[RCD] PHP openssl_pkcs7_decrypt BUG

Vladimir Gorpenko vgo at stels.ru
Thu Oct 6 19:00:11 CEST 2016


Hi!

It is very strange. Of course, I read letters from the Sent folder not 
really often. Besides I encrypt not all the letters. But neither I, nor 
my users never noted that the letter from the Sent folder didn't open.

I just know the user at whom all outgoing mail is encrypted. I will try 
to look at his Sent folder.

I use openssl.

But from where function to know that the letter given to it - from the 
Sent folder?

---
Best regards,
    Vladimir Gorpenko

Kyle Francis писал 2016-10-06 19:43:
> So it appears as though there is a bug in decrypting emails when using
> .  It appears as though the error only surfaces (sometimes) when
> decrypting with the sender's credentials.  This leads to some, not
> all, messages not being able to be decrypted from the "Sent" folder in
> Roundcube.  The emails that cannot be decrypted from the "Sent" folder
> are successfully decrypted when viewing in Thunderbird (either from
> the recipients account or the sender's account).  This tells me the
> bug is with the php function openssl_pkcs7_decrypt.  The same email is
> also not able to be decrypted utilizing openssl from the command line.
> 
> All emails successfully decrypt with gpgsm.
> 
> I could do one of two things:
> 
> 1.  Decrypt utilizing gpgsm, keep openssl_pkcs7_* functions for
> everything else and
>     attempt to fix/submit patch for openssl[_pkcs7_decrypt] function
> at a later date.
>     Pro - least amount of re-work
>           could make it into an upcoming beta
>     Con - "messy"/fragmented solution
> 
> 2.  Re-write all openssl_pkcs7_* PHP functions to utilize gpgsm
>     Pro - unified, "clean" solution
>           gpgsm integrates with gpg for public/private key storage
>           decrypted emails would never be written to file
>     Con - extensive rework
>           Probably won't make the next beta
>           Importing pkcs12 files into keyrings is currently "messy"
>             and would still require use of openssl_pkcs7 function for
>             certificate manipulation
> 
> I'd really like to see this feature be wrapped up, but I also want to
> do it right. Thoughts?
> 
> -Kyle
> _______________________________________________
> Roundcube Development discussion mailing list
> dev �� lists.roundcube.net
> http://lists.roundcube.net/mailman/listinfo/dev


More information about the dev mailing list