PHP openssl_pkcs7_decrypt BUG

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

PHP openssl_pkcs7_decrypt BUG

Kyle Francis
So it appears as though there is a bug in decrypting emails when using
.  It appears as though the error only surfaces (sometimes) when
decrypting with the sender's credentials.  This leads to some, not all,
messages not being able to be decrypted from the "Sent" folder in
Roundcube.  The emails that cannot be decrypted from the "Sent" folder
are successfully decrypted when viewing in Thunderbird (either from the
recipients account or the sender's account).  This tells me the bug is
with the php function openssl_pkcs7_decrypt.  The same email is also not
able to be decrypted utilizing openssl from the command line.

All emails successfully decrypt with gpgsm.

I could do one of two things:

1.  Decrypt utilizing gpgsm, keep openssl_pkcs7_* functions for
everything else and
     attempt to fix/submit patch for openssl[_pkcs7_decrypt] function at
a later date.
     Pro - least amount of re-work
           could make it into an upcoming beta
     Con - "messy"/fragmented solution

2.  Re-write all openssl_pkcs7_* PHP functions to utilize gpgsm
     Pro - unified, "clean" solution
           gpgsm integrates with gpg for public/private key storage
           decrypted emails would never be written to file
     Con - extensive rework
           Probably won't make the next beta
           Importing pkcs12 files into keyrings is currently "messy"
             and would still require use of openssl_pkcs7 function for
             certificate manipulation

I'd really like to see this feature be wrapped up, but I also want to do
it right. Thoughts?

-Kyle
_______________________________________________
Roundcube Development discussion mailing list
[hidden email]
http://lists.roundcube.net/mailman/listinfo/dev
Reply | Threaded
Open this post in threaded view
|

Re: PHP openssl_pkcs7_decrypt BUG

Vladimir Gorpenko
Hi!

It is very strange. Of course, I read letters from the Sent folder not
really often. Besides I encrypt not all the letters. But neither I, nor
my users never noted that the letter from the Sent folder didn't open.

I just know the user at whom all outgoing mail is encrypted. I will try
to look at his Sent folder.

I use openssl.

But from where function to know that the letter given to it - from the
Sent folder?

---
Best regards,
    Vladimir Gorpenko

Kyle Francis писал 2016-10-06 19:43:

> So it appears as though there is a bug in decrypting emails when using
> .  It appears as though the error only surfaces (sometimes) when
> decrypting with the sender's credentials.  This leads to some, not
> all, messages not being able to be decrypted from the "Sent" folder in
> Roundcube.  The emails that cannot be decrypted from the "Sent" folder
> are successfully decrypted when viewing in Thunderbird (either from
> the recipients account or the sender's account).  This tells me the
> bug is with the php function openssl_pkcs7_decrypt.  The same email is
> also not able to be decrypted utilizing openssl from the command line.
>
> All emails successfully decrypt with gpgsm.
>
> I could do one of two things:
>
> 1.  Decrypt utilizing gpgsm, keep openssl_pkcs7_* functions for
> everything else and
>     attempt to fix/submit patch for openssl[_pkcs7_decrypt] function
> at a later date.
>     Pro - least amount of re-work
>           could make it into an upcoming beta
>     Con - "messy"/fragmented solution
>
> 2.  Re-write all openssl_pkcs7_* PHP functions to utilize gpgsm
>     Pro - unified, "clean" solution
>           gpgsm integrates with gpg for public/private key storage
>           decrypted emails would never be written to file
>     Con - extensive rework
>           Probably won't make the next beta
>           Importing pkcs12 files into keyrings is currently "messy"
>             and would still require use of openssl_pkcs7 function for
>             certificate manipulation
>
> I'd really like to see this feature be wrapped up, but I also want to
> do it right. Thoughts?
>
> -Kyle
> _______________________________________________
> Roundcube Development discussion mailing list
> [hidden email]
> http://lists.roundcube.net/mailman/listinfo/dev
_______________________________________________
Roundcube Development discussion mailing list
[hidden email]
http://lists.roundcube.net/mailman/listinfo/dev