GPGMail on 10.9.5: How are Draft Emails Stored Encrypted without providing password?
Which of our tools is giving you problems? GPG in Apple Mail
Paste version-info of all components (how to: https://gpgtools.tenderapp.com/kb/faq/where-can-i-find-version-info...): Version 1.3.1 (1223)
Describe your problem. Add as much detail as possible. How is security maintained if GPG is able to store email drafts encrypted without me first providing my password? GPG obviously must access my private key to store these files, and yet I specifically require GPG to ask for my password. Thus, I've concluded that anyone with my computer is able to access my private key.
What did you expect instead Two things:
GPG should ask for a key before storing a draft email on the
server.
GPG should only store ONE draft. Instead, GPG stores one draft
every few minutes. When I go offline for several hours, GPG stores
hundreds of drafts, each containing a snapshot of a single draft
email.
Describe steps leading to the problem. Turn off
internet.
Require GPG to ask for password to access private key.
Start an email in Apple Mail.
Leave the email open for a while (20 minutes). Add some text every
once in a while.
Close email and save as draft.
Turn internet back on.
Notice that there are tons of email drafts (I had 900+ of the same
email draft at one point).
Notice the emails are all encrypted using my private key, even
though I never entered the password to decrypt said key.
Are you using any other Mail.app plugins? No
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
Support Staff 1 Posted by Steve on 23 Aug, 2016 05:53 PM
Hey John,
welcome to the GPGTools community support platform. Sorry you are having problems using GPG Suite.
Encryption requires only access to the public key part, thus your password is not required to encrypt the draft. Send an encrypted mail (encrypted only - not signed!) to yourself and you'll observe this behavior.
Regarding the many drafts, are you using pop or imap for your mail account?
All the best,
steve
2 Posted by John Sullivan on 23 Aug, 2016 06:05 PM
Hey Steve,
Thanks for the fast reply.
Your answer makes sense: the session key is encrypted with the public key, hence I only need to type the password to decrypt the message.
I'm using gmail, which is IMAP. Here's more complete instructions to reproduce the behavior:
Mac OS 10.9.5 13F1911
Mail Version 7.3 (1878.6)
GPG Version 1.3.1 (1233) (I just upgraded a couple minutes ago)
1: Disconnect internet (wifi, etc)
2: Make new message and type "Hello" in the body.
3: Wait 5 minutes. Browse reddit or whatever.
4: Type "World" in the body.
5: Close the message and save the draft.
6: Connect internet (wifi, etc)
7: Sync Mail
8: I see several versions of the same draft. 3 say "Hello" and 1 says "Hello World"
Support Staff 3 Posted by Steve on 18 Sep, 2016 08:31 AM
Hi John,
I assume step 2 referring to creating a new message in mail.app?
If so, what your settings regarding storing drafts on the server? Go to Mail.app > Preferences > Accounts > Mailbox behavior. The first option shows wether you store drafts on the server or not.
4 Posted by John Sullivan on 21 Sep, 2016 04:33 PM
Hey Steve,
Yes, I have the "Store draft messages on the server" option checked.
For reference, I've attached a screenshot of my latest "draft" folder on gmail, where each draft message is encrypted with PGP.
Support Staff 5 Posted by Steve on 21 Sep, 2016 04:34 PM
Should you be available, could you hop on our live chat here:
https://www.hipchat.com/gi8zHW4K3
We can't promise a solution, but we'd like to inspect this problem in more detail.
All the best
steve
Support Staff 6 Posted by Steve on 26 Sep, 2016 01:08 PM
Hi John,
the issue in GPGPreferences has been fixed. If you want to test the fix, please download our latest nightly GPG Suite. That page also has sig and SHA1 to verify the download.
Should the problem persist, please re-open this discussion and let us know. For more questions that are not related to this specific problem, you are welcome to create a new discussion any time.
Best, steve
Disclaimer: This is a development version which has not been thoroughly tested yet, so bugs or crashes are to be expected. Thanks for helping us test this fix.
Steve closed this discussion on 26 Sep, 2016 01:08 PM.
Support Staff 7 Posted by Steve on 07 Mar, 2018 01:11 PM
The bug where Mail.app created multiple drafts has been fixed by Apple in macOS 10.13. If you are still affected by this issue, consider updating to macOS 10.13 High Sierra.
Steve closed this discussion on 07 Mar, 2018 01:11 PM.
pparednet.elt re-opened this discussion on 08 Mar, 2018 03:49 AM
8 Posted by pparednet.elt on 08 Mar, 2018 03:49 AM
Hey Steve,
Thanks for letting me know. We're still using 10.9.5... before that we used 10.6.8; slow upgrade cycle over here.
John Sullivan
Problem Solver
Support Staff 9 Posted by Steve on 08 Mar, 2018 05:15 PM
No problem. Sadly, I don't think Apple will backport their fix to even macOS 10.12.
Steve closed this discussion on 08 Mar, 2018 05:15 PM.