme_helper.rb:14:in `encrypt'
/<<PKGBUILDDIR>>/lib/mail/gpg/encrypted_part.rb:20:in `initialize'
/<<PKGBUILDDIR>>/test/decrypted_part_test.rb:14:in `new'
/<<PKGBUILDDIR>>/test/decrypted_part_test.rb:14:in `block (2 levels) in <class:DecryptedPartTest>'
===============================================================================
E
===============================================================================
Error: test: EncryptedPart with email address should resolve email to gpg keys. (EncryptedPartTest): NoMethodError: undefined method `size' for nil:NilClass
/<<PKGBUILDDIR>>/lib/mail/gpg/gpgme_helper.rb:132:in `keys_for_data'
/<<PKGBUILDDIR>>/lib/mail/gpg/gpgme_helper.rb:14:in `encrypt'
/<<PKGBUILDDIR>>/lib/mail/gpg/encrypted_part.rb:20:in `initialize'
/<<PKGBUILDDIR>>/test/encrypted_part_test.rb:20:in `new'
/<<PKGBUILDDIR>>/test/encrypted_part_test.rb:20:in `block (2 levels) in <class:EncryptedPartTest>'
===============================================================================
E
===============================================================================
Error: test: EncryptedPart with email address should resolve emails to gpg keys. (EncryptedPartTest): NoMethodError: undefined method `size' for nil:NilClass
/<<PKGBUILDDIR>>/lib/mail/gpg/gpgme_helper.rb:132:in `keys_for_data'
/<<PKGBUILDDIR>>/lib/mail/gpg/gpgme_helper.rb:14:in `encrypt'
/<<PKGBUILDDIR>>/lib/mail/gpg/encrypted_part.rb:20:in `initialize'
/<<PKGBUILDDIR>>/test/encrypted_part_test.rb:20:in `new'
/<<PKGBUILDDIR>>/test/encrypted_part_test.rb:20:in `block (2 levels) in <class:EncryptedPartTest>'
===============================================================================
E
===============================================================================
Error: test: EncryptedPart with emails and key data should resolve to gpg keys. (EncryptedPartTest): NoMethodError: undefined method `size' for nil:NilClass
/<<PKGBUILDDIR>>/lib/mail/gpg/gpgme_helper.rb:132:in `keys_for_data'
/<<PKGBUILDDIR>>/lib/mail/gpg/gpgme_helper.rb:14:in `encrypt'
/<<PKGBUILDDIR>>/lib/mail/gpg/encrypted_part.rb:20:in `initialize'
/<<PKGBUILDDIR>>/test/encrypted_part_test.rb:20:in `new'
/<<PKGBUILDDIR>>/test/encrypted_part_test.rb:20:in `block (2 levels) in <class:EncryptedPartTest>'
===============================================================================
E
===============================================================================
Error: test: EncryptedPart with key fingerprint should resolve id list to gpg keys. (EncryptedPartTest): NoMethodError: undefined method `size' for nil:NilClass
/<<PKGBUILDDIR>>/lib/mail/gpg/gpgme_helper.rb:132:in `keys_for_data'
/<<PKGBUILDDIR>>/lib/mail/gpg/gpgme_helper.rb:14:in `encrypt'
/<<PKGBUILDDIR>>/lib/mail/gpg/encrypted_part.rb:20:in `initialize'
/<<PKGBUILDDIR>>/test/encrypted_part_test.rb:20:in `new'
/<<PKGBUILDDIR>>/test/encrypted_part_test.rb:20:in `block (2 levels) in <class:EncryptedPartTest>'
===============================================================================
E
===============================================================================
Error: test: EncryptedPart with key fingerprint should resolve single id  gpg keys. (EncryptedPartTest): NoMethodError: undefined method `size' for nil:NilClass
/<<PKGBUILDDIR>>/lib/mail/gpg/gpgme_helper.rb:132:in `keys_for_data'
/<<PKGBUILDDIR>>/lib/mail/gpg/gpgme_helper.rb:14:in `encrypt'
/<<PKGBUILDDIR>>/lib/mail/gpg/encrypted_part.rb:20:in `initialize'
/<<PKGBUILDDIR>>/test/encrypted_part_test.rb:20:in `new'
/<<PKGBUILDDIR>>/test/encrypted_part_test.rb:20:in `block (2 levels) in <class:EncryptedPartTest>'
===============================================================================
E
===============================================================================
Error: test: EncryptedPart with key id should resolve id list to gpg keys. (EncryptedPartTest): NoMethodError: undefined method `size' for nil:NilClass
/<<PKGBUILDDIR>>/lib/mail/gpg/gpgme_helper.rb:132:in `keys_for_data'
/<<PKGBUILDDIR>>/lib/mail/gpg/gpgme_helper.rb:14:in `encrypt'
/<<PKGBUILDDIR>>/lib/mail/gpg/encrypted_part.rb:20:in `initialize'
/<<PKGBUILDDIR>>/test/encrypted_part_test.rb:20:in `new'
/<<PKGBUILDDIR>>/test/encrypted_part_test.rb:20:in `block (2 levels) in <class:EncryptedPartTest>'
===============================================================================
E
===============================================================================
Error: test: EncryptedPart with key id should resolve single id  gpg keys. (EncryptedPartTest): NoMethodError: undefined method `size' for nil:NilClass
/<<PKGBUILDDIR>>/lib/mail/gpg/gpgme_helper.rb:132:in `keys_for_data'                                                                                                                                                                                                                                                                                                                                                                     
/<<PKGBUILDDIR>>/lib/mail/gpg/gpgme_helper.rb:14:in `encrypt'
/<<PKGBUILDDIR>>/lib/mail/gpg/encrypted_part.rb:20:in `initialize'
/<<PKGBUILDDIR>>/test/encrypted_part_test.rb:20:in `new'
/<<PKGBUILDDIR>>/test/encrypted_part_test.rb:20:in `block (2 levels) in <class:EncryptedPartTest>'
===============================================================================
......................................................../<<PKGBUILDDIR>>/lib/mail/gpg/verify_result_attribute.rb:10: warning: instance variable @verify_result not initialized
.......................
.........

Finished in 25.665790299 seconds.
------
104 tests, 471 assertions, 0 failures, 10 errors, 0 pendings, 0 omissions, 0 notifications
90.3846% passed
------
4.05 tests/s, 18.35 assertions/s
rake aborted!

Please note: Debian switched recently to ruby2.5, not sure if this could be related. Also, the deprecation warnings aren't a problem (currently), I'm more afraid of the failing tests. Any advice regarding this?

Thanks for your work,
cheers,
Georg

Shouldn't the Gemfile have a dependency on gpgme?

I was researching the idea that GnuPG (starting with 2.1 apparently) sort of got rid of passphrase_callback
https://stackoverflow.com/questions/35064312/why-does-gpgme-gnupg-use-pinentry-for-password-input tho it appears to me that gpgme and the gpgme gem still seem to support it

my googling led me to your repo and you mention in the README that you can use passphrase_callback

gpg encrypt: true, sign_as: '[email protected]',
      passphrase_callback: ->(obj, uid_hint, passphrase_info, prev_was_bad, fd){puts "Enter passphrase for #{passphrase_info}: "; (IO.for_fd(fd, 'w') << readline.chomp).flush }
end.deliver

So then I wondered what gpgme gem version the mail-gpg gem could support, but I didn't see any references to the gpgme gem. This is just a long-winded way of saying, shouldn't you have a gem dependency on gpgme in Gemfile (regardless of whether they're getting rid of passphrase_callback) LOL.

Changing the attachment filename (encrypted.asc)

This is a question/feature request ...

Is there any scope for changing the filename used as the encrypted attachment - currently 'encrypted.asc'? It looks fairly hard coded within EncryptedPart class - is that deliberately so? For example, could a timestamp be added so it became '2015.08.14-020312_encrypted.asc' or even be able to add in another unique ID to the name. I've potentially got quite a lot of encrypted attachments to deal with and a way to distinguish them without revealing anything about what's inside the message would be useful. Thanks.

Rails integration issue when encrypting with users public key

my mailer received an override

def mail(args)
    if current_user&.want_encrypted_mails?
      args[:gpg] = {encrypt: true, keys: {current_user.email => current_user.account_setting.pgp_public_key} }
    end
    super(args)
  end

quick verification of the args hash

{:to=>"[email protected]",
 :subject=>"Test mail",
 :template_path=>"mailers/deposit_mailer",
 :gpg=>
  {:encrypt=>true,
   :keys=>
    {"[email protected]"=>
      "-----BEGIN PGP PUBLIC KEY BLOCK-----\r\nmQIN......................PN\r\n=KIA3\r\n-----END PGP PUBLIC KEY BLOCK-----"}}}

so this seem to look correct. however if i inspect the email, mail.body.encoded it's all in plaintext.

what am i missing or what am i doing wrong?

Only encrypt the body

After playing around with it i noticed that after decoding the message block a bunch of information like the date, to, from headers etc... is also present. I now have working code that adds an extra option (clean) that doesn't affect anything else and allows just the body to be encrypted and i would like to make a pull request for it since my team needs the feature

Unexpected encryption

Hi,

I have mailers that look like that:

class TabMailer < ActionMailer::Base
    def tab_email(tab)
        @user = tab.user
        @tab = tab
        to = get_email_with_name(@user)
        mail(
            from: '[email protected]',
            to: to,
            subject: 'Some subject',
            gpg: {
                encrypt: [email protected]_key,
                keys: {
                    @user.email => @user.pgp_key
                }
            })
    end
end

each tab is guaranteed to have a user. But not every user has the pgp_key field filled. What happens is, that some users (not all) that don't have a pgp_key get an encrypted mail anyway. The keys used for encryption of those mails are all keys in the database together. I can't reproduce this behavior in development environment. Any idea what that issue comes from?

False positive while detecting inline signature

When detecting inline signatures, signed_inline? only checks if -----BEGIN PGP SIGNED MESSAGE----- is present, but I came across mail where it was present in the citation of a previous mail, thus wrongly marking the mail as signed.
An easy fix would be to simply check if -----BEGIN PGP SIGNED MESSAGE----- is present at the begginning of a line. I would have proposed a patch, but my knowledge of ruby is nearly inexistent.

Encrypt with senders public key

I think it would be a good idea to encrypt emails with senders public key for any email that is sent encrypted. This way the sender will be able to decrypt sent email (an equivalent of the sent folder in whatever smtp provider that is used). So, for example

If an email is sent with gpg encrypt: true, it would automatically add sender's key to the key argument. This perhaps make more sense in ActiveMailer and then you could have a global setting

# this will be the default even if it is not provided
config.action_mailer.gpg_encrypt_sender = false

config.action_mailer.gpg_encrypt_sender = { 
  keys: { 
   '[email protected]' => support_key,
   '[email protected]' => tech_key 
  }
}

I'd be happy to give it a try but I wanted to run it past you before I starting coding away. What do you think?

Releases: Please provide signatures

As announced, I've packaged mail-gpg for Debian. For further releases, I really would like to be sure to pull in code which wasn't tampered along the way. Would it be possible for you to provide signatures for the releases? Here are some information about the workflow involved.

TIA and for your work!

Meaningful exception classes on gpg failure

Hi,

I'm using the library in a rails application, and was getting NULL pointer exceptions when trying to deliver an email. Eventually traced it to this line:

mail-gpg/lib/mail/gpg/delivery_handler.rb

Line 19 in 1c77be4

raise $! if mail.raise_encryption_errors

but only a serious struggle. Would it be possible to wrap it in some more meaningful exception? Thanks!

Replying to inline-encrypted email broken?

When I'm trying to reply to an inline-pgp formatted email with message.reply() I'm seeing this:

wrong number of arguments (0 for 1..2)
/var/lib/gems/2.1.0/gems/mail-gpg-0.2.6/lib/mail/gpg/inline_decrypted_message.rb:15:in `initialize'
/var/lib/gems/2.1.0/gems/mail-2.6.4.rc2/lib/mail/message.rb:266:in `new'
/var/lib/gems/2.1.0/gems/mail-2.6.4.rc2/lib/mail/message.rb:266:in `reply'

I guess this is because Mail::Message#reply (and Mail::Message#new) don't require any argument, while Mail::Gpg::InlineDecryptedMessage#new does.

Or am I doing something wrong?

Signature verification broken since 0.4.3

At least for some kind of emails, signature verification is broken since: 5fded41 - Somehow this reverted changes that explicitly helped to address these issues. It's not clear why these changes got reverted.

See more details here: https://0xacab.org/schleuder/schleuder/-/issues/502

See https://0xacab.org/schleuder/schleuder/-/merge_requests/387 how this can be fixed, including tests that show it is broken.

Example from readme isn't working

johns_key = <<-END
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.12 (GNU/Linux)

mQGiBEk39msRBADw1ExmrLD1OUMdfvA7cnVVYTC7CyqfNvHUVuuBDhV7azs
....
END

Mail.new do
  to '[email protected]'
  gpg encrypt: true, keys: { '[email protected]' => johns_key }
end.deliver

i just added the .deliver which will raise an exception Mail::Gpg::MissingKeysError: No keys to encrypt to!

gpgme: NULL pointer given

I get a lot of ArgumentError: NULL pointer given when sending signed emails:

ruby/2.3.0/gems/gpgme-2.0.12/lib/gpgme/ctx.rb:480:in `gpgme_op_sign_result'
ruby/2.3.0/gems/gpgme-2.0.12/lib/gpgme/ctx.rb:480:in `sign_result'
ruby/2.3.0/gems/gpgme-2.0.12/lib/gpgme/crypto.rb:251:in `rescue in block in sign'
ruby/2.3.0/gems/gpgme-2.0.12/lib/gpgme/crypto.rb:248:in `block in sign'
ruby/2.3.0/gems/gpgme-2.0.12/lib/gpgme/ctx.rb:79:in `new'
ruby/2.3.0/gems/gpgme-2.0.12/lib/gpgme/crypto.rb:242:in `sign'
ruby/2.3.0/gems/mail-gpg-0.3.0/lib/mail/gpg/gpgme_helper.rb:79:in `sign'
ruby/2.3.0/gems/mail-gpg-0.3.0/lib/mail/gpg/sign_part.rb:6:in `initialize'
ruby/2.3.0/gems/mail-gpg-0.3.0/lib/mail/gpg/signed_part.rb:29:in `new'
ruby/2.3.0/gems/mail-gpg-0.3.0/lib/mail/gpg/signed_part.rb:29:in `sign'
ruby/2.3.0/gems/mail-gpg-0.3.0/lib/mail/gpg.rb:55:in `block in sign'
ruby/2.3.0/gems/mail-gpg-0.3.0/lib/mail/gpg.rb:113:in `instance_eval'
ruby/2.3.0/gems/mail-gpg-0.3.0/lib/mail/gpg.rb:113:in `block in construct_mail'
ruby/2.3.0/gems/mail-2.6.4/lib/mail/message.rb:133:in `instance_eval'
ruby/2.3.0/gems/mail-2.6.4/lib/mail/message.rb:133:in `initialize'
ruby/2.3.0/gems/mail-2.6.4/lib/mail/mail.rb:51:in `new'
ruby/2.3.0/gems/mail-2.6.4/lib/mail/mail.rb:51:in `new'
ruby/2.3.0/gems/mail-gpg-0.3.0/lib/mail/gpg.rb:106:in `construct_mail'
ruby/2.3.0/gems/mail-gpg-0.3.0/lib/mail/gpg.rb:52:in `sign'
ruby/2.3.0/gems/mail-gpg-0.3.0/lib/mail/gpg/delivery_handler.rb:13:in `deliver_mail'
ruby/2.3.0/gems/mail-gpg-0.3.0/lib/mail/gpg/rails/action_mailer_base_patch.rb:31:in `block in deliver_mail'
ruby/2.3.0/gems/actionmailer-4.2.8/lib/action_mailer/base.rb:543:in `block in deliver_mail'
ruby/2.3.0/gems/activesupport-4.2.8/lib/active_support/notifications.rb:164:in `block in instrument'
ruby/2.3.0/gems/activesupport-4.2.8/lib/active_support/notifications/instrumenter.rb:20:in `instrument'
ruby/2.3.0/gems/activesupport-4.2.8/lib/active_support/notifications.rb:164:in `instrument'
ruby/2.3.0/gems/actionmailer-4.2.8/lib/action_mailer/base.rb:541:in `deliver_mail'
ruby/2.3.0/gems/mail-gpg-0.3.0/lib/mail/gpg/rails/action_mailer_base_patch.rb:30:in `deliver_mail'
ruby/2.3.0/gems/mail-2.6.4/lib/mail/message.rb:237:in `deliver'
ruby/2.3.0/gems/actionmailer-4.2.8/lib/action_mailer/message_delivery.rb:85:in `deliver_now'
ruby/2.3.0/gems/actionmailer-4.2.8/lib/action_mailer/delivery_job.rb:10:in `perform'
ruby/2.3.0/gems/activejob-4.2.8/lib/active_job/execution.rb:32:in `block in perform_now'
[...]

Does anyone else experience this kind of problems?

jkraemer / mail-gpg Goto Github PK

mail-gpg's People

Contributors

Stargazers

Watchers

Forkers

mail-gpg's Issues

Recommend Projects

Recommend Topics

Recommend Org