Encrypted attachments cannot be opened or saved as decrypted files

Created attachment 9173976
Screenshot.png

User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.135 Safari/537.36

Steps to reproduce:

Testet with TB 78.1.1 and 78.2.1 on Windows 10.

I received a mail with multiple mime-parts: a html body and an encrypted attachment.

MIME-Version: 1.0
Content-Type: MULTIPART/MIXED; BOUNDARY="123456789-11111-9876543210=:4444"

--123456789-11111-9876543210=:4444
Content-Type: TEXT/HTML; CHARSET=ISO-8859-1
Content-Transfer-Encoding: 8bit

-----BEGIN PGP MESSAGE-----
...snip...
-----END PGP MESSAGE-----
--123456789-11111-9876543210=:4444
Content-Type: APPLICATION/pdf; name="Antragsnummer_123456789.pdf.pgp"
Content-Transfer-Encoding: 8bit

-----BEGIN PGP MESSAGE-----
...snip...
-----END PGP MESSAGE-----
--123456789-11111-9876543210=:4444--

Actual results:

The message-body part decrypt successfully. But i can't open or save the attachment decrypted. While click "Decrypt and Open..." and "Decrypt and Save As..." nothing happend.

Expected results:

The attachment will be successfully decrypted and open/save with old TB Version <=68 and enigmail-addon.

Hello,

Same problem observed with TB 78.2.2

Best Regards

Created attachment 9176781
console output when clicking decrypt&save

same issue here on Win10, TB 78.2.2.

I've attached the console output when clicking those buttons.

Best regards

Issue still exists on TB 78.3.1

+1

Issue still exists on TB 78.3.2

Issue still exists on TB 78.3.3

Issue still exists on TB 78.4.0

*** Bug 1672231 has been marked as a duplicate of this bug. ***

Issue still exists on TB 78.4.1

Confirming based on numerous reports from commenters and 1 duplicate.
Not being able to save an encrypted attachment as unencrypted sounds like a considerable detriment. -> S2.

Issue still exists on TB 78.4.2

No surprise there - this needs a lot of hooking up. We should probably disable the menus until it's done.

https://searchfox.org/comm-central/rev/fdf77683a80c9b1dc7f3c3cb393a6ea895836948/mail/extensions/openpgp/content/modules/cryptoAPI/RNPCryptoAPI.jsm#179
https://searchfox.org/comm-central/rev/fdf77683a80c9b1dc7f3c3cb393a6ea895836948/mail/extensions/openpgp/content/modules/attachment.jsm#18
https://searchfox.org/comm-central/rev/fdf77683a80c9b1dc7f3c3cb393a6ea895836948/mail/extensions/openpgp/content/ui/enigmailMessengerOverlay.js#2755

I think this should instead use RNP.decrypt directly.

Issue still exists on TB 78.4.3

*** Bug 1677155 has been marked as a duplicate of this bug. ***

Kai, should we just hide this menu until it's working? Or you you have code pointers to how to fix it?

Hiding is not a solution. Customers keep sending mail with encrypted attachments. The only alternative then is a separate encrypting program what is a big step back and you must manage two keyrings

Well, we'd hide it only until we get it working, which we'd like to do at some point.

Issue still exists on TB 78.5.0

Please hide it until it work!

I just got an update of Thunderbird to 78.4.3 and Enigmail automatically disabled itself with migration of keys to Thunderbird. Ok, thats fine but than I spend several hours trying to understand what is wrong with my setup until I finally have reached this thread and found "it is not implemented".
So, as it doesn't work - please remove menu items in order not to confuse everyone else. Without menu everyone will immediately recognize that he need to forget old convenient way and use another tool (like, 'gpg --decrypt' from console for example)

Issue still exists on TB 78.5.1

Created attachment 9191067
Bug 1663169 - Restore decrypt and save/open right click action for attachments. r=PatrickBrunschwig

(In reply to Magnus Melin [:mkmelin] from comment #15)
> Kai, should we just hide this menu until it's working? Or you you have code pointers to how to fix it?

Looks like I restored the functionality with the attached patch.

Pushed by <email address hidden>:
https://hg.mozilla.org/comm-central/rev/b98061eb01ee
Restore decrypt and save/open right click action for attachments. r=PatrickBrunschwig DONTBUILD

Comment on attachment 9191067
Bug 1663169 - Restore decrypt and save/open right click action for attachments. r=PatrickBrunschwig

[Approval Request Comment]
Regression caused by (bug #): none
User impact if declined: nonworking decrypt feature that's offered in UI
Testing completed (on c-c, etc.):
Risk to taking this patch (and alternatives if risky): low

Comment on attachment 9191067
Bug 1663169 - Restore decrypt and save/open right click action for attachments. r=PatrickBrunschwig

[Triage Comment]
This won't reach beta via uplift.
Approved for esr78

78.6.0
https://hg.mozilla.org/releases/comm-esr78/rev/9e1c528c3a548d27251664c93c94620940672ed2

Tested with 78.6.0 Linux, unfortunately the decrypted files are saved incompletely.

I received two small PDF documents. I clicked "decrypt and save as", but on my filesystem the files have only few bytes. Nothing appears in the error console. I have successfully checked decrypting the pgp-files with gnupg.
```
$ gpg -o Abrechnungsschreiben_6912.pdf-gnupg -d Abrechnungsschreiben_6912.pdf.pgp
$ gpg -o Antragsnummer_79282.pdf-gnupg -d Antragsnummer_79282.pdf.pgp
$ ls -l *pdf*
-rw------- 1 dan users 199 16. Dez 00:00 Abrechnungsschreiben_6912.pdf
-rw-r--r-- 1 dan users 76748 16. Dez 00:00 Abrechnungsschreiben_6912.pdf-gnupg
-rw-r--r-- 1 dan users 86222 16. Dez 00:00 Abrechnungsschreiben_6912.pdf.pgp
-rw------- 1 dan users 123 16. Dez 00:00 Antragsnummer_79282.pdf
-rw-r--r-- 1 dan users 89009 16. Dez 00:00 Antragsnummer_79282.pdf-gnupg
-rw-r--r-- 1 dan users 119047 16. Dez 00:00 Antragsnummer_79282.pdf.pgp
$ cat Antragsnummer_79282.pdf
%PDF-1.4
%õäöü

9 0 obj
<< /Length 2596 /Filter [ /FlateDecode ] /N 3 >>
stream
½H.*1Ͻ7½JÀ RH
$
$ cat Abrechnungsschreiben_6912.pdf
%PDF-1.4
%õäöü

9 0 obj
<<
/Type /XObject
/Subtype /Image
/Name /I1
/Width 828
/Height 143
/BitsPerComponent 8
/ColorSpace /DeviceRGB
/Length 52405 /Filter [ /DCTDecode ] >>
stream
ÿØÿ
$
```

Thank you, for your work.

> I clicked "decrypt and save as", but on my filesystem the files have only few bytes.

Same here. Does not work. :-(

same problem in W10 error in attachment

(In reply to gjo from comment #29)
> same problem in W10 error in attachment (messages box with: null undefined)

Created attachment 9193450
Error message window after clicking "Decrypt and Save As"

Error message window after clicking "Decrypt and Save As" in TB 78.6.0 32-bit.

Hello,

After clicking "Decrypt and Save As" error message window is displayed (as above) and following entry shows in "errors console":
> rnp_op_verify_execute returned unexpected: 268435457 RNP.jsm:991:17

TB 78.6.0 (32 bit)

Best Regards

Tested with 78.6.0 Windows, unfortunately the decrypted files are saved incompletely.
Mode LastWriteTime Length Name
-a---- 17.12.2020 11:07 1403473 x.jpg.asc
-a---- 17.12.2020 11:11 °°°°°°4 x.jpg

PS C:\Users\buz> more x.jpg
ÿØÿà

PS C:\Users\buz> more x.jpg.asc
-----BEGIN PGP MESSAGE-----
...

(In reply to bugzilla from comment #33)
> Tested with 78.6.0 Windows, unfortunately the decrypted files are saved incompletely.
> Mode LastWriteTime Length Name
> -a---- 17.12.2020 11:07 1403473 x.jpg.asc
> -a---- 17.12.2020 11:11 °°°°°°4 x.jpg
>
> PS C:\Users\buz> more x.jpg
> ÿØÿà
>
> PS C:\Users\buz> more x.jpg.asc
> -----BEGIN PGP MESSAGE-----
> ...

The Console only shows this:
12:39:26.123 1608205166123 addons.xpi-utils WARN Add-on <email address hidden> is not compatible with application version.

(In reply to bugzilla from comment #33)
> Tested with 78.6.0 Windows, unfortunately the decrypted files are saved incompletely.
> Mode LastWriteTime Length Name
> -a---- 17.12.2020 11:07 1403473 x.jpg.asc
> -a---- 17.12.2020 11:11 °°°°°°4 x.jpg
>
> PS C:\Users\buz> more x.jpg
> ÿØÿà
>
> PS C:\Users\buz> more x.jpg.asc
> -----BEGIN PGP MESSAGE-----
> ...

11:30:41.069 rnp_op_verify_execute returned unexpected: 268435458

Obviously, my own bug report regarding this has been lost. I reported the same problem some weeks ago, and somebody said this problem would be solved with 78.6.0.

However, I can definitely confirm that the problem is NOT solved in 78.6.0. @Thunderfan has described exactly what happens.

I have tested this under Windows 10 Enterprise and Windows 7, each with TB 78.6.0.

I am aware that Thunderbird is free software with large parts made by volunteers. However, I would also like to make clear that this is not a low-priority problem and that such a long time to fix it is just not acceptable, even if it's free software. That problem is putting more and more pressure on us with each day it remains unfixed.

We are a company which often receives invoices as PGP-encrypted attachments in messages which are not encrypted in whole (only the attachments are encrypted). Since we have upgraded our PCs to TB 78 in the end of last year, not having come to the idea that such a basic and important function would be broken by the update, we have a massive problem in our accounting now. I know other companies and even private persons who also receive invoices and other important, sensitive documents as PGP-encrypted attachment, and suffer similarly.

Our current "solution" is that the administrators ask the users to save the attachments in encrypted form, and use GnuPG on the command line to decrypt them, which means using the users' private keys. This whole process is completely not acceptable under various aspects, among them important legal aspects and the EU GDPR.

If it doesn't get fixed soon, we'll probably have to switch to Outlook. We definitely won't go back to TB 68 where this was working somehow. So I would be glad if we could get a honest and definitive statement from a developer here. We can really understand if this won't get fixed because it is too difficult, is not of high priority from the developers' point of view, or takes too much time. But then please make a clear statement that you won't fix it in the next time. Once again, that would be fair enough, but please let us know about it.

Despite that problem, I'd like to say a big thanks to the development team for all your effort and for providing TB and OpenPGP free of charge. It has been, and still is, a revolution.

Best regards and a happy new year!

I forgot to mention that we experience the problem with TB 64 bit. That means that both versions are broken (@Thunderfan confirmed it for the 32-bit version).

Furthermore, if it helps, I can provide a message example as .eml file if it would help with resolving the issue. If somebody is interested, please let me know how I can send you the example in a safe way. I won't publish it here because it contains a lot of personal data, and while I could easily remove that data from the message itself (I know how to operate a text editor :-)), removing it from the encrypted attachment is not that easy and would at least take some time.

To help you can create a sample message for Alice, and add an encrypted attachment in that mail. Save as .eml and attach it to this bug.
You can find her keys here: https://searchfox.org/comm-central/source/mail/test/browser/openpgp/data/keys

@hyperbolic

These are exactly my thoughts.

Sorry for the delays, I was out sick.

I can confirm the bug. When recently re-enabling this feature, I had tested only using encrypted attachments which decrypt to plain text.
The bug occurs if the attachment decrypts to binary data.

I have a fix that I will send for review.

Created attachment 9196379
Bug 1663169 - Fix decrypting of attachments containing binary data. r=mkmelin

Do you have a sample message to attach, or a simple way to generate it?

It would be better to clone this bug to another one for the specific case, since otherwise tracking flags will all be wrong.

You're right, I'll file a separate bug, and move the patch over there.
Also, I'm working on a test.

Everyone, please use bug 1663169 to track the fix of the remaining bug.
Marking this one fixed again.

Comment on attachment 9196379
Bug 1663169 - Fix decrypting of attachments containing binary data. r=mkmelin

Revision D101351 was moved to bug 1686055. Setting attachment 9196379 to obsolete.

Issue still exists on TB 78.6.1

Issue still exists on TB 78.7.0

You'll want to follow bug 1686055.

On
https://bugzilla.mozilla.org/show_bug.cgi?id=1686055
I read: " status-thunderbird86: --- → fixed"

When and where do we get TB86?

From https://www.thunderbird.net/en-US/#channel - 86 beta1 will be out in a day or two.

Could somebody please tell if this is working in the current beta?

I usually avoid beta versions, but this one might be an exception since this function is extremely important to us. However, I'd rather not install a beta version to learn that it's not fixed yet :-)

The use of External GnuPG in TB still does not allow to decrypt attachments!

(In reply to bugzilla from comment #53)
> The use of External GnuPG in TB still does not allow to decrypt attachments!

If you still see it with 91 beta, please file a new bug.

Is [Bug 1704820] fixed in 91 beta too?

No, that would be the bug (still NEW).

The bug is still present in TB 91.0.3 (I am not talking of external GnuPG here). The only difference, compared to comment #31, is the contents of the dialog box. It now says "Error - decryption failed" instead of "null / undefined".

The general case works for me. If it doesn't work for you, there must be something special going on with the attachment or with your setup.

For the people who are coming to this page via Google: The problem occurs if the attachments are without MDC (which can still happen even today). This has become a new bug report: https://bugzilla.mozilla.org/show_bug.cgi?id=1729221

Does not work for me in 102.0.2 (64-Bit).