Efail or OpenPGP is safer than S/MIME
andrewg at andrewg.com
Mon May 14 13:13:31 CEST 2018
On 14/05/18 10:42, Robert J. Hansen wrote:
> ... Yep, GnuPG will warn you the message was not integrity protected.
> Your email client should see this warning and refuse to render the message.
I tried again using CAST5 instead of MD5 to bypass the smartcard bug.
The news is not good.
andrewg at fred:~$ gpg --recipient 0xFB73E21AF1163937 --cipher-algo CAST5
--disable-mdc --encrypt --sign --armor reply.txt
gpg: using "00CC54C6A0C601691AF4931FFB73E21AF1163937" as default secret
key for signing
File 'reply.txt.asc' exists. Overwrite? (y/N) y
andrewg at fred:~$ gpg reply.txt.asc
gpg: WARNING: no command supplied. Trying to guess what you mean ...
gpg: encrypted with 4096-bit RSA key, ID 0x6B09069314549D4B, created
"Andrew Gallagher <andrewg at andrewg.com>"
File 'reply.txt' exists. Overwrite? (y/N)
Enter new filename: foo
gpg: Signature made Mon 14 May 2018 11:57:17 IST
gpg: using RSA key 291E79A1DC55AE27A52EEF835C1EC404D5906629
gpg: Good signature from "Andrew Gallagher <andrewg at andrewg.com>" [ultimate]
gpg: aka "Andrew Gallagher <andrewg at llagher.net>" [ultimate]
gpg: aka "Andrew Gallagher <ab.gallagher at gmail.com>"
gpg: aka "Andrew Gallagher
<andrew.gallagher at siren.solutions>" [ultimate]
gpg: aka "[jpeg image of size 18803]" [ultimate]
gpg: aka "Andrew Gallagher <andrew.gallagher at siren.io>"
Primary key fingerprint: 00CC 54C6 A0C6 0169 1AF4 931F FB73 E21A F116 3937
Subkey fingerprint: 291E 79A1 DC55 AE27 A52E EF83 5C1E C404 D590 6629
gpg: WARNING: message was not integrity protected
So far so good - gnupg correctly throws a warning. But:
andrewg at fred:~$ cat reply.txt.asc | mailx andrewg at andrewg.com -s "test
Now in Enigmail, I get a decrypted message with a green bar and no
Enigmail Security Info
Good signature from Andrew Gallagher <andrewg at andrewg.com>
Key ID: 0xF1163937 / Signed on: 14/05/18, 11:57
Key fingerprint: 00CC 54C6 A0C6 0169 1AF4 931F FB73 E21A F116 3937
Used Algorithms: RSA and SHA512
Note: The message is encrypted for the following User ID's / Keys:
0x6B09069314549D4B (Andrew Gallagher <andrewg at andrewg.com>)
So it would appear that Enigmail IS VULNERABLE.
I have reproduced this on debian's 2:1.9.9-1~deb9u1 (v1.9.9) and 2.0.3
on Mac. By comparison, the default cipher (AES) correctly throws a
decryption error in enigmail using the same test systems.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 862 bytes
Desc: OpenPGP digital signature
More information about the Gnupg-users