Here it is. You see that the "Testar PGP-kryptering" is the decrypted plaintext.
Ill add a JIRA ticket and just copy and paste this mail into the JIRA ticket.
I think the easiest would be to just check if the mail is multipart/alternative, then if the mail was processed (decrypted or signature-verified), then it just strips out everything except for the part it decrypted or verified, and adds that part as a text/plain instead. However, its important to keep attachments as-is, so it should just apply to content that is declared as multipart/alternative.
From: Martijn Brinkers
Sent: Tuesday, March 10, 2015 1:15 PM
Subject: Re: [Djigzo users] Strip HTML if mail was decrypted, or decrypt HTML containing PGP/INLINE?
On 03/10/2015 12:39 PM, Sebastian Nielsen wrote:
> See attached EML.
Can you send me the EML directly (off list). It looks like the maillist
list server stripped of some contents.
> The problem is that when a user uses a webmail service or such, along
> with a PGP addon, the message is being packaged (by the webmail
> service) in a multipart/alternative with a HTML and PLAIN part.
> Only the plain part are decrypted, even when I have checked the box
> inside web interface that it should convert HTML to plain.
The option "Convert HTML to plain" is only for outgoing PGP email. If
you sent an email with HTML, the HTML will then be converted into text
only before the message will be PGP/INLINEd. This is not required when
> When the email is then opened in a mail client, the HTML part, which
> is “still encrypted” is shown. Is it possible to either: Decrypt all
> parts, including the HTML part -
or- Strip out the HTML part – but
> ONLY if the mail was encrypted or signed, so the client only show the
> text/plain part.
The problem with PGP/INLINE is that there is no standard for HTML.
Enigmail for example disables HTML by default when using PGP/INLINE even
though they have support for HTML with PGP/INLINE. If you want to fully
support HTML with PGP, the best approach would be to use PGP/MIME.
Unfortunately not all PGP clients support PGP/MIME
That said, it would be nice if the CipherMail gateway has better support
for HTML mail (it supports HTML with the non standard encoding used with
Can you add a JIRA request entry for this?
CipherMail email encryption
Open source email encryption gateway with support for S/MIME, OpenPGP
and PDF messaging.
Here is a copy of the mail that was incorrectly parsed:
Received: from server-desktop (localhost [127.0.0.1])
by dns2.sebbe.eu (Postfix) with ESMTP id 64F294C0535
for <firstname.lastname@example.org>; Tue, 10 Mar 2015 12:17:07 +0100 (CET)
Received: from mail-pa0-x234.google.com (mail-pa0-x234.google.com [IPv6:2607:f8b0:400e:c03::234])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by dns1.sebbe.eu (Postfix) with ESMTPS id 070464C0535
for <email@example.com>; Tue, 10 Mar 2015 12:17:05 +0100 (CET)
Authentication-Results: unknown-host; dkim=pass
reason="2048-bit key; unprotected key"
header.d=gmail.com firstname.lastname@example.org header.b=cfzct3+F;
Received: by paceu11 with SMTP id eu11so1067279pac.1
for <email@example.com>; Tue, 10 Mar 2015 04:17:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
X-Received: by 10.70.119.3 with SMTP id kq3mr65210578pdb.85.1425986223739;
Tue, 10 Mar 2015 04:17:03 -0700 (PDT)
Received: by 10.70.133.161 with HTTP; Tue, 10 Mar 2015 04:17:03 -0700 (PDT)
Date: Tue, 10 Mar 2015 12:17:03 +0100
Subject: test [Decrypted] [Mixed]
From: Sebastian Nielsen <firstname.lastname@example.org>
To: Sebastian Nielsen <email@example.com>
Content-Type: multipart/alternative; boundary=001a11c317ec521b570510ed4a02
X-SPF-Signature: pass (gmail.com ... _spf.google.com: Sender is authorized to use 'firstname.lastname@example.org' in 'mfrom' identity (mechanism 'include:_netblocks2.google.com' matched)) receiver=server-desktop; identity=mailfrom; envelope-from="email@example.com"; client-ip="2607:f8b0:400e:c03::234"
Content-Type: text/plain; charset=UTF-8
Content-Type: text/html; charset=UTF-8
BEGIN PGP MESSAGE----<br>Version: haneWIN Javascr=
END PGP MESSAGE----</p>=
The above message shows up as encrypted in the mail client. The best action here would be, if a mail to a internal user is signed and/or encrypted, the best would be to strip the whole multipart/alternative, and replace it with a text/plain containing the decrypted content, and/or the message content of a signature that was verified. Yes, it would strip content "outside" the PGP ASCII armour, but that would be better than having the mail show up as encrypted.