Efail or OpenPGP is safer than S/MIME

Robert J. Hansen rjh at sixdemonbag.org
Mon May 14 13:25:09 CEST 2018 

... and Patrick, moving faster than the speed of light, already has the
bug triaged and bounced back.  This is actually a GnuPG bug, not an
Enigmail bug.  From Patrick:

=====

The problem is that gpg doesn't say anything. I would expect a
DECRYPTION_FAILED message here:

[GNUPG:] ENC_TO 5F5FDF400616A9CF 1 0
[GNUPG:] KEY_CONSIDERED 4F9F89F5505AC1D1A260631CDB1187B9DD5F693B 0
[GNUPG:] KEY_CONSIDERED 4F9F89F5505AC1D1A260631CDB1187B9DD5F693B 0
gpg: WARNING: cipher algorithm CAST5 not found in recipient preferences
[GNUPG:] DECRYPTION_KEY 530187ED159A04E6F53ED1385F5FDF400616A9CF
4F9F89F5505AC1D1A260631CDB1187B9DD5F693B u
[GNUPG:] KEY_CONSIDERED 4F9F89F5505AC1D1A260631CDB1187B9DD5F693B 0
gpg: encrypted with 4096-bit RSA key, ID 5F5FDF400616A9CF, created
2018-01-17
      "Patrick Brunschwig <patrick at enigmail.net>"
[GNUPG:] BEGIN_DECRYPTION
[GNUPG:] DECRYPTION_INFO 0 3
[GNUPG:] PLAINTEXT 62 1526296937
[GNUPG:] PLAINTEXT_LENGTH 4
abc
[GNUPG:] NEWSIG
gpg: Signature made Mon May 14 13:22:17 2018 CEST
gpg:                using RSA key 4F9F89F5505AC1D1A260631CDB1187B9DD5F693B
[GNUPG:] KEY_CONSIDERED 4F9F89F5505AC1D1A260631CDB1187B9DD5F693B 0
[GNUPG:] SIG_ID Rh02jRM7bb5K0OOXQaEgmdJF+Bo 2018-05-14 1526296937
[GNUPG:] KEY_CONSIDERED 4F9F89F5505AC1D1A260631CDB1187B9DD5F693B 0
[GNUPG:] GOODSIG DB1187B9DD5F693B Patrick Brunschwig <patrick at enigmail.net>
gpg: Good signature from "Patrick Brunschwig <patrick at enigmail.net>"
[ultimate]
gpg:                 aka "Patrick Brunschwig <patrick at brunschwig.net>"
[ultimate]
gpg:                 aka "[jpeg image of size 13251]" [ultimate]
[GNUPG:] VALIDSIG 4F9F89F5505AC1D1A260631CDB1187B9DD5F693B 2018-05-14
1526296937 0 4 0 1 10 00 4F9F89F5505AC1D1A260631CDB1187B9DD5F693B
[GNUPG:] TRUST_ULTIMATE 0 direct
[GNUPG:] VERIFICATION_COMPLIANCE_MODE 23
[GNUPG:] DECRYPTION_OKAY
gpg: WARNING: message was not integrity protected
[GNUPG:] END_DECRYPTION

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20180514/1849300b/attachment-0001.sig>

More information about the Gnupg-users mailing list