GPG Mail: return of the bcc bug?

gpg_dude's Avatar

gpg_dude

24 Jan, 2022 11:17 PM

Which of our tools is giving you problems?

GPG

Attach a screenshot of the version info for all installed components (how to: https://gpgtools.tenderapp.com/kb/faq/where-can-i-find-version-info...):

ATTACHED

Describe your problem. Add as much detail as possible.

I received an encrypted email where I was on the bcc line. We used to advise people not to do this as it wreaked havoc on the recipient as their GPG client would try to figure out how to decrypt the message and get confused b/c they weren't in the to: or cc:

It's been a while since this happened, so I may be misremembering the exact behavior but I believe it would repeatedly prompt the user for the GPG passphrase to decrypt the message and ultimately fail claiming it could not find the secret key needed for decryption.

However, I thought that bug had been fixed at some point as we stopped seeing the behavior until I received this recent message where my mail client failed repeatedly trying to decrypt. It prompted me for the passphrase to every secret key I have twice and after I cancelled out of each prompt it finally failed saying decryption failed due to no secret key. It also lists the keys it thinks the message was encrypted to as 0x0000000000000000 in addition to the sender's actual public key. Here is the full output from the command line when I tried to manually decrypt it to see what was happening:

gpg: WARNING: no command supplied.  Trying to guess what you mean ...
gpg: using "0x################" as default secret key for signing
gpg: anonymous recipient; trying secret key 0x################ ...
gpg: selecting card failed: Operation not supported by device
gpg: anonymous recipient; trying secret key 0x################ ...
gpg: anonymous recipient; trying secret key 0x################ ...
gpg: anonymous recipient; trying secret key 0x################ ...
gpg: anonymous recipient; trying secret key 0x################ ...
gpg: anonymous recipient; trying secret key 0x################ ...
gpg: anonymous recipient; trying secret key 0x################ ...
gpg: anonymous recipient; trying secret key 0x################ ...
gpg: anonymous recipient; trying secret key 0x################ ...
gpg: anonymous recipient; trying secret key 0x################ ...
gpg: anonymous recipient; trying secret key 0x################ ...
gpg: anonymous recipient; trying secret key 0x################ ...
gpg: anonymous recipient; trying secret key 0x################ ...
gpg: anonymous recipient; trying secret key 0x################ ...
gpg: anonymous recipient; trying secret key 0x################ ...
gpg: anonymous recipient; trying secret key 0x################ ...
gpg: anonymous recipient; trying secret key 0x################ ...
gpg: anonymous recipient; trying secret key 0x################ ...
gpg: selecting card failed: Operation not supported by device
gpg: anonymous recipient; trying secret key 0x################ ...
gpg: anonymous recipient; trying secret key 0x################ ...
gpg: anonymous recipient; trying secret key 0x################ ...
gpg: anonymous recipient; trying secret key 0x################ ...
gpg: anonymous recipient; trying secret key 0x################ ...
gpg: anonymous recipient; trying secret key 0x################ ...
gpg: anonymous recipient; trying secret key 0x################ ...
gpg: anonymous recipient; trying secret key 0x################ ...
gpg: anonymous recipient; trying secret key 0x################ ...
gpg: anonymous recipient; trying secret key 0x################ ...
gpg: anonymous recipient; trying secret key 0x################ ...
gpg: anonymous recipient; trying secret key 0x################ ...
gpg: anonymous recipient; trying secret key 0x################ ...
gpg: anonymous recipient; trying secret key 0x################ ...
gpg: anonymous recipient; trying secret key 0x################ ...
gpg: anonymous recipient; trying secret key 0x################ ...
gpg: encrypted with RSA key, ID 0x0000000000000000
gpg: encrypted with RSA key, ID 0x0000000000000000
gpg: encrypted with 4096-bit RSA key, ID 0x################, created ####-##-##
      "The Sender <[email blocked]>"
gpg: decryption failed: No secret key

What did you expect instead

I expected to be able to decrypt the message if it was indeed encrypted to me. I believe it should have been, but

Describe steps leading to the problem.

Tried to open an encrypted email where I was a bcc recipient

Are you using any other Mail.app plugins?

No

  1. Support Staff 1 Posted by Luke Le on 25 Jan, 2022 12:42 AM

    Luke Le's Avatar

    Hi!

    Unfortunately this is "by design". We have inquired about this with the people at GnuPG, but basically there's no way around this since GnuPG throws away any information the message is really encrypted to and has to ask you for the passphrase of every single one of your private keys. If you cancel out all requests, it will tell you it couldn't decrypt the message because the secret key is missing. So instead you would have to input the passphrase for every single key until the appropriate one is found.

    What you could try is to disable the secret keys you are not actively using, but it's possible GnuPG will still try them.

    Sorry I don't have better news here.

    If however I misunderstood the process you used to decrypt the message, please let me know.

  2. Steve closed this discussion on 21 Feb, 2022 07:59 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac