Allow sending of non-OpenPGP emails, even if there's a problem with the user's configured OpenPGP key
Categories
(MailNews Core :: Security: OpenPGP, defect)
Tracking
(thunderbird_esr78 fixed, thunderbird79 fixed)
People
(Reporter: mike.cloaked, Assigned: KaiE)
References
Details
Attachments
(1 file)
|
(deleted),
text/x-phabricator-request
|
wsmwk
:
approval-comm-beta+
wsmwk
:
approval-comm-esr78+
|
Details |
User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
Steps to reproduce:
Installed Thunderbird 78.0b4 build 1 - start with the profile manager and select the previously working profile from Thunderbird 78.0b3 build 2, which was working fine to send email, with an imported PGP key, and with no signing, or attached key, and no encryption. Compose a new email, add recipient, subject and body and click send.
Actual results:
Compose a new message, add recipient and click send.
Window pops up with "Unable to send the message, because there is a problem with your personal key. key B54B06213B82F1DD isn't usable as a personal key"
Closing the popup and selecting to sign the message and attach the key also gives the same result when attempting to send.
Expected results:
The mail should have been sent. Since a simple composed email cannot be send at all this is a critical reversion bug.
Reverting to Thunderbird 78.0b3 build 2 and starting the same profile, composing the same email, clicking send works normally and the email is sent.
|
||
Comment 1•4 years ago
|
||
Thanks. Better component is OpenPGP
|
Assignee | |
Comment 2•4 years ago
|
||
Mike, that's probably an effect of the changes in bug 1642795.
Can you please use key manager and look at your own key? I'm guessing the UI says "don't use it as a personal key".
If you confirm it was a personal key, then you should be able to send.
This was introduced to reflect the "ownertrust ultimate" setting from GnuPG, where you have to confirm that it's really your own key.
When generating a key inside Thunderbird (starting that that beta), we'll automatically mark it as your personal key.
When importing a secret key, we intend to also ask the user to confirm this setting.
And with Patrick Brunschwig's migration tool, the intention is to also mark all keys in this way, if they have ownertrust ultimate in GnuPG.
|
|
||
Updated•4 years ago
|
|
|
Assignee | |
Comment 3•4 years ago
|
||
(In reply to Kai Engert (:KaiE:) from comment #2)
If you confirm it was a personal key, then you should be able to send.
What I intended to say is:
If you use the UI to change the configuration to say "accept as personal", then you should be able to send.
All testers of older Beta/Nightly versions will have to manually set this flag on the personal key.
|
|
Assignee | |
Comment 4•4 years ago
|
||
I see there's an additional scenario here that you are reporting.
You are trying to send a plain email (not OpenPGP), and regardless you get the complaint about the incorrect personal key.
Apparently we always run through a consistency check, if the user has configured an OpenPGP key for their account.
We might want to skip this check when sending a non-OpenPGP message.
|
|
Assignee | |
Updated•4 years ago
|
|
Reporter | |
Comment 5•4 years ago
|
||
Thank you Kai - I started 78.0b4 build 1 again with the same profile - and indeed there is a new option within the openpgp management UI - and I have accepted my key as personal according to your comment 3 above - and now a simple unsigned mail does send as expected. Previously in 78.0b4 build 2 my own key was set 'for all uses...' so this bug is resolved since I wasn't aware of the changed setting in the openpgp key management UI in 78.0b4. Thank you.
|
|
Assignee | |
Comment 6•4 years ago
|
||
Mike, thanks for confirming!
I still think we shouldn't block the user from sending non-OpenPGP emails, I'd like to use this bug to fix that.
|
|
Assignee | |
Updated•4 years ago
|
|
|
Reporter | |
Comment 7•4 years ago
|
||
By the way I also checked a simple mail signed and with the key attached confirmation box and it sends fine too. Of course it would be nicer to have autocrypt working so that the (public) key is not a .asc file attachment, but sent within the headers. However I note that this is marked as a future enhancement.
|
||
Updated•4 years ago
|
|
|
Assignee | |
Comment 8•4 years ago
|
||
|
||
Updated•4 years ago
|
|
|
Assignee | |
Comment 9•4 years ago
|
||
In addition to the fix of the reported issue, the code will give a better error message for this scenario.
|
||
Comment 10•4 years ago
|
||
Pushed by kaie@kuix.de:
https://hg.mozilla.org/comm-central/rev/041daf9dae42
Allow sending of non-OpenPGP emails, even if there's a problem with the user's configured OpenPGP key. r=PatrickBrunschwig
|
|
Assignee | |
Comment 11•4 years ago
|
||
Comment on attachment 9161823 [details]
Bug 1648954 - Allow sending of non-OpenPGP emails, even if there's a problem with the user's configured OpenPGP key. r=PatrickBrunschwig
Important OpenPGP bugfix for 78.x
|
|
Reporter | |
Comment 12•4 years ago
|
||
Presume this will also go into 79.0bx?
|
|
Assignee | |
Comment 14•4 years ago
|
||
Comment on attachment 9161823 [details]
Bug 1648954 - Allow sending of non-OpenPGP emails, even if there's a problem with the user's configured OpenPGP key. r=PatrickBrunschwig
OpenPGP - uplift request for consistency of comm-esr78, beta79 and c-c80
|
||
Updated•4 years ago
|
|
|
||
Comment 15•4 years ago
|
||
Comment on attachment 9161823 [details]
Bug 1648954 - Allow sending of non-OpenPGP emails, even if there's a problem with the user's configured OpenPGP key. r=PatrickBrunschwig
Approved for beta
Approved for esr78
|
|
Assignee | |
Comment 16•4 years ago
|
||
https://hg.mozilla.org/releases/comm-esr78/rev/34b2a402f90728a636a80c44944e47e6b11eba99
https://hg.mozilla.org/releases/comm-beta/rev/6fd55e3dd0a495a2223d6d4d6b21fddae026ef61
Description
•