[PLUG] Signing and Encrypting Email with Gnome Evolution

Rev. LeRoy Cressy via plug on 13 May 2022 10:00:40 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] Signing and Encrypting Email with Gnome Evolution

From: "Rev. LeRoy Cressy via plug" <plug@lists.phillylinux.org>
To: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Subject: [PLUG] Signing and Encrypting Email with Gnome Evolution
Date: Fri, 13 May 2022 17:00:27 +0000
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail2; t=1652461233; bh=sIjY39I34N4dOEHb8JFP/w6/R1uyZv6j1tG3It77yTY=; h=Date:To:From:Reply-To:Subject:Message-ID:Feedback-ID:From:To:Cc: Date:Subject:Reply-To:Feedback-ID:Message-ID; b=bzYbqfXOBd90Ml8ZBwkwfdFTD3IdMHit8vDzRJATz0S9LN7JMap7ASFIojtixSDCi /OwWGc9Wf/SUja0iCwdFQMMMXF3LyGIVTJpt0dW+mpq2Crz20NzUTzw/Jo4Ng/bL/V OHIKBQUUHyfExOD0uhkSBtHJpzWBlNsNTfDSUxkxYMkYDPryXvdRSCbUYQKxezhxqn RXtETdcXhXhObqtxguRADm5Ohnrshjfd96c0JvjMY3n+WtXn6qy5d5pM6EXxtUTNN9 5A356nv6/qIe62UgoG/UOtKcShyDHHq9d24NQ4222x/rjTTyc184ba8WepDeNHMcHi sdw1/LkINVCeg==
Feedback-id: 5901396:user:proton
Reply-to: "Rev. LeRoy Cressy" <rev.cressy@protonmail.com>
Sender: "plug" <plug-bounces@lists.phillylinux.org>

My primarily use Gnome Evolution along with Protonmail for email.
Yesterday and today I have been looking at attaching certain types of
attachments like clear-signed attachments and the such.  Here is an
article I'm working on about my findings.

Please tell me what you think 😊️

--
 Rev. LeRoy D. Cressy
 mailto:rev.cressy@prontonmail.com

  /\_/\
 ( o.o )
  > ^ <

Cell Phone: 267-668-9686

GnuPG Fingerprint:
D234 65D6 2822 211B F82F  A6CA B332 4CC8 ACBF D200

Jesus saith unto him, I am the way, the truth, and the life:
no man cometh unto the Father, but by me. (John 14:6)

You can find me on the following:

Telegram:
    (My Main Channel)
	https://t.me/RevLeRoy
    (Send Me A Message)
	https://t.me/LeRoy_Cressy
    (My Videos)
	https://t.me/rev_cressy_videos

Video Channels:
    ugetube.com:
	https://ugetube.com/@the-rev
    bitchute.com:
	https://www.bitchute.com/channel/the-rev/
    brighteon.com:
	https://www.brighteon.com/channels/therev
    rumble.com:
	https://rumble.com/user/lrcressy
    odysee.com:
	https://odysee.com/@the-rev

	  Signing and Encrypting Email with Gnome Evolution

I have found that when using Gnome Evolution on Gmail to sign inline a
message the

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512


-----BEGIN PGP SIGNATURE-----

iHUEARYKAB0WIQS0AKJCtCv8k5X07DIuVTWo1KllbwUCYn0unAAKCRAuVTWo1Kll
b0A9APwLVVeEU0SjuP3ReNv5VRQW2daYLlTO2K+LnNTXhEYdsQEAqqH0F0bUu4eo
8DaXusKKi2q92CYj6z6liidKgb6DbQM=3D
=3Do4Xu
-----END PGP SIGNATURE-----

block is missing when viewed on the protonmail account, though it is
displayed in the sent mail folder under gmail.

Recipient Email Source:

X-Pm-Spamscore: 0
X-Rspamd-Server: cp3-mailin-027.plabs.ch
X-Received: by 2002:a05:622a:11ce:b0:2f3:f091:10f8 with SMTP id
 n14-20020a05622a11ce00b002f3f09110f8mr413152qtk.35.1652371113191; Thu, 12
 May 2022 08:58:33 -0700 (PDT)
X-Evolution-Source: 389edd1cb82509eed7541ac8af07eee94c306664

Test 3 from gmail

###########################################################

Sent Email Source:

From: LeRoy Cressy <rev.cressy@gmail.com>
Reply-To: rev.cressy@protonmail.com
To: "rev.cressy@protonmail.com" <rev.cressy@protonmail.com>
Date: Thu, 12 May 2022 11:58:20 -0400
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="UTF-8"
User-Agent: Evolution 3.44.1 
MIME-Version: 1.0
X-Evolution-Source: dfa109467a9464470494abdb3f48067d57f5bce7

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Test 3 from gmail

###########################################################

As you can see one of the mailers is removing the Open PGP block from
the message.  I believe that Gmail is the culprit in this case.
When sending from Protonmail to Gmail there is no removal of the Open
PGP Block.

###########################################################

To: LeRoy Cressy <rev.cressy@gmail.com>
From: "Rev. LeRoy Cressy" <rev.cressy@protonmail.com>
Reply-To: "Rev. LeRoy Cressy" <rev.cressy@protonmail.com>
Subject: Test 5
Message-ID: <28f3ee789c14169b2aaac5865fe13f50e22ce134.camel@protonmail.com>
Feedback-ID: 5901396:user:proton
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Evolution-Source: dfa109467a9464470494abdb3f48067d57f5bce7

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Signed message from protonmail.com to Gmail

###########################################################

When using Evolution to encrypt email and sign email from a Gmail
account there is no problem.

Now I like using Gnome Evolution for it automatically has a bridge
built in to connect with Gmail Imap server and uses the Protonmail
bridge to connect with Protonmail accounts.  Gnome Evolution
automatically is configured to use your ~/.gnupg/ directory and gpg
for Open PGP email.  On the other hand Mozilla Thunderbird stores your
key locally along with the pass phrases which makes for a serious
security breach.  For instance, if you are using Thunderbird on a
laptop and the laptop gets stolen the thief will have access to your
keys and pass phrases along with any encrypted files.  This is very
bad!

I did a search on line and found that Google has a habit of removing
certain lines.  For instance if you reference css in a html message,
the css line will be removed, this breaking the message.

Gmail does not remove an encrypted message block thus it works fine.

Problems with Google Gmail

When using a detached signature to sign a Gmail message you should
include a small attachment which somehow makes the message signature
verify.  I do not know how adding an attachment makes the signature
verifiable in both thunderbird and evolution.

Problems with Evolution:

When Evolution receives a message with a clear-signed Open PGP
attachemnt it partially verifies the signature of the attachment, but
when you save the clear-sign attachment the signature and along with
the lines like:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
are hidden by Gnome Evolution.  It is my opinion the hiding of the
Open PGP specific lines of an attachment should not be removed from
the attachment when it is saved or opened in a editor.  Mozilla
Thunderbird on the other hand does not alter the Open PGP clear-signed
attachements.  

From my observations evolution does not really alter the clear-signed
attachment but alters the way it is opened in a text editor like emacs
or saved.  With the protonmail web page, the attachment is not changed
at all.  I consider this a bug in Gnome Evolution.  

Conclusion:

Gnome Evolution directly connects with GnuPG to both encrypt and sign
messages which is excellent.  Evolution's altering of Open PGP
clear-signed attachments is a serious problem for me.  For instance, I
might have received a clear signed attachment from someone and I might
want to attach that original clear signed attachment with the original
signature to someone else.  Thus I consider the hiding of the Open PGP
lines a critical error.  When a clear-signed attachment is attached
when using Protonmail the recipient of the message gets a partially
signed message.  This could be a problem with Protonmail, whereas
sending a message from Gmail does not display this problem.

The problem with Gmail and inline signatures is not the fault of
Evolution.  The problem of detached signature messages sent from Gmail
without an attachment is a Google problem where they change the format
of the message somehow.  Thus, if you are using Gmail as your primary
email account and you want your messages signed it is a good idea to
include some stupid attachment in every message.

A method to alleviate the problem with clear-signed attachments is to
use gpg -b to create a detached signature and attach both the original
file and the binary .sig file.  This did not work as expected.
Received the following error message all in red type:

Error verifying signature: Output from gpg2:
gpg: armor header: Hash: SHA512
gpg: original file name=''
gpg: CRC error; A385EE - DC3A38
gpg: no signature found
gpg: quoted printable character in armor - probably a buggy MTA has been used
gpg: the signature could not be verified.
Please remember that the signature file (.sig or .asc)
should be the first file given on the command line.

I think that the problem is there are 2 sig files as attachments.  Now
I'm going to make the attachment sig as a ascii .asc signature file
and see how it works.

This gave a similar gpg error message as follows:

Error verifying signature: Output from gpg2:
gpg: armor header: Hash: SHA512
gpg: original file name=''
gpg: CRC error; A385EE - DC3A38
gpg: no signature found
gpg: quoted printable character in armor - probably a buggy MTA has been used
gpg: the signature could not be verified.
Please remember that the signature file (.sig or .asc)
should be the first file given on the command line.

Sending a message from a Gmail account with a text file and a detached
acsii signature proved no problem.  Thus I consider that this
particular problem resides with Protonmail.  Since Proton mail uses
Open PGP for encrypting their messages this could be the cause of the
problem.

I realize only paranoid old men are really concerned about email
security, GnuPG and verifying email signatures, but this has been a
concern to me for many years.

Attachment: attachment.sig
Description: PGP signature

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Prev by Date: Re: [PLUG] BPFdoor malware, Ubuntu kernel, Zyxel patch
Next by Date: Re: [PLUG] Correct Horse Battery Staple
Previous by thread: Re: [PLUG] BPFdoor malware, Ubuntu kernel, Zyxel patch
Next by thread: [PLUG] Makerspaces in the western suburbs?
Index(es):
- Date
- Thread