[RCD] PHP openssl_pkcs7_decrypt BUG

Kyle Francis franck6 at rpi.edu
Thu Oct 6 18:43:15 CEST 2016


So it appears as though there is a bug in decrypting emails when using 
.  It appears as though the error only surfaces (sometimes) when 
decrypting with the sender's credentials.  This leads to some, not all, 
messages not being able to be decrypted from the "Sent" folder in 
Roundcube.  The emails that cannot be decrypted from the "Sent" folder 
are successfully decrypted when viewing in Thunderbird (either from the 
recipients account or the sender's account).  This tells me the bug is 
with the php function openssl_pkcs7_decrypt.  The same email is also not 
able to be decrypted utilizing openssl from the command line.

All emails successfully decrypt with gpgsm.

I could do one of two things:

1.  Decrypt utilizing gpgsm, keep openssl_pkcs7_* functions for 
everything else and
     attempt to fix/submit patch for openssl[_pkcs7_decrypt] function at 
a later date.
     Pro - least amount of re-work
           could make it into an upcoming beta
     Con - "messy"/fragmented solution

2.  Re-write all openssl_pkcs7_* PHP functions to utilize gpgsm
     Pro - unified, "clean" solution
           gpgsm integrates with gpg for public/private key storage
           decrypted emails would never be written to file
     Con - extensive rework
           Probably won't make the next beta
           Importing pkcs12 files into keyrings is currently "messy"
             and would still require use of openssl_pkcs7 function for
             certificate manipulation

I'd really like to see this feature be wrapped up, but I also want to do 
it right. Thoughts?

-Kyle


More information about the dev mailing list