-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Nylas Doesn't decrypt emails/attachments #2452
Comments
Hi Sam - thanks for writing in. Sorry there wasn't better error handling here - that's #1 on the to-do list. Anyways, at a glance, there could be three things going on here:
Have you imported your private key on the preferences page? Is it associated with the email address your friend sent a message to? Did you type the password correctly? If it's not any of those, it's probably something to do with kbpgp not handling the inbound message properly, and I might need a sample email to test against. We did test against Enigmail, though, so I'd be a bit surprised if that were the issue at hand. |
I imported my public and private keys from Keybase (where they were generated) into N1. As a test I encrypted a message to myself at Keybase and mailed the encrypted message block to myself. N1 correctly detects that it is an encrypted message and provides a "Decrypt" button which in turn allows me to enter my passphrase. However, even after selecting "Done", the message is not decryped; in fact, nothing happens - no error message or anything. The passphrase box simply closes. I am, however, able to successfully decrypt this message at Keybase, proving that I have the correct passphrase. Also, keybase invites aren't working (though I have no need for one). |
Hi Sam, The important thing is that the private key be associated with the recipient email address. If you receive an email at [email protected], and it's encrypted for the private key that you have associated with [email protected] on the Preferences page, the Decrypt operation will look for private keys associated with [email protected], not find any, and fail - alas, silently. (I've actually already added an error message for this case, and it'll ship as an update in the next version of N1.) If that's not the issue, and you're certain that your private key is both imported and associated with the correct email account, feel free to email me at [email protected] with test messages. |
Logan, I understand the above was directed at Sam, but I can confirm that I have associated the correct e-mail addresses with my private key (and my key was generated for use with these 3 addresses). To the extent I can help, what sort of test message would you need? |
Yup, this is the issue I'm seeing. On Fri, Jun 17, 2016 at 1:19 PM, Jason Tokoph [email protected]
|
I see this in the console:
|
jtokoph - thanks for the super detailed bug report. "No tailer found" occurs when the encrypted block is improperly formatted. It looks like one of the other plugins you have enabled may be changing the formatting of the encrypted message body. The reason the message decrypts successfully in the gpg-client is likely because, if you pasted it over, the copy/paste didn't pick up the HTML tags that the other plugin added. For reference, the message should look like this: Can you confirm that the message you sent was from within N1? Can you tell me which other plugins you have enabled, along with which OS you're on? Thanks, |
It looks like my issue could be related to the ---- END PGP MESSAGE ---- being split across two lines. Another issue I'm running into is:
When i decrypt with PGP:
It looks like N1 might be having issues using subkeys? |
I've done some more debugging and realized that I may have run into an issue when importing my keys because I had tried to import the public and private key at the same time. I pasted my public and private key blobs into the import box, entered email address, entered passphrase and then imported. I didn't get any error, but the private key had showed up in the pane as if it imported properly. I tried exporting the key from N1 and it said that there wasn't any data, so I deleted it and reimported the private key by itself. Now it seems to work properly. |
Ah! Thank you so much for figuring that out jtokoph - I almost certainly wouldn't have been able to debug that remotely. Nice catch; the import function should definitely error out in that case. In fact, I'm quite surprised that the "valid key" check we're doing with kbpgp didn't catch that... Leaving the issue open for mookerific and Sam2304, who I imagine aren't having the same issue as you. |
I think the issue related to tailer not being found is that the keybase plugin is processing the html version of messages instead of the plain text versions. Processing emails encrypted by N1 works fine because it wraps the encrypted email in a In my case, I was sent messages by people who encrypted with the keybase.io web UI, and then copy pasted into a new email to me. The email client doesn't know that it should wrap this pasted content in a pre tag and skip adding spacing tags. Here is a sample email body and select headers for an email that doesn't decrypt properly:
When logging the message to the console in Could N1 be modified to allow the keybase plugin to have access to the plaintext version of the email if it exists? Is there any API to choose which part to use as the message body? |
To your last two questions, no, those capabilities don't exist. Incidentally, this is why the PGP plugin doesn't have message signing - we had no way to prevent other plugins like the spellchecker from adding HTML tags with ApplyDraftTransform on send. I'm working on it. Did these people copy/pasting the email in paste it into N1, or into some other client? We, of course, can't control the behavior of other clients when encrypted blocks get dropped into their composers. We can do a little parsing to accommodate slightly improperly formatted blocks, but at the end of the day there's simply no way to account for all the ways that another mail client's bad encryption formatting process could cause errors on this side. That said, we had in fact been previously encountering this issue (before we added the pre tag), so there's actually a parsing line that shipped with the code. Can you try uncommenting line 410 of pgp-key-store.cjsx? Does the improperly sent message decrypt correctly then? |
Uncommenting that line didn't do it by itself, but adding The Mailvelope browser extension does this parsing before attempting to decrypt and has worked on any message I've received: https://github.com/mailvelope/mailvelope/blob/fc5f62a3c65c1e08bfa7cb006e194b3f1b585ae3/common/ui/inline/extractFrame.js#L142 |
On a slightly different note (and on my Windows installation): after having added my public key by fetching it from Keybase and associating the 3 associated e-mail addresses, I went to import my private key. I cut and pasted my private key from Keybase into the relevant window, entered one of my e-mail addresses and entered the passphrase. The key was added successully. However, when attempting to associate the remaining to e-mail addresses with the private key, I'm getting the error below. |
mookerific - yes, I've encountered that personally, it's a known issue. It's a really stupid little bug that took 5 seconds to fix but unfortunately wasn't caught in code review. Patch will be shipping for the next release. Until then, you can't add an email address to a private key if there is already a public key with that address. As a temporary workaround, try removing the address from the public key first, then adding it to the private key. Very sorry - stupid little error. |
jtokoph - Great, thanks for the recommendation! I will definitely dig into how mailvelope is doing this pre-message cleaning. You can expect to see a patch for that shipped in the next release of N1. |
Got it. By the way, apologies if I'm muddying the water with my lack of
|
Apologies for the slow response, interesting reading above! I can successfully decrypt downloaded emails using I tried removing my public key from Nylas, and associating various case-sensitive variations of my email address to the private key as associated emails, still to no avail... I've had a look at the encrypted email (sent as an attachment) and it doesn't get mangled by anything, could it be that the GnuPGP stuff requires keybase pgp decrypt rather than keybase decrypt? Is there an equivalently different function to call in the keybase library this is based on? Also, I'm still not seeing anything appear in logs, I've tried doing all this running with debug flags and still nothing, is there anything I can do to better trace this? |
Interestingly, sending myself an encrypted email encrypts and decrypts successfully! That would suggest its something to do with my colleague using a different encryption? My successful decryption used:
whereas my colleague's (unsuccessful in Nylas, works with
|
can confirm the issue. If I copy the email from outside of N1 and paste it into Keybase's browser decrypt box, it decrypts fine so the keys are good. An example was copying the text from my mobile device and pasting it into Keybase. This works fine |
This is not resolved on 04.47 I don't Facebook but is this still failing on FB emails? |
Seeing:
Worth noting that I am using a hardware device with my private key. This looks similar to: keybase/keybase-issues#1885 |
Hi Ive run into this issue. while openning thread: this appears in console:
and then while encrypting message just: the message is 100% correct (i can decrypt it using Im using nylas 1.5.0 on Linux |
Hi Folks,
Eagerly getting keybase setup with nylas and I can confirm that encrypting email bodies works! It does however result in HTML tags flooding the recipients screen (my colleague is using Thunderbird with Enigmail). But the encryption stuff all works.
When he replies however, using a GnuPG v2 encrypted email (either as body text or as an attachment), Nylas correctly determines that it is encrypted and provides a button to decrypt the message.
When i click that message however, nothing happens, I see nothing in the log, and I have no visual feedback that anything happened at all beyond the password box disappearing.
Further, the next time I try, the password box re-appears, despite the suggestion that the password will be cached for 30 minutes.
As a side note, I have also noticed that I cannot hit enter to submit the password, I have to mouse click the Done button.
What can I do to assist with debugging/getting this working?
Are there any related issues?
Possibly #2444
What operating system are you using?
Ubuntu 15.10 (64Bit)
What version of N1 are you using?
0.4.45-7637265
Bug?
Do you have any third-party plugins installed?
Installed plugins:
Is the issue related to a specific email provider (Gmail, Exchange, etc.)?
I've only tried this so far on an Exchange account but can try with Gmail if you feel that will be relevant.
Is the issue reproducible with a particular attachment, message, signature, etc?
The text was updated successfully, but these errors were encountered: