GPG Mail: return of the bcc bug?
Which of our tools is giving you problems?
GPG
Attach a screenshot of the version info for all installed components (how to: https://gpgtools.tenderapp.com/kb/faq/where-can-i-find-version-info...):
ATTACHED
Describe your problem. Add as much detail as possible.
I received an encrypted email where I was on the bcc line. We used to advise people not to do this as it wreaked havoc on the recipient as their GPG client would try to figure out how to decrypt the message and get confused b/c they weren't in the to: or cc:
It's been a while since this happened, so I may be misremembering the exact behavior but I believe it would repeatedly prompt the user for the GPG passphrase to decrypt the message and ultimately fail claiming it could not find the secret key needed for decryption.
However, I thought that bug had been fixed at some point as we stopped seeing the behavior until I received this recent message where my mail client failed repeatedly trying to decrypt. It prompted me for the passphrase to every secret key I have twice and after I cancelled out of each prompt it finally failed saying decryption failed due to no secret key. It also lists the keys it thinks the message was encrypted to as 0x0000000000000000 in addition to the sender's actual public key. Here is the full output from the command line when I tried to manually decrypt it to see what was happening:
gpg: WARNING: no command supplied. Trying to guess what you mean ...
gpg: using "0x################" as default secret key for signing
gpg: anonymous recipient; trying secret key 0x################ ...
gpg: selecting card failed: Operation not supported by device
gpg: anonymous recipient; trying secret key 0x################ ...
gpg: anonymous recipient; trying secret key 0x################ ...
gpg: anonymous recipient; trying secret key 0x################ ...
gpg: anonymous recipient; trying secret key 0x################ ...
gpg: anonymous recipient; trying secret key 0x################ ...
gpg: anonymous recipient; trying secret key 0x################ ...
gpg: anonymous recipient; trying secret key 0x################ ...
gpg: anonymous recipient; trying secret key 0x################ ...
gpg: anonymous recipient; trying secret key 0x################ ...
gpg: anonymous recipient; trying secret key 0x################ ...
gpg: anonymous recipient; trying secret key 0x################ ...
gpg: anonymous recipient; trying secret key 0x################ ...
gpg: anonymous recipient; trying secret key 0x################ ...
gpg: anonymous recipient; trying secret key 0x################ ...
gpg: anonymous recipient; trying secret key 0x################ ...
gpg: anonymous recipient; trying secret key 0x################ ...
gpg: anonymous recipient; trying secret key 0x################ ...
gpg: selecting card failed: Operation not supported by device
gpg: anonymous recipient; trying secret key 0x################ ...
gpg: anonymous recipient; trying secret key 0x################ ...
gpg: anonymous recipient; trying secret key 0x################ ...
gpg: anonymous recipient; trying secret key 0x################ ...
gpg: anonymous recipient; trying secret key 0x################ ...
gpg: anonymous recipient; trying secret key 0x################ ...
gpg: anonymous recipient; trying secret key 0x################ ...
gpg: anonymous recipient; trying secret key 0x################ ...
gpg: anonymous recipient; trying secret key 0x################ ...
gpg: anonymous recipient; trying secret key 0x################ ...
gpg: anonymous recipient; trying secret key 0x################ ...
gpg: anonymous recipient; trying secret key 0x################ ...
gpg: anonymous recipient; trying secret key 0x################ ...
gpg: anonymous recipient; trying secret key 0x################ ...
gpg: anonymous recipient; trying secret key 0x################ ...
gpg: anonymous recipient; trying secret key 0x################ ...
gpg: encrypted with RSA key, ID 0x0000000000000000
gpg: encrypted with RSA key, ID 0x0000000000000000
gpg: encrypted with 4096-bit RSA key, ID 0x################, created ####-##-##
"The Sender <[email blocked]>"
gpg: decryption failed: No secret key
What did you expect instead
I expected to be able to decrypt the message if it was indeed encrypted to me. I believe it should have been, but
Describe steps leading to the problem.
Tried to open an encrypted email where I was a bcc recipient
Are you using any other Mail.app plugins?
No
- gpgversion.png 160 KB
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
Support Staff 1 Posted by Luke Le on 25 Jan, 2022 12:42 AM
Hi!
Unfortunately this is "by design". We have inquired about this with the people at GnuPG, but basically there's no way around this since GnuPG throws away any information the message is really encrypted to and has to ask you for the passphrase of every single one of your private keys. If you cancel out all requests, it will tell you it couldn't decrypt the message because the secret key is missing. So instead you would have to input the passphrase for every single key until the appropriate one is found.
What you could try is to disable the secret keys you are not actively using, but it's possible GnuPG will still try them.
Sorry I don't have better news here.
If however I misunderstood the process you used to decrypt the message, please let me know.
Steve closed this discussion on 21 Feb, 2022 07:59 PM.