03-20-17 12:47 PM
156 ... 23456 ...
tools
  1. polytan02's Avatar
    I'm interested in this discussion

    Posted via CB10
    08-29-15 04:53 PM
  2. Enclavet's Avatar
    OK I found out that even the email that is encrypted via my mail server and reads fine in enigmail works if I use the PGP Message from the Blackberry email.

    So I decrypted the blackberry pgp message and got this:

    Content-Type: text/plain; charset="utf-8"
    MIME-Version: 1.0
    Content-Transfer-Encoding: base64

    VGVzdOKAjgoK

    I then decrypted the pgp message I got from my mail server and found this:

    Content-Type: multipart/mixed; boundary="######################################## ####"

    --############################################
    Content-Type: text/plain; charset=UTF-8
    Content-Transfer-Encoding: 7bit

    Test

    --############################################--

    I wonder if its because plain text have to be base64???

    Heres a blackberry message with HTML:

    Content-Type: multipart/alternative; boundary="===============##########=="
    MIME-Version: 1.0

    --===============##########==
    Content-Type: text/plain; charset="utf-8"
    MIME-Version: 1.0
    Content-Transfer-Encoding: base64

    VGVzdAoK

    --===============1518436186==
    Content-Type: text/html; charset="utf-8"
    MIME-Version: 1.0
    Content-Transfer-Encoding: quoted-printable

    <html><head><meta http-equiv=3D"Content-Type" content=3D"text/html; charset=
    =3Dutf-8"><style> body { font-family: "Calibri","Slate Pro",sans-serif,"sa=
    ns-serif"; color:#262626 }</style> </head> <body lang=3D"en-US"><div>Test</=
    div><div><br></div><div></div></body></html>
    --===============##########==--
    08-29-15 05:36 PM
  3. polytan02's Avatar
    On this thread : http://forums.crackberry.com/blackbe.../#post11852468 I describe that I managed to have pgp working on an email server hosted by Debian+dovecot+postfix+z-push.

    As for other people, it only works for emails exchanged with other BlackBerry 10.3.2 devices.

    Posted via CB10
    08-29-15 07:40 PM
  4. Enclavet's Avatar
    So with your setup are you able to decrypt emails sent to your server from enigmail etc??

    I actually just want to encrypt all my incoming emails with a public key so that it is stored encrypted. Then have my blackberry decrypt when it receives it. I am not super interested in end to end encryption.
    08-29-15 11:13 PM
  5. Jerry A's Avatar
    So with your setup are you able to decrypt emails sent to your server from enigmail etc??

    I actually just want to encrypt all my incoming emails with a public key so that it is stored encrypted. Then have my blackberry decrypt when it receives it. I am not super interested in end to end encryption.
    I think you're looking for a different solution than the one being discussed. PGP and S/MIME are for sending signed and encrypted messages to another person (or persons) where all parties involved have the other party's (or parties') public key or certificate.

    You can use PGP to encrypt the files on your drive. But then they're not readily readable. You could have your mail server write the messages out (ie store) to an encrypted disk. But that only works if you control all the hardware.

    Regardless, the latter scenarios fall outside the use case of this discussion.
    08-29-15 11:50 PM
  6. Enclavet's Avatar
    Ummm, my current mail server encrypts all incoming mails with PGP given a public key. I just want to be able to read them on my Blackberry. There are several linux implementations that are similar to what I described. Why would I want this? Say someone is snooping at my mail servers filesystem/admin, if the disk is encrypted it doesnt do me any good. Thats because the disk must be unlocked in order to be usable which is generally all the time when the mail server is running. But there are many ways you can PGP encrypt all incoming mail (just do a search on google will give you several results). The mail is encrypted, no one can snoop through my email at the filesystem, and I can read my emails on the end device where my private key is stored. If I figure out how blackberry wants the pgp/mime to be formatted/encrypted I will prob roll my own server on some VPS somewhere and ditch my mailserver(if they are unwilling to make the changes I want).

    Also why would I want to use PGP? Because thats what is implemented in the Hub. I could use tutanota with the android app which uses symmetrical encryption but no Hub integration.

    How is this all related to the discussion? Because we are having trouble decrypting mails from third party clients which do the encryption to PGP at the client level. I am just doing it at the server level. Same pgp encryption just different place where it is done. If I can get my server side PGP to work I'm sure we will know what needs to be changed on the clients to be readable by blackberry.
    08-29-15 11:56 PM
  7. polytan02's Avatar
    So with your setup are you able to decrypt emails sent to your server from enigmail etc??

    I actually just want to encrypt all my incoming emails with a public key so that it is stored encrypted. Then have my blackberry decrypt when it receives it. I am not super interested in end to end encryption.
    No, as mentioned in the other discussion, I can only decrypt emails sent from other BB10 devices.

    Posted via CB10
    08-30-15 05:36 AM
  8. tickerguy's Avatar
    I actually just want to encrypt all my incoming emails with a public key so that it is stored encrypted. Then have my blackberry decrypt when it receives it. I am not super interested in end to end encryption.

    What you wish to do in the way you wish to do it right now doesn't work.

    However, you can encrypt the DEVICE, which encrypts all data "at rest" on the phone itself. This is superior for your desired outcome as it is not limited to email (since you're not particularly interested in end to end encryption for email itself.)

    08-30-15 07:30 AM
  9. Enclavet's Avatar
    My device is encrypted but what about the email on the server?

    Anyway enough about what i'm trying to do personally and more about how to get PGP working. I did some more tinkering around and have determined that the way blackberry is implmenting PGP encryption is different from the open source encryption. It is doing something different.

    I basically took the PGP message I get from the blackberry (the one that can decrypt fine), decrypted it, reencrypted it on my linux box with the same key (verified that the keys are the same) and then put the message back into the email. Sent it off and my blackberry was unable to read it.

    If I take the same PGP from blackberry and put it into an email formatted like the open source client, I am able to decrypt and read the email on the blackberry. So the issue lies in the PGP message and how its encrypted. If we encrypt it using the open source gpg libs, blackberry wont read it.

    At this point we need info from blackberry themselves to figure this out (perhaps what they are doing would be nice)
    08-30-15 08:40 AM
  10. Jerry A's Avatar
    Odd. Any chance you can test with commercial PGP on the server end?
    08-30-15 09:16 AM
  11. Enclavet's Avatar
    Thats the next step. I'll ask my exchange admin team for access to their PGP server and try the encryption there.

    I think the problem is that there are the differences between the commercial PGP and the GNUgpg implementations.

    A quick google search shows that its not 100% compatible and that generally GNUgpg can decrypt all PGP messages but not the other way round.

    Either blackberry needs to implement the open source GNUgpg implmentation (no way this is happening) or you need to run commercial pgp. I'll know more tomorrow.
    08-30-15 09:29 AM
  12. Enclavet's Avatar
    Well thats it. I downloaded the commercial pgp command line tool trail and installed it on my linux box. I then encrypted the message that I decrypted from the blackberry and put it into an email. Sent it to the blackberry and viola, I could decrypt and read it.

    So the reason why open source clients cant send emails to blackberry devices is because the blackberry can only decrypt messages from commercial pgp implementations. At this point you need to bug blackberry to implment GNUgpg (dont think this will ever happen).
    08-30-15 09:59 AM
  13. tickerguy's Avatar
    No, it's not a function of commercial .vs. freeware implementations. I've run this down in exhaustive detail as I have the source code to the Exchange transport I use, and thus can have it rearrange things as I choose.
    08-30-15 10:16 AM
  14. Enclavet's Avatar
    Not sure how that has anything to do with the GNUgpg vs PGP implementation. When you encrypt the message it is the payload of the email. How you transport the payload has nothing to do with whether the blackberry can encrypt/decrypt it. I am able to succesfully encrypt a message from my linux machine (not BES/exchange server) and use sendmail to send the email to my blackberry. I was able to succesfully decrypt the message on my blackberry.

    Doing the exact process with encrypting that same message using the GNUgpg does not decrypt on the blackberry.

    How about you explain your reasoning why you think i'm wrong?
    08-30-15 10:56 AM
  15. Technarch's Avatar
    This is good work Enclavet. You have shown that there is a path that is known to work.

    Which version of GnuPG did you test with? I see there is a "modern" branch, latest version 2.1.7.

    Posted via CB10
    08-30-15 11:11 AM
  16. tickerguy's Avatar
    Not sure how that has anything to do with the GNUgpg vs PGP implementation. When you encrypt the message it is the payload of the email. How you transport the payload has nothing to do with whether the blackberry can encrypt/decrypt it. I am able to succesfully encrypt a message from my linux machine (not BES/exchange server) and use sendmail to send the email to my blackberry. I was able to succesfully decrypt the message on my blackberry.

    Doing the exact process with encrypting that same message using the GNUgpg does not decrypt on the blackberry.

    How about you explain your reasoning why you think i'm wrong?
    I don't think you're wrong, I know you are.

    The problem has to do with how exchange handles email that has attachments and what bb10 expects. You think of a mime message as a stream that the client breaks up but that is not how exchange works, nor how an exchange client works.

    I wrote a fairly exhaustive exposition on this here a while back when I ran both the pgp and smime interoperability problems down and figured out exactly what was going on in both cases.

    Posted via CB10
    08-30-15 11:20 AM
  17. Enclavet's Avatar
    *shrug*

    Anyone here is free to replicate my findings.

    Use sendmail -t and paste in the raw headers of a PGP email.

    I have shown a message sent to my mail server (Activesync-implementation). My mail server encrypts the incoming mail with my public key. The message is stored on the server and then retrieved via Activesync to my blackberry. I am unable to decrypt the message on my blackberry. The below is the mail headers that I see from any mail client:

    Content-Type: multipart/encrypted;
    protocol="application/pgp-encrypted";
    boundary="#"

    This is a MIME-encapsulated message.

    --#
    Content-Type: application/pgp-encrypted
    Content-Description: PGP/MIME version identification

    Version: 1

    --#
    Content-Type: application/octet-stream; name="encrypted.asc"
    Content-Description: OpenPGP encrypted message
    Content-Disposition: inline; filename="encrypted.asc"

    -----BEGIN PGP MESSAGE-----
    #####
    -----END PGP MESSAGE-----

    --#

    The PGP encrypted message I get from a blackberry email that is encrypted by the blackberry hub client. I pop it into the PGP message denoted by: #####.

    Send the message to my blackberry and low and behold it works????? Basically the only thing I changed was the PGP message.

    I then basically take the same message and encrypt it via PGP with the following:

    gpg (GnuPG) 1.4.16 - Doesnt Work!
    gpg (GnuPG) 2.0.22 - Doesnt Work!
    pgp (commercial command line) - Works!
    PGPgp (blackberry app using openpgp.js) - Works!
    Javascript PGP Encryption Service (javascript implementation) - Works!

    Care to tell me if it has nothing to do with the encryption why the only reason the blackberry is able to decrypt a message is based on how I encrypt the message?

    BTW my mail server is not exchange. And I am able to decrypt messages if I encrypt the message using the above methods.
    08-30-15 05:29 PM
  18. Jake2826's Avatar
    08-31-15 02:28 AM
  19. tickerguy's Avatar
    *shrug*

    Anyone here is free to replicate my findings.

    Use sendmail -t and paste in the raw headers of a PGP email.

    I have shown a message sent to my mail server (Activesync-implementation). My mail server encrypts the incoming mail with my public key. The message is stored on the server and then retrieved via Activesync to my blackberry. I am unable to decrypt the message on my blackberry. The below is the mail headers that I see from any mail client:

    Content-Type: multipart/encrypted;
    protocol="application/pgp-encrypted";
    boundary="#"

    This is a MIME-encapsulated message.

    --#
    Content-Type: application/pgp-encrypted
    Content-Description: PGP/MIME version identification

    Version: 1

    --#
    Content-Type: application/octet-stream; name="encrypted.asc"
    Content-Description: OpenPGP encrypted message
    Content-Disposition: inline; filename="encrypted.asc"

    -----BEGIN PGP MESSAGE-----
    #####
    -----END PGP MESSAGE-----

    --#

    The PGP encrypted message I get from a blackberry email that is encrypted by the blackberry hub client. I pop it into the PGP message denoted by: #####.

    Send the message to my blackberry and low and behold it works????? Basically the only thing I changed was the PGP message.

    I then basically take the same message and encrypt it via PGP with the following:

    gpg (GnuPG) 1.4.16 - Doesnt Work!
    gpg (GnuPG) 2.0.22 - Doesnt Work!
    pgp (commercial command line) - Works!
    PGPgp (blackberry app using openpgp.js) - Works!
    Javascript PGP Encryption Service (javascript implementation) - Works!

    Care to tell me if it has nothing to do with the encryption why the only reason the blackberry is able to decrypt a message is based on how I encrypt the message?

    BTW my mail server is not exchange. And I am able to decrypt messages if I encrypt the message using the above methods.
    Yes, I know.

    Look at what those other products produce for a MIME format. Your answer lies there (I've been attempting to explain this to you, but you don't appear to care to understand.)

    To be specific, look at what Thunderbird (one of the more-popular Enigmail/PGP enabled) clients produces at the message level.
    08-31-15 07:00 PM
  20. Enclavet's Avatar
    tickerguy, I am just trying to share my findings about succesfully getting my blackberry to decrypt non-blackberry emails. I would appreciate it if you would read my message also before commenting. I am using a mime message generated from my mail server after it encrypts it (NOT EXCHANGE). Look above, the PGP portion decrypts to this:

    Content-Type: multipart/mixed; boundary="#"

    --#
    Content-Type: multipart/alternative; boundary=##

    --##
    Content-Type: text/plain; charset=UTF-8

    Test

    --##
    Content-Type: text/html; charset=UTF-8

    <div dir="ltr">Test<br></div>

    --##--

    --#--

    I take the above message and encrypt it with the different PGP/GPG software and plug it into the mail headers above. I am able to decrypt some of them but none from GNUpg (where most popular third party clients use for encryption ie Thunderbird and Mac Mail).
    08-31-15 08:05 PM
  21. tickerguy's Avatar
    Sigh... I give up.
    08-31-15 08:59 PM
  22. Enclavet's Avatar
    Tickerguy thanks for your input. You have been very helpful.

    Anyway I have one last contribution to this post.

    I have sent PLAIN text encrypted PGP message using GNUpg first. THIS IS PLAIN PLAIN PLAIN!!!!!!. I just took whatever GNUpg spit out basically of the message "Test". I pasted it into an email from gmail and sent it to my mailbox (no incoming email encryption, turned it off). My blackberry tried to decrypt it and it didnt work (as I expected).

    Now I took a Openpgp.js encrypted plaintext message "Test". Pasted it into an email from gmail and sent it to my mailbox (no incoming email encryption, turned it off). I got the message and decrypted it fine in blackberry hub.

    Cheers all and tickerguy thanks for being such a standout contributor to this thread.
    08-31-15 09:52 PM
  23. Technarch's Avatar
    I wish GnuPG 2.1.7 could have been tested too in this discussion.

    GnuPG*2.1 series is announced to support elliptic curve cryptography (ECDSA, ECDH and EdDSA).

    Elliptic is in the 2012 RFC and GnuPG 2.0 and lower do not support this.

    Posted via CB10
    09-01-15 07:38 AM
  24. polytan02's Avatar
    Well, I think the biggest concern is that only PGP is supported and not GPG.

    Posted via CB10
    09-01-15 02:45 PM
  25. Enclavet's Avatar
    Well I promised I wont post here but i'm back and I have just used openpgp.js via node.js to make a script that works so far with html messages. It takes an proper RFC mail and puts it into a pgpmime format encrypted using the javascript implementation of openpgp. I sent the mail to my blackberry and it decoded an html email. Basically you have your public.key defined in the script and you pipe the RFC mail into it and it gives you the RFC mail out with the message in pgpmime format.

    Once i'm done with it i'll throw it up on github for everyone to use. The script will basically mimic this one:

    https://github.com/mikecardwell/gpgit

    I plan to throw it into my mail-in-a-box system with dovecot encrypting all incoming emails.

    Cheers everyone.
    09-02-15 09:48 PM
156 ... 23456 ...

Similar Threads

  1. New Classic on Amazon for only $379.99
    By Steveo989 in forum BlackBerry Classic
    Replies: 10
    Last Post: 03-25-15, 12:10 PM
  2. Delete auto suggestions on keyboard
    By pankajupadhyay05 in forum BlackBerry 10 OS
    Replies: 4
    Last Post: 03-24-15, 09:56 PM
  3. Can I get help with my Q10 OS 10.3.1.2576?
    By Sameeh657 in forum BlackBerry 10 OS
    Replies: 3
    Last Post: 03-24-15, 04:35 PM
  4. How do I edit the Calendar on Z10?
    By Kicker-69 in forum Ask a Question
    Replies: 1
    Last Post: 03-24-15, 03:30 PM
  5. Font size on lock screen
    By redlightblinking in forum BlackBerry Classic
    Replies: 2
    Last Post: 03-24-15, 02:30 PM
LINK TO POST COPIED TO CLIPBOARD