Encryption broken in one direction

Delta Chat version

various (at the moment 1.28.2, Linux Desktop and Android)

Expected behavior

Correct decoding in both directions after deleting and reestablishing a chat connection.

Actual behavior

After deleting a chat and reestablish it, the first messages are decrypted correctly. After a few messages, decryption in one direction no longer works and this message appears:

... – [This message cannot be decrypted.
• It might already help to simply reply to this message and ask the sender to send the message again.
• In case you re-installed Delta Chat or another e-mail program on this or another device you may want to send an Autocrypt Setup Message from there.]

How can I reset and reestablish the connection?

have you tried the steps in that message? also is this about using multiple devices with the same email account?

The steps in which message? :thinking:

And yes, I’m using multiple devices with the same email account:

the error your posted:

... – [This message cannot be decrypted.
• It might already help to simply reply to this message and ask the sender to send the message again.
• In case you re-installed Delta Chat or another e-mail program on this or another device you may > want to send an Autocrypt Setup Message from there.]

Yes I did.

But without success. :frowning:

Is it a 1:1 or group chat?
Can you reproduce the issue?
Which side is deleting the chat, which side cannot decrypt the messages afterwards?
Does the problem appear on a single device or on both devices (Desktop and Android)?

It’s 1:1.

Problem appears on all devices (multiple Desktop installations and one Android client).

Reproduction it’s not that easy. I’m now in this dirty state and have no idea how to leave this state or “reset” the whole situation. That’s why I can’t try to reproduce it.

What does the log say when a message is received? Could you decrypt the message manually by exporting the key, importing it into Thunderbird and trying to read the message there?

I’ve tried to read/decrypt the messages in TB with an interesting result.

Messages from other sources can be decrypted directly without any problems. For the messages from the problematic account I get the hint:

“This is an encrypted message part. You need to open it in a separate window by clicking on the attachment.”

After opening the attachment this one is decrypted and displayed correctly.

So it seems that the problematic messages do have a different multipart structure.

@Simon @link2xt

More important to me than clarifying how this happened is actually getting the chat between the two accounts functional again.

Do you have any tips or recommendations on how to get it working again?

what accounts/devices are involved?
when you use multidevice, can you send a message in the saved messages chat on every device and read those messages on every other device?

Involved are one account (located at a self-hosted mail server, working without problems with other participants) configured at various Linux-clients and one Android app. The other one is a GMail-based account at one Linux-client.

And yes, saved message chat is fully functional on every device.

So independent of the device on which you send the message to saved messages, you can read it on every other device?

If yes send a message to the other account (the gmail one) and a message back from that account (the gmail one), does the issue still persists after doing that?

Yes.

  1. message sent from main account (I call it “Joe” now) to the GMail account (I call it “Sue” now) :white_check_mark:
  2. message sent from Sue to Joe :slightly_frowning_face:
  3. next message fro Joe to Sue :white_check_mark:
  4. next message from Sue to Joe :slightly_frowning_face:

Could you send me an .eml file for debugging saved e.g. using Thunderbird? You can PM it as attachment or send to delta@merlinux.eu. Also a log from Delta Chat at the moment when it receives the message and tries to decrypt it may be helpful, but .eml file is probably enough.

I guess your self-hosted mail server somehow modifies message structure on reception, e.g. adds a part or wraps the message. Even adding a part will cause this error message. Delta Chat currently attempts to decrypt the message only if it follows a strict RFC 3156 structure of a single application/pgp-encrypted fallback part followed by application/octet-stream part containing actual encrypted data or so-called mixed up encryption generated by buggy software. Being conservative about what to accept as encrypted message helps preventing issues similar to EFAIL.

As this may be a common case that affects other users who don’t have control of their own server, we should probably add a limited workaround on Delta Chat side.

I sent a PM to you.

The problem turned out to be Google Workspace trying to insert organization footer into outgoing mails and changing the structure of encrypted mails in the process.

Delta Chat will learn to repair such messages in the next versions:

The fix is already merged into the core and will be available in the next nightly builds and releases.

2 Likes