Home → Beta →

GPGMail: gpg.conf group feature not working (was: Wrong encryption when sending to mailing lists)

• Edit

Dieter

03 Feb, 2017 02:07 PM

While being so excited that we finally have a Sierra compatible GPGtools suite, a few Macs here have been upgraded to Sierra.

Unfortunately we now seeing issues when sending encrypted emails to mailing lists, which get resolved on the server but required keys are resolved via local "group" definitions in the "gpg.conf" file.

It seems some recipients can decrypt and some others cannot. Also it seems as would the mail be encrypted with the senders public key even he is not on the mailing list.

I'm talking about the 2017.1b2 as well as of the nightly 1762n.

Anybody else seeing this too ?

keep on with the good work !
Dieter

1. 1 Posted by Dieter on 03 Feb, 2017 02:27 PM

   

   my versions

   macOS          10.12.3    16D32
   GPG Suite      2016.12b1    30n (b4ade30)
   GPMail         2.7b2      1195n (b51a6cd)
   GPG Keychain   1.3.3b1    1253n (72995dc)
   GPGServices    1.11        920n (872e77d)
   MacGPG2        2.0.30      885n (b6073ed)
   GPGPreferences 2.0.2b1     915n (3ae9a19)
   Libmacgpg      0.7         778n (d981f08)
   pinentry       0.9.7        17n (b75069d)
   

   • Edit

2. 2 Posted by Dieter on 07 Feb, 2017 09:06 AM

   

   Still no one else seeing that issue ?

   Here an example:

   I have the public keys of 3 recipients ( userA - userC ) in my keyring: 0xAABBCCDD 0xBBCCDDEE 0xCCDDEEFF

   On the email server I have an alias "[email blocked]: [email blocked],[email blocked],[email blocked]"

   In my gpg.conf I have the following entry:

   group [email blocked]=0xAABBCCDD 0xBBCCDDEE 0xCCDDEEFF

   Now, when sending an email to "[email blocked]" the lock icon gets blue ( so it find the group record in the gpg.conf ) and I can send out the mail to the list.

   However, on the receiver end the mail appears to be encrypted with "my" key (even I'm not member of the lust!) and 0xBBCCDDEE only !! The other two cannot read it.

   Any idea ?

   GPGMail 2.7b2 1199n ( from nightly GPG_Suite-1766n.dmg )

   Many thanks for you help
   Dieter

   • Edit

3. 3 Posted by Dieter on 08 Feb, 2017 04:32 PM

   

   I have downloaded and compiled the latest GPGMail from GIT.

   After debugging through it, it seem that it does not support multiple keys for a single email address anymore ( group feature in gpg.conf ), but just picks (randomly!?) one from the defined lists and encrypts the email with it. This is a complete show stopper for us.

   Are there any plans to implement that again ?

   Thanks
   Dieter

   • Edit

4. Support Staff 4 Posted by Luke Le on 08 Feb, 2017 04:42 PM

   

   Hi Dieter,

   thank you very much for bringing this to our attention.
   The feature will definitely be implemented again.
   Since nothing in the codebase should have changed for that particular feature, it's curious to see it no longer works, but we'll have a look into it.

   • Edit

5. 5 Posted by Dieter on 01 Mar, 2017 09:58 AM

   

   Any news on that ?

   I just tried the latest Nightly (1779n) and it still does not support "groups" in gpg.conf.

   Thanks
   Dieter

   • Edit

6. Support Staff 6 Posted by Steve on 01 Mar, 2017 07:32 PM

   

   Hi Dieter,

   no, not yet. We will update this discussion as soon as there is a fix.

   All the best,
   steve

   • Edit

7. 7 Posted by Dieter on 30 Mar, 2017 04:08 PM

   

   Any progress on the topic ?

   Every time I need to send a mail to the whole company ( which a admin has to do from time to time ) or other email lists, I need to startup "MailMate" to send it, because this seems to deal with "gpg groups" just fine :-/

   Thanks
   Dieter

   • Edit

8. Support Staff 8 Posted by Steve on 01 Apr, 2017 05:12 PM

   

   Sorry, not yet. This bug is on the list for the near term future. We'll let you know when a fix is available.

   • Edit

9. 9 Posted by Dieter on 16 Jun, 2017 09:46 AM

   

   Hi Steve,
   any news or timeline for a fix of the mentioned issue ?

   I know, at the moment you have fire on all corners, but for us it's still very critical to send GPG encrypted mails to email aliases / groups. Most of us still run El-Cap because of the issue and the ones who moved to Sierra use either Thunderbird/Enigmail or MailMate.

   I really would love to see a solution for us and stay with the great GPGtools plugin you created rather than moving away.

   Thanks
   Dieter

   • Edit

10. Support Staff 10 Posted by Steve on 21 Jun, 2017 04:15 PM

    

    Hi Dieter,

    the timeline is that this week the work on trying to fix this very issue will continue. It's really hard to say how soon we will publish the next beta, but we are not holding anything back artificially.

    This problem is one of two blockers and as soon as those are down we will release the next beta.

    Kind regards,
    steve

    • Edit

11. 11 Posted by Dieter on 22 Jun, 2017 09:30 AM

    

    Thanks Steve.

    Looking forward for the next release.

    Dieter

    • Edit

12. Support Staff 12 Posted by Steve on 22 Jun, 2017 08:56 PM

    

    Believe me, same here :)

    • Edit

13. Steve closed this discussion on 18 Aug, 2017 10:36 AM.

14. Steve re-opened this discussion on 23 Aug, 2017 11:23 AM

15. Support Staff 13 Posted by Steve on 23 Aug, 2017 11:23 AM

    

    Dieter wrote the following in a new discussion:

    Not sure why this discussion got closed. The related problem has definitely not being fixed yet !
    
    https://gpgtools.tenderapp.com/discussions/beta/1325-wrong-encrypti...
    
    Any more information would be very welcome.
    

    Hi Dieter,

    you should be able to re-open your own discussions. Was that not possible for the existing discussion?

    The fact that the discussion is closed does not mean the problem is fixed. Here's the standard text we usually add when connecting a discussion with a ticket:

    We have a ticket for this problem. I connected this discussion with the existing ticket. That means, should this discussion get closed, it will be re-opened as soon as the ticket is closed. That way you'll stay in the loop and get notified as soon as we have news. Feel free to open a new discussions should you run into further problems or need assistance.

    I closed the discussion since there was nothing to add from our side. We do re-open discussions to let users know as soon as a ticket is fixed and the fix can be tested.

    All the best,
    steve

    • Edit

16. 14 Posted by Dieter on 23 Aug, 2017 11:30 AM

    

    Thanks.

    I'd like to comment that the issue exists in the "stable", "beta" and "nightly" branches when running them on Sierra. I only opened the discussion in the "beta" list, but testing every "nightly" as well. So far w/o success.

    Keep up the good work !!
    Dieter

    • Edit

17. Support Staff 15 Posted by Steve on 23 Aug, 2017 11:31 AM

    

    Yeah that is expected. If it would work in nightly, the issue would be fixed and we would have notified you about the fix. Then you can (if you want) test the fix in nightly and it will be shipped in the upcoming beta.

    Should this discussion get closed, you should always be able to re-open. And we will also re-open to inform you as soon as there is a fix to be tested.

    • Edit

18. Support Staff 16 Posted by Steve on 25 Aug, 2017 12:30 PM

    

    Hi Dieter,

    good news: this issue has been fixed. If you want to test the fix, please download our latest nightly GPG Suite. That page also has sig and SHA1 to verify the download.

    Please let us know if it works as expected for you.

    Best, steve

    Disclaimer: This is a development version which has not been thoroughly tested yet, so bugs or crashes are to be expected. Thanks for helping us test this fix.

    • Edit

19. 17 Posted by Dieter on 25 Aug, 2017 12:38 PM

    

    thanks.

    after installing nightly 1951n , i tried to send an encrypted email to a 2-user email alias. the Mail.app crashed before the mail was sent out.

    attached the crash report.

    dieter

    • 1951n_crash1.txt 104 KB
    • Edit

20. 18 Posted by Dieter on 25 Aug, 2017 12:46 PM

    

    Addition:

    Sending unencrypted mails works.

    Sending encrypted mails to single addresses also crashes.

    • Edit

21. Support Staff 19 Posted by Steve on 25 Aug, 2017 12:50 PM

    

    Thanks a lot for your quick response and helping us out to test the fix.

    This is interesting. During the internal test we could not manage to trigger a crash using the group feature.

    Is the crash reproducible if you repeat the steps?

    Can you tell us your macOS version as well as if you are using any additional plugins in Mail.app.

    Are you also using an s/mime cert besides your OpenPGP key?

    Thanks for your help in debugging this.

    • Edit

22. 20 Posted by Dieter on 25 Aug, 2017 12:53 PM

    

    And one more addition:

    Sending signed mails to individuals works.
    Sending encrypted AND signed mails to individuals WORKS.

    Sending signed mails to groups works.
    Sending encrypted mails to groups crashes.
    Sending encrypted AND signed mails to groups DOES WORK !

    • Edit

23. 21 Posted by Dieter on 25 Aug, 2017 12:57 PM

    

    As you can see in the crash report, I'm using "Mac OS X 10.12.6 (16G29)"

    No additional plugins for Mail.app are installed.

    I also do have S/MIME certs, but not for the users/groups I have tested.

    The crash is reproducible: 100%

    • Edit

24. Support Staff 22 Posted by Steve on 25 Aug, 2017 01:06 PM

    

    Reproduced here. Thanks, we'll get back to you as soon as we have news.

    • Edit

25. 23 Posted by Dieter on 25 Aug, 2017 01:08 PM

    

    Thanks.

    For me it works fine if I always "sign" the encrypted email too.

    Dieter

    • Edit

26. Support Staff 24 Posted by Steve on 25 Aug, 2017 06:33 PM

    

    Dieter, could you please test GPG Suite 2017.1 (1952n) from
    https://releases.gpgtools.org/nightlies/
    and check if that behaves as expected.

    • Edit

27. 25 Posted by Dieter on 25 Aug, 2017 07:09 PM

    

    Looks pretty good. All tests I did were successful.

    Big "thumbs up" !!

    • Edit

28. Support Staff 26 Posted by Steve on 25 Aug, 2017 07:10 PM

    

    Perfect. Glad, this is solved for you. I'm closing this discussion. Should you need further assistance or have questions you can re-open this discussion here or open a new one any time.

    The fix will be included in the next beta release.

    Best, steve

    • Edit

29. Steve closed this discussion on 25 Aug, 2017 07:10 PM.