I have K9-Mail on my smartphone together with OpenKeyChain. I received some emails which are only encrypted, but not signed. They display normally on other clients such as Thunderbird or Evolution on the desktop, but K9-Mail doesn’t display them (doesn’t even ask for the key’s passphrase). Encrypted emails which are signed work as expected on K9-Mail. Is there anything I can do about it?
I did some digging and found that the non working emails all had a Content-Description-Header in the application/octet-stream; name="encrypted.asc"-Part while the working ones didn’t.
I’m using K9-Mail version 5.806 (also tried with 5.909 but found no difference) and OpenKeychain version 5.7.5 from F-Droid.
The message from Posteo is missing the protocol="application/pgp-encrypted" parameter.
The message from Evolution looks fine. In my tests encrypted messages sent by Evolution also decrypted fine.
You only wrote that the email “doesn’t work”. How does that look like exactly? Can you post a screenshot?
I originally suspected that the email isn’t loaded completely due to a size restriction configured in the settings (I had issues with incompletely downloaded attachments some months ago), but with a maximum email autodownload size of 1MiB and these messages containing a couple of characters I don’t think that that’s the issue.
It looks like the messages are correctly recognized as being encrypted. It’s just that OpenKeychain can’t decrypt them. I don’t know how to further debug the situation with OpenKeychain. Try checking the Android system log (see Logcat command-line tool | Android Developers)
I did that. If you give me an email address I can forward that information completely including a full log and the complete emails (I won’t post these here due to privacy concerns).
However in the log I noticed the following messages that are probably related and were logged when trying to open the message that resulted in the screen you see in my post above (openkeychain didn’t log anything):
E com.fsck.k9: Not starting debugger since process cannot load the jdwp agent.
W com.fsck.k9: type=1400 audit(0.0:3104): avc: denied { read } for name="u:object_r:odsign_prop:s0" dev="tmpfs" ino=226 scontext=u:r:untrusted_app_29:s0:c118,c256,c512,c768 tcontext=u:object_r:odsign_prop:s0 tclass=file permissive=0 app=com.fsck.k9
W libc : Access denied finding property "odsign.verification.success"
W com.fsck.k9: ART APEX data files are untrusted.
W com.fsck.k9: type=1400 audit(0.0:3105): avc: denied { lock } for path="/apex/com.android.art/javalib/arm64/boot.art" dev="dm-15" ino=62 scontext=u:r:untrusted_app_29:s0:c118,c256,c512,c768 tcontext=u:object_r:system_file:s0 tclass=file permissive=0 app=com.fsck.k9
W com.fsck.k9: type=1400 audit(0.0:3106): avc: denied { lock } for path="/apex/com.android.art/javalib/arm64/boot-core-libart.art" dev="dm-15" ino=56 scontext=u:r:untrusted_app_29:s0:c118,c256,c512,c768 tcontext=u:object_r:system_file:s0 tclass=file permissive=0 app=com.fsck.k9
W com.fsck.k9: type=1400 audit(0.0:3107): avc: denied { lock } for path="/apex/com.android.art/javalib/arm64/boot-okhttp.art" dev="dm-15" ino=59 scontext=u:r:untrusted_app_29:s0:c118,c256,c512,c768 tcontext=u:object_r:system_file:s0 tclass=file permissive=0 app=com.fsck.k9
W com.fsck.k9: type=1400 audit(0.0:3108): avc: denied { lock } for path="/apex/com.android.art/javalib/arm64/boot-bouncycastle.art" dev="dm-15" ino=53 scontext=u:r:untrusted_app_29:s0:c118,c256,c512,c768 tcontext=u:object_r:system_file:s0 tclass=file permissive=0 app=com.fsck.k9
E com.fsck.k9: unable to execute idmap2: Permission denied
I wonder what the SELinux denials come from. I’m using the newest GrapheneOS build.