>>> Please see blog post on solution, background, extent of damage and error avoidance. <<<
The German magazine for computer technology ("Magazin für Computertechnik", c't magazine) has drawn our attention to the obviously faulty update 1.0.23 of the p≡p distribution for Enigmail under Windows. As a result, users of the p≡p distribution published a few days ago can only reliably encrypt and decrypt e-mails in the classic Enigmail mode. A solution for the Enigmail/p≡p mode will follow as soon as possible.
Only Enigmail/p≡p on Windows Is AffectedThe update of the p≡p distribution in version 1.0.23 for Enigmail/p≡p, available since September 26, causes such problems only under Windows systems. On Linux and macOS systems the Enigmail/p≡p mode works as expected. Also not affected are the products of p≡p security: p≡p for Android, iOS und Outlook (see also pep.software).
Known SymptomsThe following symptoms of the faulty update for Windows are known:
- Attached keys of other PGP and p≡p users are not imported.
- Messages to oneself or to existing contacts, where a key is actually available, are not always encrypted, especially not to oneself — despite correct color coding / Privacy Status (see Figure 1 and Figure 2).
- Existing encrypted messages are not decrypted (see Figure 3).
WorkaroundUntil a new update for Enigmail/p≡p is available under Windows, the classic Enigmail mode can be used to encrypt and decrypt messages. For that, you have to change Thunderbird's Privacy settings to the mode "S/MIME and Enigmail" (see Figure 4).
Solution in ProgressWe are working hard on a new release of the p≡p distribution, which will make Enigmail/p≡p usable again under Windows. We apologize for the problems and we will make sure that this does not happen again in the future. We would like to thank the c't magazine for the timely reports — and the patience!
Update 1: Oct 3, 9pm CESTSince around 5 pm CEST on October 3, new users are being supplied with version 1.0.8 of the p≡p distribution, where these errors no longer occur: see also the update of heise security article (DE).
Update 2: Oct 5The problem has now been basically isolated. The p≡p distribution 1.0.23 delivered on Windows was shipped with a DLL file for libetpan, which in turn depends on the libiconv library: however, it was not linked in. This leads to undefined libetpan behavior, which eventually leads to OUT_OF_MEMORY errors in the p≡p-JSON adapter; those errors are clearly visible in Enigmail logs, in attempts to encrypt and decrypt messages. Under these circumstances, due to a lack of error handling, Enigmail version 2.0.8 always blindly sends out the emails — even unencrypted if keys are present.
Update 3: Oct 6Since noon on October 3rd we are testing version 1.0.25 of the p≡p distribution which contains libiconv in libetpan. However, we have noticed that on Windows 10 — on 32-bit systems — public keys are not imported if they come from PGP users who have them attached to their emails. This will be investigated before an update can be made available. If you want to help with testing, you can manually install the provided XPI with a fresh Thunderbird profile without previous Enigmail addon present. The p≡p distribution 1.0.25 will automatically be downloaded from our servers (instead of Enigmail infrastructure).
Caution: No automatic updates exist with this XPI. Please use it purely for testing purposes.
Update 4: Oct 12, 10pm CESTVersion 1.0.24 of the p≡p distribution, which fixes the problem for Windows users, has been released around 10 pm CEST. From the end of September to early October, a maximum of 6,000 (from around 145,000) Enigmail/p≡p users under Windows got affected by this bug.
Important: Users are requested to follow Enigmail's update request and install the offered p≡p update. Please note that p≡p under Windows 7 x32/x86 (32-bit) only works with Service Pack 2 or higher. Otherwise Enigmail will automatically switch to the classic Enigmail mode, because the p≡p service does not start under Service Pack 1 (or any older) of Windows 7.
In short: Please have your Windows up-to-date, too.
Figures for Illustration(Figure 1: Mail to oneself — displayed as Secure and Trusted.)
(Figure 2: Mail to oneself — arrives unencrypted.)
(Figure 3: Encrypted e-mail with private key available — no decryption takes place.)
(Figure 4: Workaround — switching to the classic Enigmail mode.)