0

This is a 2-part question.

When GnuPG is used externally in Thunderbird 91.7.x, i tested email encryption from Account A to Account A, the message was received perfectly encrypted and in the "Message Security - OpenPGP" view pane of the message, it shows the keys that the message was encrypted with. In my case now it shows 2 of the same keys. One for the sender and one for receiver(in my case both are one key and the same since i emailed myself)

When i decrypted just the cypher block manually via terminal, it shows 2 of the same pubkeys at the top of the decrypted message like this:

gpg: encrypted with 4096-bit RSA key, ID 1234567891234569, created 2022-02-10
      "TestKey"
gpg: encrypted with 4096-bit RSA key, ID 1234567891234569, created 2022-02-10
      "TestKey"

Question 1. How did Thunderbird encrypt one Email with the same key in one go?

When i try to send an encrypted mail (with the same key) via a bash script duplicating all the headers in the same way Thunderbird is sending the mail, when the mail is received in thunderbird those keys are just not showing at all in the "Message Security - OpenPGP" view pane but everything is decrypted perfectly.

In addition, the message was encrypted to the owners of the following keys: ....

This above, doesnt show at all like it did when i sent the encrypted mail via Thunderbird.

When i manually decrypt the message i emailed via a bash script, it only shows ONE of these:

gpg: encrypted with 4096-bit RSA key, ID 1234567891234569, created 2022-02-10
      "TestKey"

but when i manually decrypt the email message from TB, as i said at the top it shows 2 of them.

The cmd used to encrypt via the bash script is:

gpg --armor --trust-model=always --recipient TestKey --encrypt <<< "$(cat /home/test/test2.txt)"

Question 2. Why does this happen? And how can i make it show the Keys in the "Message Security - OpenPGP" view pane when sending from a script? Do i need to encrypt the message with some extra parameters?

When i manually use the gpg command above, the message block cipher is smaller than the one Thunderbird encrypts as well and im not sure why because the data and email that was encrypted is exactly the same (if that helps at all).

user923841
  • 1
  • 2
  • I don't see how it's possible to answer this question without seeing what your decoding script is actually doing. It may be as simple as duplicated output. With the Bash code provided, this is likely to be more on-topic on Stack Overflow than here. – Todd A. Jacobs Apr 03 '22 at 21:48
  • PGP encrypted message are always encrypted twice: 1. for the recipient and 2. for sender (because otherwise it would be difficult to prove what you have sent). As sender and recipient are the same in your test mail the encryption key is two time the same. Because of hybrid encryption one message can be easily encrypted multiple time because only the symmetric message encryption key i encrypted by each public key. – Robert Apr 04 '22 at 08:22
  • @Robert yes i understand but what is the command that Thunderbird uses to encrypt it twice with one key?? I tried using: gpg --armor --trust-model=always -r Test1 -r Test1 --encrypt <<< "$(cat /home/test/test2.txt)" but it says gpg: skipped: public key already present So how does Thunderbird do it? – user923841 Apr 04 '22 at 14:07
  • Very simple: because Thunderbird does not use [open]pgp. It uses "RNP library" instead. – Robert Apr 04 '22 at 15:05

0 Answers0