GPGMail: Multipart mixed-encrypted messages misrepresent security level

Steven Schlansker's Avatar

Steven Schlansker

10 Nov, 2017 10:33 PM

My colleague and I were testing GPGMail's resilience to MITM style attacks. (Our corporation has decided that all emails shall have a disclaimer attachment, much to our frustration).

Unfortunately, we determined that if a message is sent signed and encrypted, and is modified in transit to prepend an additional MIME section, the separate sections are both rendered but the "Security:" header misleads you into believing the entire message is signed and encrypted.

In the additional information, I have attached a screenshot and full dump of the email in question. Note the section:

--13dd5389-63da-4178-8114-1ac42777e074 Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
X-Microsoft-Exchange-Diagnostics:
1;BY1PR0701MB1144;27:BjH1WEmYp05XAb8t9YrxoubNiMItx+DbUf9TZD7PlBr68ke/BzRqRhETA4sJ/7rDvuTPytLK4p+Zv9D0xQ9O4wXhTTc9bDJB/N3L5l5/4IeWNfyGgnlE5V4LCa4DsOBs

CAUTION: This email originated from outside OpenTable. Do not click links o=
r open attachments unless you recognize the sender and know the content is =
safe.

was inserted in transit.

Expected
The header should indicate that the signature is only valid for part of the mail, either with additional verbiage or by visually delineating the signed section. Otherwise, a MITM can change the contents of a mail without indication of tampering.

Additional info
https://s3.amazonaws.com/uploads.hipchat.com/64658/3455310/pk3tAMVS...

https://s3.amazonaws.com/uploads.hipchat.com/64658/3455310/zfxiejbL...

macOS           10.11.6     15G1611
GPG Suite       2016.10     21  
GPGMail         2.6.2       1169
GPG Keychain    1.3.2       1245
GPGServices     1.11        916 
MacGPG2         2.0.30      884 
GPGPreferences  2.0.1       902 
Libmacgpg       0.7         775 
pinentry        0.9.7       4
  1. Support Staff 1 Posted by Luke Le on 23 Nov, 2017 12:20 AM

    Luke Le's Avatar

    Hi Steven,

    thank your for reporting this issue. While we do have this kind of differentiation when it comes to multiple inline PGP signed parts, it's not available for PGP/MIME messages at the moment.

    I have created a ticket and this discussion will be updated once we make progress on this issue.

Reply to this discussion

Internal reply

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attaching KB article:

»

Attached Files

You can attach files up to 10MB

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac