Re: Efail or OpenPGP is safer than S/MIME

Andrew Gallagher Mon, 14 May 2018 04:15:52 -0700

On 14/05/18 10:42, Robert J. Hansen wrote:
> ... Yep, GnuPG will warn you the message was not integrity protected.
> Your email client should see this warning and refuse to render the message.


I tried again using CAST5 instead of MD5 to bypass the smartcard bug.
The news is not good.

```
andrewg@fred:~$ gpg --recipient 0xFB73E21AF1163937 --cipher-algo CAST5
--disable-mdc --encrypt --sign --armor reply.txt
gpg: using "00CC54C6A0C601691AF4931FFB73E21AF1163937" as default secret
key for signing
File 'reply.txt.asc' exists. Overwrite? (y/N) y
andrewg@fred:~$ gpg reply.txt.asc
gpg: WARNING: no command supplied.  Trying to guess what you mean ...
gpg: encrypted with 4096-bit RSA key, ID 0x6B09069314549D4B, created
2013-07-02
      "Andrew Gallagher <andr...@andrewg.com>"
File 'reply.txt' exists. Overwrite? (y/N)
Enter new filename: foo
gpg: Signature made Mon 14 May 2018 11:57:17 IST
gpg:                using RSA key 291E79A1DC55AE27A52EEF835C1EC404D5906629
gpg: Good signature from "Andrew Gallagher <andr...@andrewg.com>" [ultimate]
gpg:                 aka "Andrew Gallagher <andr...@llagher.net>" [ultimate]
gpg:                 aka "Andrew Gallagher <ab.gallag...@gmail.com>"
[ultimate]
gpg:                 aka "Andrew Gallagher
<andrew.gallagher@siren.solutions>" [ultimate]
gpg:                 aka "[jpeg image of size 18803]" [ultimate]
gpg:                 aka "Andrew Gallagher <andrew.gallag...@siren.io>"
[ultimate]
Primary key fingerprint: 00CC 54C6 A0C6 0169 1AF4  931F FB73 E21A F116 3937
     Subkey fingerprint: 291E 79A1 DC55 AE27 A52E  EF83 5C1E C404 D590 6629
gpg: WARNING: message was not integrity protected
```

So far so good - gnupg correctly throws a warning. But:

```
andrewg@fred:~$ cat reply.txt.asc | mailx andr...@andrewg.com -s "test
message"
```

Now in Enigmail, I get a decrypted message with a green bar and no
warnings whatsoever:

```
Enigmail Security Info

Decrypted message
Good signature from Andrew Gallagher <andr...@andrewg.com>
Key ID: 0xF1163937 / Signed on: 14/05/18, 11:57
Key fingerprint: 00CC 54C6 A0C6 0169 1AF4 931F FB73 E21A F116 3937

Used Algorithms: RSA and SHA512

Note: The message is encrypted for the following User ID's / Keys:
  0x6B09069314549D4B (Andrew Gallagher <andr...@andrewg.com>)
```

So it would appear that Enigmail IS VULNERABLE.

I have reproduced this on debian's 2:1.9.9-1~deb9u1 (v1.9.9) and 2.0.3
on Mac. By comparison, the default cipher (AES) correctly throws a
decryption error in enigmail using the same test systems.

-- 
Andrew Gallagher

signature.asc
Description: OpenPGP digital signature

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Efail or OpenPGP is safer than S/MIME

Reply via email to