GPGMail: new update patch seems not to work

dano's Avatar

dano

11 Jun, 2018 02:30 PM

System #1, macOS Sierra: Applied the latest update patch and the GPGmail plugin no longer decrypts messages sent to me with my public key.

System #2, Sierra: new patch was not applied, OpenPGP system still works

System #3, High Sierra: Shows the same behavior as #1 (does not decrypt) but with an error message that the private key was not found. I uploaded the private/public key pair from system #1 and it still does not work.

Expected
Expected the patch to work uniformly.

Additional info
The next step in troubleshooting is that I will reimport the private/public key pair from #2 into #1 and #3 to see if that helps solve the problem(s) in 1 and 3.

macOS                   10.12.6     16G1408
GPG Suite               2018.2      2199    (bef9c89)
GPGMail                 2.7.2       1255    (978705b7)
GPG Keychain            1.4.3       1410    (9800780)
GPGServices             1.11.3      973     (5ebfa20)
MacGPG                  2.2.7       902     (099ae46)
GPG Suite Preferences   2.1.2       997     (1a09bc7)
Libmacgpg               0.8.4       853     (89d8783)
pinentry                0.9.7.1     9       (db18340)
  1. Support Staff 1 Posted by Steve on 11 Jun, 2018 05:46 PM

    Steve's Avatar

    Hi Dano,

    that you are no longer able to decrypt your messages or files is related to a change introduced in GPG Suite 2018.2 in regards to security fixes. That fix is exclusive to macOS 10.13 and will be backported to older macOS versions later, which is why GPGMail on 10.12 still decrypts some messages which are not decrypting on 10.13.

    The change prohibits the decryption of potentially unsafe OpenPGP messages and files. They are considered unsafe, since they might have been modified without the users knowledge and there is no way for GnuPG to tell wether a modification has taken place or not.

    As it turns out, quite a few of our users are affected by this change due to the use of older keys or other circumstances. As a result we are currently working on a different solution for GPGMail and GPGServices where it will be possible to access the files after seeing a warning (in GPGServices) or manually changing a configuration (in GPGMail).

    These changes will be included in an upcoming release soon. Thank you for your patience.

    The causes for such messages which are no longer decrypted due to improved security measures can be various. The most common reason is very old keys being used, which are considered to be insecure. This affects 1024 bit keys or keys using weak algorithms.

    Steps to take:

    1. create a stronger key: We recommend to create a stronger key using GPG Keychain. That will resolve the issue for future messages so the sooner you start your transition, the better. In your specific case when I looked at the key servers, I found three keys for your e-mail address. Once revoked key, a very old key from 2001 (which will likley result in problematic messages when being used) and a newer key from 2013.

    2. once the new version of GPG Suite is released you can opt to weaken your security and allow decryption of messages which do not have the modification check.

    3. until #2 is available you can decrypt messages on macOS 10.13 using GPG Suite 2018.1 and GPGServices: https://gpgtools.tenderapp.com/kb/gpgservices-faq/how-to-decrypt-an...

    All the best,
    steve

  2. Support Staff 2 Posted by Steve on 11 Jun, 2018 05:47 PM

    Steve's Avatar

    Re keys setup: so if possible it would probably be a good idea to revoke the 2001 key and exclusively use the 2013 key going forward.

  3. Support Staff 3 Posted by Steve on 23 Jun, 2018 02:06 PM

    Steve's Avatar

    efail fixes were backported to macOS Sierra 10.12 in GPG Suite 2018.3.

    I'm closing this discussion. Should you need further assistance or have questions you can re-open this discussion here or open a new one any time.

    Best,
    steve

  4. Steve closed this discussion on 23 Jun, 2018 02:06 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac