when sending encrypted mails, can't read the mail on Blackberry OS 10

zoran's Avatar

zoran

11 May, 2015 09:39 PM

GPGMail 1.2b6 (1057b)

i have exported all the eye in my blackberry classic.
the same keys i have on my mac and using gpg tools.

when I'm sending an encrypted mail from my mac and want to open it on the blackberry classic, the blackberry says its not possible to view the mail, read it on a computer.
when I'm sending the mail encrypted from my blackberry to the mac, all is fine. i have also opened a thread on crackberry, you can find it here.

http://forums.crackberry.com/blackberry-10-os-f269/how-implement-pg...

many thanks for your help


EDIT (by Steve):

Situation Summary Blackberry OS and OpenPGP support (Sept 2015)

Can be decrypted on Blackberry OS

  • OpenPGP.js encrypted messages
  • hanewin encrypted messages
  • Symantec encrypted messages

Can not be decrypted on Blackberry OS

  • Enigmail encrypted messages can not be decrypted on blackberry
  • GPGMail encrypted messages can not be decrypted on blackberry (neither PGP/MIME nor OpenPGP/Inline)

Aside from Blackberry OS there is the PGpgp app which does not support PGP/MIME.

  1. 1 Posted by john on 11 May, 2015 11:17 PM

    john's Avatar

    I was having same problem last week i tried everything but nothing worked so i uninstalled the program and am waiting for an answer before i try again. I sat there for three days trying to work it out. please keep me in the loop if you find any solutions.

  2. 2 Posted by zoran on 12 May, 2015 05:53 AM

    zoran's Avatar

    why you uninstalled the program on your mac?

  3. 3 Posted by john on 12 May, 2015 11:01 AM

    john's Avatar

    because i was so frustrated with it. no point taking up space when one of the main features doesn't work properly. i looked everywhere for someone with the same problem but nothing until now. would like to see a response before i reinstall otherwise it's useless to me.

  4. Support Staff 4 Posted by Steve on 24 Jul, 2015 02:55 PM

    Steve's Avatar

    Hi Zoran,

    sorry for not responding earlier.

    We are not too familiar with Blackberry OS, since we do not have a test device in our team. Thanks for linking the crackberry thread. So it seems, Blackberry started supported OpenPGP around version 10.3.2.500?

    So what is the status with that? From what I read, mails from mail.app to blackberry OS are not decrypted? Is that still the case with new versions? Also did you try out the commercial PGpgp blackberry app? Does that behave differently or identical to the new OS capabilities?

    All this sounds like Blackberry is unable to deal with PGP/MIME messages.

    GPGMail defaults to the only standard there is for sending OpenPGP Mails, which is PGP/MIME. The format you are referring to, is called PGP/Inline and is an undocumented non-standard format, which leads to several problems, which is why we default to PGP/MIME.

    Nevertheless you can switch GPGMail to use OpenPGP/Inline. While this is not encouraged, we've added that option. Find out how to do that in this KB-article.

    There's no difference in security level, yet you have to be aware, that while PGP/MIME also encrypts all attachments, OpenPGP/Inline does not!

    Also, you're limited to text only. Any formatting will be ignored.

    If you want to read more about the deficites of Inline/PGP you may want to read this note of Daniel Kahn Gillmore called Inline PGP signatures considered harmful. This is the GnuPG FAQ entry covering this question.

    I'm curious where Blackberry takes this. Seeing default OpenPGP support in their OS is in itself a huge step and great to see. Now if they could add PGP/MIME support that would be just wonderful.

    @john: OpenPGP works cross platform. Since GPGTools works on OS X only, we cannot ensure interoperability with let's say Blackberry OS. What key feature to you mean, is not working for you?

    All the best,
    steve

  5. 5 Posted by jar on 11 Aug, 2015 10:56 AM

    jar's Avatar

    Hi Zoran

    I have the same problem that Blackberry10 can not decrypt mail from OS X. And I don't understand how to solve it.

  6. Support Staff 6 Posted by Steve on 14 Aug, 2015 04:12 PM

    Steve's Avatar

    jar, as I wrote, I currently assume, Blackberry OS does not support PGP/MIME.

    I suggest getting in touch with their support and request support for PGP/MIME. You could also try changing GPGMail to PGP/Inline as described in the KB-article in Comment 4 and see if that enables your Blackberry to decrypt messages sent from GPGMail.

    Regards,
    steve

  7. 7 Posted by Zoran Miljak on 14 Aug, 2015 04:16 PM

    Zoran Miljak's Avatar

    Hi,
    I have tried to change inline but same result.
    Will contact the BlackBerry support, to check what they are saying.

    Sent from my BlackBerry 10 smartphone.
      Original Message

  8. Support Staff 8 Posted by Steve on 14 Aug, 2015 04:45 PM

    Steve's Avatar

    Keep us posted. Since we do not have Blackberry devices to test this with, it is important feedback.

  9. 9 Posted by Zoran Miljak on 14 Aug, 2015 04:46 PM

    Zoran Miljak's Avatar

    Will do, no problem.

    Sent from my BlackBerry 10 smartphone.
      Original Message

  10. 10 Posted by Andrew Lee on 29 Aug, 2015 09:28 PM

    Andrew Lee's Avatar

    I actually think BB10 does support PGP/Mime. I am on the latest leaked BB10 version and basically as reported on crackberry, when sending out emails, we are able to decrypt it on third party clients (Enigmail). However when sending encrypted emails to the BB10, we are unable to decrypt. The difference I see with the emails sent from the BB device and the third party clients is the "attachment names". When the BB device sends out an email I see two attachments:

    application1.pgp-encrypted (0 bytes)
    application2.octet-stream (the PGP encrypted message)

    When I use a third party PGP/mime implementation (Enigmail) I see the following:

    application1.pgp-encrypted
    encrypted.asc

    Hopefully this helps people understand what a BB10 device is expecting as a PGP email.

  11. 11 Posted by Zoran Miljak on 30 Aug, 2015 08:48 AM

    Zoran Miljak's Avatar

    Thank you very much for your post.

    I will try again to contact BlackBerry. Maybe they will solve it with the next software update.

    Keep you posted here.

    Sent from my Porsche Design P´9983 smartphone from BlackBerry.
      Original Message

  12. 12 Posted by Andrew Lee on 30 Aug, 2015 01:31 PM

    Andrew Lee's Avatar

    Actually I did alot more testing yesterday and was able to get blackberry to decrypt using the third party PGP/mime implmentation, but only when I used the same PGP message as the email sent out with the BB device.

    So I investigated the PGP message encryption and basically determined that while the BB could encrypt the message where the decryption is possible using the gpg tool on my linux machine, when encrypting the same exact message back using gpg and plugging in the PGP encrypted message into an email, blackberry was unable to decrypt.

    I think blackberry is doing something different when encrypting it. I dont know now until we contact blackberry.

  13. 13 Posted by Andrew Lee on 30 Aug, 2015 03:07 PM

    Andrew Lee's Avatar

    I figured it out. I figured that it had something to do with blackberry using commercial pgp to decrypt. I downloaded symantecs pgp command line tool and encrypted an email and send it to my blackberry. Was able to decrypt and read it.

    So anything using the gnugpg to encrypt will not be readable by the blackberry unless there are options we can use to make it compatible with symantec's pgp implementation.

  14. 14 Posted by chenjie jiang on 30 Aug, 2015 03:17 PM

    chenjie jiang's Avatar

    When you sending PGP mail to mac from your BlackBerry. It can be decrypt.

    Sent from my BlackBerry® smartphone.

  15. 15 Posted by Andrew Lee on 30 Aug, 2015 04:07 PM

    Andrew Lee's Avatar

    Yup I can decrypt it but anything you encrypt with GNUgpg cannot be decrypted by PGP. Just google on the internet and people talk about issues with that same scenario.

  16. 16 Posted by Andrew Lee on 01 Sep, 2015 12:38 AM

    Andrew Lee's Avatar

    After alot of testing, I figured out that anything encrypted with GNUpg will not be decrypted on the blackberry. But anything encrypted with javascript implementations (hanewin and openpgp.js) and commercial pgp will be decrypted by Blackberry.

    No amount of tinkering wiht options in GNUpg will allow me to encrypt a message that is decrypted by Blackberry.

  17. 17 Posted by Zoran Miljak on 01 Sep, 2015 07:15 AM

    Zoran Miljak's Avatar

    You've received an encrypted message from [email blocked]
    To view your message
    Save and open the attachment (message.html), and follow the instructions.
    Sign in using the following email address: [email blocked]



    This email message and its attachments are for the sole use of the intended recipient or recipients and may contain confidential information. If you have received this email in error, please notify the sender and delete this message.



    Message encryption by Microsoft Office 365

  18. 18 Posted by mouse008 on 04 Sep, 2015 01:40 AM

    mouse008's Avatar

    I concur: encryption by GPGTools (or Enigmail) is not decryptable on Blackberry-10 Classic. The message is "can't decode the message". It applies to both PGP/MIME and PGP/inline formats.

    The messages in question are decodable and decryptable on other platforms.

    PGP/MIME encrypted and signed by Blackberry is decryptable on other platforms (an signature verifies correctly).

    To mix another (unrelated) issue in - Apple Mail often says "Invalid Signature" on correctly-signed PGP/MIME messages... Next time it happens, I will (try to) bring the message here.

  19. Support Staff 19 Posted by Steve on 13 Oct, 2015 10:49 AM

    Steve's Avatar

    Situation Summary Blackberry OS and OpenPGP support (Sept 2015)

    Can be decrypted on Blackberry OS

    • OpenPGP.js encrypted messages
    • hanewin encrypted messages
    • Symantec encrypted messages

    Can not be decrypted on Blackberry OS

    • Enigmail encrypted messages can not be decrypted on blackberry
    • GPGMail encrypted messages can not be decrypted on blackberry (neither PGP/MIME nor OpenPGP/Inline)

    I'll add that summary to the first post so users quickly understand the current situation.

    I am not sure why Blackberry OS behaves the way it does or what is missing for it to be able to decrypt OpenPGP/Inline sent messages from GPGMail or Enigmail. It may not support PGP/MIME (which it should - all you Blackberry users should probably request support for PGP/MIME at Blackberry support). But it should be able to deal with OpenPGP/Inline messages.

    If any new findings arise, please keep us updated.

    @mouse008: If you run into any Invalid Signature issues, please open a separate discussion and we'll look into specifics there.

  20. 20 Posted by Zoran Miljak on 13 Oct, 2015 10:50 AM

    Zoran Miljak's Avatar

    Thanks a lot for that.

    At the moment nothing new. Still the same issue. But not from your side, I think it's BlackBerry side

    Sent from my BlackBerry 10 smartphone.
      Original Message

  21. Support Staff 21 Posted by Steve on 10 Feb, 2016 01:19 PM

    Steve's Avatar

    Zoran, I'm closing this discussion. You can re-open any time if there are news regarding Blackberry OS and OpenPGP support.

  22. Steve closed this discussion on 10 Feb, 2016 01:19 PM.

  23. mouse008 re-opened this discussion on 10 Feb, 2016 03:29 PM

  24. 22 Posted by mouse008 on 10 Feb, 2016 03:29 PM

    mouse008's Avatar

    The answer from Blackberry support is: PGP-wise Blackberry currently supports only Symantec format, which violates IETF OpenPGP standard. Blackberry won't change (as they use Symantec PGP library). Symantec differs from RFC-3156, by denoting Content-Type: multipart/mixed instead of Content-Type: multipart/encrypted; boundary=foo; protocol="application/pgp-encrypted"

    Would it be possible to add a feature - produce Symantec-compatible PGP encryption? Here's the difference in details:

    RFC3156 Standard

    Mime-Version: 1.0


    Content-Type: multipart/encrypted; boundary=foo; protocol="application/pgp-encrypted"


    --foo


    Content-Type: application/pgp-encrypted Version: 1


    --foo


    Content-Type: application/octet-stream

    Thunderbird/Enigmail/GnuPG

    User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:38.0) Gecko/20100101
    Thunderbird/38.5.1
    MIME-Version: 1.0
    Content-Type: multipart/encrypted; protocol="application/pgp-encrypted";
       boundary="gtEqiSdg26I7Vq5OfV2FuOXGM5BGmQMkf"
    Return-Path: [email blocked]
    X-ClientProxiedBy: GST401EX133.GST401.CSO.LABS.RIM.NET (10.91.34.94) To
    GST401EX131.GST401.CSO.LABS.RIM.NET (10.91.34.90)


    --gtEqiSdg26I7Vq5OfV2FuOXGM5BGmQMkf Content-Type: application/pgp-encrypted; name="PGPMIME version identification" Content-Description: PGPMIME version identification Content-Disposition: attachment; filename="PGPMIME version identification"


    Version: 1


    --gtEqiSdg26I7Vq5OfV2FuOXGM5BGmQMkf Content-Type: application/octet-stream; name="encrypted.asc" Content-Description: encrypted.asc Content-Disposition: inline; filename="encrypted.asc"

    Symantec Encryption Desktop

    x-pgp-mapi-encoding-version: 2.5.0
    x-pgp-encoding-version: 2.0.2
    x-pgp-encoding-format: MIME
    x-originating-ip: [10.91.52.248]
    Content-Type: multipart/mixed;
       boundary="_003_3C86BF38ACFCE444854ED4EEFD2B268F2266DFC6GST401EX101GST4_"
    MIME-Version: 1.0
    Return-Path: [email blocked]


    --_003_3C86BF38ACFCE444854ED4EEFD2B268F2266DFC6GST401EX101GST4_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable


    --_003_3C86BF38ACFCE444854ED4EEFD2B268F2266DFC6GST401EX101GST4_ Content-Type: application/pgp-encrypted; name="Version.txt" Content-Description: Version.txt Content-Disposition: attachment; filename="Version.txt"; size=12; creation-date="Thu, 14 Jan 2016 13:50:51 GMT"; modification-date="Thu, 14 Jan 2016 13:50:51 GMT" Content-Transfer-Encoding: base64


    VmVyc2lvbjogMQ0K


    --_003_3C86BF38ACFCE444854ED4EEFD2B268F2266DFC6GST401EX101GST4_ Content-Type: application/octet-stream; name="Message.pgp" Content-Description: Message.pgp Content-Disposition: attachment; filename="Message.pgp"; size=100884; creation-date="Thu, 14 Jan 2016 13:50:51 GMT"; modification-date="Thu, 14 Jan 2016 13:50:51 GMT" Content-Transfer-Encoding: base64
  25. Support Staff 23 Posted by Steve on 11 Feb, 2016 02:57 PM

    Steve's Avatar

    "PGP-wise Blackberry currently supports only Symantec format, which violates IETF OpenPGP standard. Blackberry won't change (as they use Symantec PGP library)."

    Sounds like a bad design decision by management then. Using a proprietary format which violates an IETF standard.

  26. 24 Posted by mouse008 on 11 Feb, 2016 09:34 PM

    mouse008's Avatar

    Sounds like a bad design decision by management then. Using a proprietary format which violates an IETF standard.

    You're absolutely correct, and the fault is certainly theirs. But...

    The question is whether we here can (and are willing to) remedy this situation, allowing generation and parsing of that incorrect format, say upon a given switch or parameter? To enable PGP communications with that (stupidly) non-compliant Blackberry?

  27. Support Staff 25 Posted by Steve on 12 Feb, 2016 04:47 PM

    Steve's Avatar

    I don't think it would be smart to step into that trap. What if mails get encrypted in that format and then can no longer be decrypted by normal OpenPGP clients. So maybe time to buy another mobile? OpenPGP solutions exist on iOS and Android. WindowsPhone I don't know, but considering their growth rate I'd highly suspect the answer is "no" on that platform.

    Or call Blackberry and talk to a higher rank general in that company and explain why OpenPGP is needed. Sometimes you just need to talk to the right person and explain why something is broken. I would guess, that high rank management is not heavily using OpenPGP on BlackberryOS. So they are simply not aware of this issue. They are either using their Blackberry Messenger or have some secretary do that for them.

  28. Steve closed this discussion on 24 Mar, 2016 02:17 PM.

  29. Microsoft Office 365 Message Encryption re-opened this discussion on 03 Feb, 2017 09:34 PM

  30. 26 Posted by Microsoft Offic... on 03 Feb, 2017 09:34 PM

    Microsoft Office 365 Message Encryption's Avatar
    Office 365 Logo
    Use the passcode to sign in
    82094300

    To view your message, type the passcode into the web page where you requested it. This passcode matches reference code 7649.

    NOTE: This passcode expires 15 minutes after it was requested.






    This message is automatically generated. Please don't reply to it.
  31. Support Staff 27 Posted by Steve on 03 Feb, 2017 09:36 PM

    Steve's Avatar

    whatever this is, I set this discussion to private and am closing it.

  32. Steve closed this discussion on 03 Feb, 2017 09:36 PM.

  33. Steve re-opened this discussion on 19 Feb, 2017 05:24 PM

  34. Steve closed this discussion on 19 Feb, 2017 05:25 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac