[BUG] False error message when using a Yubikey to store encrypt key
GPGMail 1.2b6 (1057b)
Summary: GPGMail correctly reports an error if you try to read an encrypted email with the Yubkey removed; but if you re-insert the Yubkey and try to read the encrypted email, GPGMail does decrypt the email, but also displays an error saying it could not. (See screenshot.) This is probably true with any smartcard, not just a Yubikey.
What did you expect instead
Mail should have displayed the decrypted email content without an error message. (> Also, it would be nice if instead of "unknown error," GPGMail would say what the error is, eg something like: "Decryption key not found: maybe your smartcard is not inserted?")
Currently
-
Set things up so that your GPGKeychain has a private encryption key stub pointing to an actual private encryption key on your inserted Yubikey. (For this test, make the key have your own email address, so you can send and receive encrypted mail to yourself.)
- Follow the instructions here (note the errata in the comments) to do this. (You can skip resetting the PINs if you want.)
-
Make sure your Yubikey is inserted.
-
Launch Mail.
-
Send an encrypted, unsigned email to yourself. (You'll be prompted for your Yubikey PIN to encrypt.)
-
When it comes back, click it.
GPG Mail will correctly display the decrypted contents.
-
Click on a different, unencrypted email.
-
Eject the Yubikey.
-
Click on the encrypted email again.
GPGMail will fail to decrypt it, and display a "Decryption failed with unknown error" message.
- This is good! GPGMail should not be able to decrypt if the Yubikey is not inserted! :-)
-
Click on some unencrypted email.
-
Re-insert your Yubikey.
-
Click on the encrypted email again.
Mail will display the decrypted contents, but with the same error message as above (see screenshot).
No other plugins are installed.
Other info:
MacGPG2 2.0.27
libgcrypt 1.6.3
OSX 10.10.3 (14D131)
ykpersonalize -V
Firmware version 3.4.0 Touch level 1797 Program sequence 2
Unsupported firmware revision - some features may not be
available
Please see https://developers.yubico.com/...
for more information.
1.16.0
Yubikey core error: unsupported firmware version
Yubikey Personalization Tool says it's firmware 3.4.0, Slot 1 configured, no errors.
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
Support Staff 1 Posted by Steve on 17 Jul, 2015 10:20 AM
Hi rbondi,
We have a ticket for this problem. I connected this discussion with the existing ticket. That means, should this discussion get closed, it will be re-opened as soon as the ticket is closed. That way you'll receive a notification. Feel free to open a new discussions should you run into further problems or need assistance.
All the best,
steve
Steve closed this discussion on 26 Nov, 2015 09:51 PM.
Support Staff 2 Posted by Steve on 31 Jul, 2017 04:03 PM
Hi rbondi,
this issue has been fixed. If you want to test the fix, please download our latest nightly GPG Suite. That page also has sig and SHA1 to verify the download.
Should the problem persist, please re-open this discussion and let us know. For more questions that are not related to this specific problem, you are welcome to create a new discussion any time.
Best, steve
Disclaimer: This is a development version which has not been thoroughly tested yet, so bugs or crashes are to be expected. Thanks for helping us test this fix.
Steve closed this discussion on 31 Jul, 2017 04:03 PM.