Bug 4007 - PGP/MIME email subject and header encryption / "memory hole"
Summary: PGP/MIME email subject and header encryption / "memory hole"
Status: NEW
Alias: None
Product: Claws Mail
Classification: Unclassified
Component: Plugins/Privacy/PGP (show other bugs)
Version: 4.2.0
Hardware: PC Linux
: P3 enhancement
Assignee: users
URL:
: 4426 (view as bug list)
Depends on:
Blocks:
 
Reported: 2018-04-09 08:27 UTC by Hanno Boeck
Modified: 2023-09-14 08:20 UTC (History)
3 users (show)

See Also:


Attachments
Experimental read of encrypted subject (3.26 KB, application/x-compressed-tar)
2023-08-26 16:48 UTC, Filippo
Details
Patch from BUG 3904 rebased on master and fixed (10.57 KB, patch)
2023-09-06 16:21 UTC, Filippo
Details | Diff

Description Hanno Boeck 2018-04-09 08:27:35 UTC
The latest version of enigmail supports OpenPGP-encrypted Subjects. The mail subject is replaced with a placeholder and the real subject is in the mail.

It would be nice if claws could start supporting this as well (at least for reading/displaying for a start).

The spec used to live here:
https://modernpgp.org/memoryhole/

Unfortunately it's offline right now, but you can access it here:
https://web.archive.org/web/20170301022028/https://modernpgp.org/memoryhole/
Comment 1 nin 2018-09-28 09:48:56 UTC
Yes, please add support for "memory hole". I think the specs can be found now under: https://github.com/autocrypt/memoryhole
Comment 2 kardan 2018-09-28 10:27:16 UTC
It has an incomplete version. Please reach out to #autocrypt.
https://github.com/autocrypt/memoryhole/issues/9
Comment 3 linux.felixbecker2 2021-07-30 14:26:11 UTC
I second this feature request strongly.

More and more people communicate with encrypted emails, and I see a lot of subjects just as `...`. Which makes it more and more hard to look through my emails.
Comment 4 Filippo 2023-08-26 16:48:13 UTC
Created attachment 2350 [details]
Experimental read of encrypted subject

Hello,
I've written a small patch to read original email subject when sender is
encrypting it with protected-headers-v1 standard

The patch is still experimental but I'd like to get some feedback.
I'm working also on sending email with encrypted headers but that's more difficult given current code structure.

First patch is a fix for a memory leak but needs confirmation.
Comment 5 Paul 2023-08-26 17:20:50 UTC
Is protected-headers-v1 a standard now? Where is the RFC?
Comment 7 linux.felixbecker2 2023-08-29 12:36:02 UTC
(In reply to Filippo from comment #4)
> Created attachment 2350 [details]
>
> [...]
>  
> The patch is still experimental but I'd like to get some feedback.

I have tested and it decrypts protected `subject:` line from a Thunderbird sender.

What I see what it does:

* It replaces the subject in the message list.
* Shows the decrypted headers in the message below the unencrypted original headers.

What I see what it does not:

* When I reply, the subject is still "Re: ...". This might bee intentional to not copy the encrypted Subject into the unencrypted one.
* When writing a message, creating an encrypted subject.

Regards!
Comment 8 linux.felixbecker2 2023-08-29 12:37:20 UTC
I forgot:

(In reply to linux.felixbecker2 from comment #7)
> (In reply to Filippo from comment #4)
> > Created attachment 2350 [details]
> >
> > [...]
> >  
> > The patch is still experimental but I'd like to get some feedback.
> 
> [...]
> 
> What I see what it does not:
> 
> * When I reply, the subject is still "Re: ...". This might bee intentional
> to not copy the encrypted Subject into the unencrypted one.

  - also when I reply and not modify the subject, the encrpyted subject of the message I reply to is lost and just "Re: ..." is the only (non-encrypted) subject generated.
Comment 9 linux.felixbecker2 2023-08-29 12:38:50 UTC
Just a note for the ones following here:

In issue #4426 (https://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=4426) is also a discussion about encrypted headers.
Comment 10 Paul 2023-08-29 15:28:28 UTC
(In reply to linux.felixbecker2 from comment #8)
That is surely what you want, or else you would reveal the Subject which your recipient wanted hidden.
Comment 11 linux.felixbecker2 2023-08-29 15:37:12 UTC
(In reply to Paul from comment #10)
> (In reply to linux.felixbecker2 from comment #8)
> That is surely what you want, or else you would reveal the Subject which
> your recipient wanted hidden.

Not quite what I want.
What I want is that the unencrypted subject stays "..." or "Re: ...", but that the real subject actually is added as encrypted subject and not skipped out completely.
Comment 12 Paul 2023-08-29 15:42:53 UTC
(In reply to linux.felixbecker2 from comment #11)

It was clearly stated in comment #4 that the current patch does not do that.
Comment 13 Filippo 2023-09-06 16:21:27 UTC
Created attachment 2352 [details]
Patch from BUG 3904 rebased on master and fixed

Hello again!
I've rebased patch from BUG 3904 (3 years old) on current master.
Then I've fixed some segmentation faults and memory leaks and it's working.

What this patch does:
- Show encrypted headers in TextView
- Verify match between encrypted and plain headers (is this useful? I mean is it a proof of message not being tampered or should we only support PGP signature?)

What this patch does not:
- Show encrypted subject in HeaderView
- Show encrypted subject in SummaryView
- Cache encrypted subject for future email search/quick view in summary
- Allow sending mails with encrypted headers

Now that both my patch, this one and the one from BUG 4426 are working I will compare the implementations and try to merge the new features
Comment 14 Paul 2023-09-14 08:19:36 UTC
*** Bug 4426 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.