Mailing List Archive: Fwd: KMail does not decrypt SMIME

Fwd: KMail does not decrypt SMIME

Apr 18, 2007, 12:40 PM

Post #1 of 3 (6956 views)

Hi!

I'm forwarding your message to gpa-dev@gnupg.org where the GnuPG experts
reside.

Regards,
Ingo

---------- Forwarded Message ----------

Subject: KMail does not decrypt SMIME
Date: Tuesday 17 April 2007 21:39
From: M Hoeller <M_Hoeller@nurfuerspam.de>
To: kmail-devel@kde.org

Hello,

I have a problem to decrypt Mails which are encrypted with SMIME /
x.509.

I have: successfully set up OpenPGP to en- and decrypt and have
validated this with others.

Also I can sign and encrypt mails with my x.509 certificat from
CAcert.org. Others can decrypt the mails I have encrypted and signed.

BUT i can not decrypt mails which others have encrypted with x.509.
I always get the message: message decryption failed: unsupported
algorithm RC2. I have attatched the log from gpgsm.

I use gpgsm 1.9.22 which does not support RC2 due to patent issues,
and RC2 is outdated anyway. I have KMail 1.9.6 with kde 3.5.6 release
64.1 and a openSUSE 10.2.

Since one of the senders use Thunderbird 1.5.0.10 I come to the
impression that it is NOT that I receive RC2 (Thunderbird in this
version does not send RC2 but 3DES afaik).
On the other hand gpgsm throws the error only when the algorithm is
truely indentyvied:

Look at the error handling code:
rc = gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
log_error ("unsupported algorithm `%s'\n", algoid?
algoid:"?");
if (algoid && !strcmp (algoid, "1.2.840.113549.3.2"))
log_info (_("(this is the RC2 algorithm)\n"));

How everI have also to look at my configuration and this is still a
miracle to me.

Is there some where step by step how to install / check
kmail/kleopatra and the gpgME setup? I have used guessing to set up
and this is never good. On the other hand I did not find a good
source of information.

It would be really great if someone could, please. Post a quick list
of what to check.

One of the questions is if I should use the dirmgr or gpg-agent? I
also commit that I have poor knowledge here and that I want to get
this improved, though I really did not find single place which
describes how the things link to gether.

Here is the data I am refering to:

User-Agent: Thunderbird 1.5.0.10 (X11/20070306)
MIME-Version: 1.0
X-Enigmail-Version: 0.94.0.0
OpenPGP: id=BDD13B90; url=http://tinyurl.com/5d8mm
Content-Type: application/x-pkcs7-mime; name="smime.p7m"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7m"
Content-Description: S/MIME Encrypted Message

gpgsm log:

4 - 2007-04-16 21:32:46 gpgsm[7623.0x8084a98] DBG: <- DECRYPT
4 - 2007-04-16 21:32:46 gpgsm[7623]: unsupported algorithm
`1.2.840.113549.3.2'
4 - 2007-04-16 21:32:46 gpgsm[7623]: (Dies ist der RC-2 Algorithmus)
4 - 2007-04-16 21:32:46 gpgsm[7623.0x8084a98] DBG: -> S ERROR
decrypt.algorithm 50331732 1.2.840.113549.3.2
4 - 2007-04-16 21:32:46 gpgsm[7623.0x8084a98] DBG: -> S
DECRYPTION_FAILED
4 - 2007-04-16 21:32:46 gpgsm[7623]: message decryption failed: Nicht
unterstütztes Verfahren
4 - 2007-04-16 21:32:46 gpgsm[7623.0x8084a98] DBG: -> ERR 50331732
Nicht unterstütztes Verfahren
4 - 2007-04-16 21:32:47 gpgsm[7623.0x8084a98] DBG: <- BYE

Thanks a lot and have a nice day
Michael
_______________________________________________
KMail developers mailing list
KMail-devel@kde.org
https://mail.kde.org/mailman/listinfo/kmail-devel

-------------------------------------------------------

Re: Fwd: KMail does not decrypt SMIME [ In reply to ]

bernhard at intevation

Apr 19, 2007, 2:08 AM

Post #2 of 3 (6699 views)

Permalink

On Wednesday 18 April 2007 21:40, Ingo Klöcker wrote:
> I'm forwarding your message to gpa-dev@gnupg.org where the GnuPG experts
> reside.

> ---------- Forwarded Message ----------
> Subject: KMail does not decrypt SMIME
> Date: Tuesday 17 April 2007 21:39
> From: M Hoeller <M_Hoeller@nurfuerspam.de>
> To: kmail-devel@kde.org

> I have a problem to decrypt Mails which are encrypted with SMIME /
> x.509.
>
> I have: successfully set up OpenPGP to en- and decrypt and have
> validated this with others.
>
> Also I can sign and encrypt mails with my x.509 certificat from
> CAcert.org. Others can decrypt the mails I have encrypted and signed.
>
> BUT i can not decrypt mails which others have encrypted with x.509.
> I always get the message: message decryption failed: unsupported
> algorithm RC2. I have attatched the log from gpgsm.
>
> I use gpgsm 1.9.22 which does not support RC2 due to patent issues,
> and RC2 is outdated anyway. I have KMail 1.9.6 with kde 3.5.6 release
> 64.1 and a openSUSE 10.2.
>
> Since one of the senders use Thunderbird 1.5.0.10 I come to the
> impression that it is NOT that I receive RC2 (Thunderbird in this
> version does not send RC2 but 3DES afaik).
> On the other hand gpgsm throws the error only when the algorithm is
> truely indentyvied:
>
> Look at the error handling code:
> rc = gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
> log_error ("unsupported algorithm `%s'\n", algoid?
> algoid:"?");
> if (algoid && !strcmp (algoid, "1.2.840.113549.3.2"))
> log_info (_("(this is the RC2 algorithm)\n"));
>
>
> How everI have also to look at my configuration and this is still a
> miracle to me.
>
> Is there some where step by step how to install / check
> kmail/kleopatra and the gpgME setup? I have used guessing to set up
> and this is never good. On the other hand I did not find a good
> source of information.

To further track down this problem, you should try to seperate
the the problem between frontend (KMail) and cryptoback end.
Try to save the smime.p7m that you have got to a file with KMail
and then decode it with gpgsm --decrypt -v
on the command line. If this does also not work, you know that
KMail is out of the picture.

> One of the questions is if I should use the dirmgr or gpg-agent?

Both.
gpg-agent does the secret key work and might cache your passphrase for
instance.
dirmngr fetches the public certification revocation lists.

> I also commit that I have poor knowledge here and that I want to get
> this improved, though I really did not find single place which
> describes how the things link to gether.

http://www.gnupg.org/aegypten/ (and aegpyten2).

>
> Here is the data I am refering to:
>
> User-Agent: Thunderbird 1.5.0.10 (X11/20070306)
> MIME-Version: 1.0
> X-Enigmail-Version: 0.94.0.0
> OpenPGP: id=BDD13B90; url=http://tinyurl.com/5d8mm
> Content-Type: application/x-pkcs7-mime; name="smime.p7m"
> Content-Transfer-Encoding: base64
> Content-Disposition: attachment; filename="smime.p7m"
> Content-Description: S/MIME Encrypted Message
>
> gpgsm log:
>
> 4 - 2007-04-16 21:32:46 gpgsm[7623.0x8084a98] DBG: <- DECRYPT
> 4 - 2007-04-16 21:32:46 gpgsm[7623]: unsupported algorithm
> `1.2.840.113549.3.2'
> 4 - 2007-04-16 21:32:46 gpgsm[7623]: (Dies ist der RC-2 Algorithmus)

The problem could be on the Thunderbird side as well,
if they do not use rc-2, why are they using this oid?

Bernhard

--
Managing Director - Owner: www.intevation.net (Free Software Company)
Germany Coordinator: fsfeurope.org. Coordinator: www.Kolab-Konsortium.com.
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner

Re: Fwd: KMail does not decrypt SMIME [ In reply to ]

wk at gnupg

Apr 19, 2007, 5:02 AM

Post #3 of 3 (6705 views)

Permalink

On Wed, 18 Apr 2007 21:40, kloecker@kde.org said:

> I'm forwarding your message to gpa-dev@gnupg.org where the GnuPG experts
> reside.

This problem has already been discussed on gnupg-users and by private
mail. It is a TB problem which sends RC2 encoded messages - despite
what the TB developers claim. No need to open yet another channel.

Shalom-Salam,

Werner

_______________________________________________
Gpa-dev mailing list
Gpa-dev@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gpa-dev

Mailing List Archive

Mailing List Archive

Attached Files: