C3S · ageis · Jan 11, 2016 · Jan 21, 2016 · Jan 22, 2016 · Jan 26, 2016
diff --git a/app/controllers/pgpkeys_controller.rb b/app/controllers/pgpkeys_controller.rb
@@ -42,7 +42,7 @@ def create
 
     # save key to db
     if Pgpkey.create(:user_id => @user_id, :fpr => @fpr, :secret => @secret)
-      flash[:notice] = l(:flash_create_succesful)
+      flash[:notice] = l(:flash_create_successful)
     else
       flash[:error] = l(:flash_unknown_error)
     end
@@ -62,7 +62,7 @@ def delete
     key = Pgpkey.find_by user_id: @user_id
     fpr = key.fpr
     if key.delete
-      flash[:notice] = l(:flash_delete_succesful)
+      flash[:notice] = l(:flash_delete_successful)
     else
       flash[:error] = l(:flash_unknown_error)
     end
@@ -102,7 +102,7 @@ def generate
     # save generated key into db
     key = GPGME::Key.find(nil, params['name_email']).first
     if Pgpkey.create(:user_id => 0, :fpr => key.fingerprint, :secret => params['passphrase'])
-      flash[:notice] = l(:flash_generate_succesful)
+      flash[:notice] = l(:flash_generate_successful)
     else
       flash[:error] = l(:flash_unknown_error)
     end

diff --git a/app/models/pgpkey.rb b/app/models/pgpkey.rb
@@ -8,4 +8,8 @@ def public_key
   def metadata
     GPGME::Key.get(self.fpr).to_s
   end
+
+  def subkeys
+    GPGME::Key.get(self.fpr).subkeys
+  end
 end
diff --git a/config/locales/de.yml b/config/locales/de.yml
@@ -52,9 +52,9 @@ de:
   flash_import_error: Fehler beim Importieren des Schlüssels (bitte nochmal versuchen oder die Administratoren benachrichtigen)
   flash_unknown_error: Unbekannter Fehler (bitte nochmal versuchen oder die Administratoren benachrichtigen)
   flash_no_secret: Keine Passphrase angegeben (kein Problem, aber bist Du Dir sicher?)
-  flash_create_succesful: PGP Schlüssel erfolgreich gepeichert
-  flash_delete_succesful: PGP Schlüssel erfolgreich gelöscht
-  flash_generate_succesful: PGP Schlüssel erfolgreich generiert
+  flash_create_successful: PGP Schlüssel erfolgreich gepeichert
+  flash_delete_successful: PGP Schlüssel erfolgreich gelöscht
+  flash_generate_successful: PGP Schlüssel erfolgreich generiert
   filtered_mail_footer: "Diese Mail wurde aus Gründen der Sicherheit gefiltert. Folge diesem Link und füge Deinen öffentlichen PGP Schlüssel hinzu, um ungefilterte, verschlüsselte Mails zu erhalten:"
   filtered_mail_attachments_added: Anhänge hinzugefügt
   filtered_mail_document_added: Dokument hinzugefügt

diff --git a/config/locales/en.yml b/config/locales/en.yml
@@ -1,5 +1,5 @@
 en:
-  header_openpgp: PGP Keymanagement
+  header_openpgp: PGP Key Management
   subheader_openpgp_incoming: Incoming
   subheader_openpgp_outgoing: Outgoing
   subheader_save_key: Save existing key
@@ -23,7 +23,7 @@ en:
   label_expire_date: Expire date
   label_secret: Passphrase
   option_activation_all: for all projects
-  option_activation_project: dependant on project settings
+  option_activation_project: dependent on project settings
   option_activation_none: deactivated
   option_unencrypted_mails_blocked: blocked
   option_unencrypted_mails_filtered: filtered
@@ -32,16 +32,16 @@ en:
   button_delete: Remove
   button_generate: Generate
   note_login: Please log in to manage PGP keys.
-  note_admin_only: Only administrators will be able to change the private PGP key and passphrase for the redmine server
-  note_user_public_key_missing: Add your public PGP key here to recieve encrypted mails by redmine
-  note_user_public_key_given: This PGP key is used to encrypt mails by redmine
-  note_server_public_key_missing: No key given. Please contact your administrator if you want to send encrypted mails to redmine.
-  note_server_public_key_given: Use this public PGP key to encrypt mails for redmine
-  note_server_private_key_create: Add a private PGP key for redmine to enable encrytion of mails sent to redmine
-  note_server_private_key_generate: Generate a private PGP key for redmine to enable encrytion of mails sent to redmine
-  note_receiving_emails: recieving emails must be configured within redmine, see
-  note_cleartext_create: "The private key and passphrase will be sent in cleartext! Ensure using https or better use the serverside rake task: "
-  note_cleartext_generate: "The passphrase will be sent in cleartext! Ensure using https or better use the serverside rake task: "
+  note_admin_only: Only administrators will be able to change the private PGP key and passphrase for the Redmine server
+  note_user_public_key_missing: Add your public PGP key here to receive encrypted mails by Redmine
+  note_user_public_key_given: This PGP key is used to encrypt mails by Redmine
+  note_server_public_key_missing: No key given. Please contact your administrator if you want to send encrypted mails to Redmine.
+  note_server_public_key_given: Use this public PGP key to encrypt mails for Redmine
+  note_server_private_key_create: Add a private PGP key for Redmine to enable encryption of mails sent to Redmine
+  note_server_private_key_generate: Generate a private PGP key for Redmine to enable encryption of mails sent to Redmine
+  note_receiving_emails: receiving emails must be configured within Redmine, see
+  note_cleartext_create: "The private key and passphrase will be sent in cleartext! Ensure using HTTPS, or better, use the server-side rake task: "
+  note_cleartext_generate: "The passphrase will be sent in cleartext! Ensure using HTTPS, or better, use the server-side rake task: "
   note_sent_to: sent to
   flash_public_key_not_valid: PGP key not valid (it should start with '-----BEGIN PGP PUBLIC KEY BLOCK-----' and end with '-----END PGP PUBLIC KEY BLOCK-----')
   flash_private_key_not_valid: PGP key not valid (it should start with '-----BEGIN PGP PRIVATE KEY BLOCK-----' and end with '-----END PGP PRIVATE KEY BLOCK-----')
@@ -50,18 +50,18 @@ en:
   flash_key_not_exists: Key does not exist
   flash_update_not_allowed: Operation not allowed (please don't try)
   flash_import_error: Error importing the key (please try again or contact your administrator)
-  flash_unknown_error: Unkown error (please try again or contact your administrator)
+  flash_unknown_error: Unknown error (please try again or contact your administrator)
   flash_no_secret: Passphrase is empty (no problem, but are you sure?)
-  flash_create_succesful: PGP key successfully saved
-  flash_delete_succesful: PGP key successfully deleted
-  flash_generate_succesful: PGP key successfully generated
+  flash_create_successful: PGP key successfully saved
+  flash_delete_successful: PGP key successfully deleted
+  flash_generate_successful: PGP key successfully generated
   filtered_mail_footer: "This mail was filtered for enhanced security. Follow this link and add your public PGP key to receive unfiltered encrypted mails:"
-  filtered_mail_attachments_added: Attachements added
+  filtered_mail_attachments_added: Attachments added
   filtered_mail_document_added: Document added
   filtered_mail_issue_add: Issue added
   filtered_mail_issue_edit: Issue edited
   filtered_mail_message_posted: Message added
   filtered_mail_news_added: News added
   filtered_mail_news_comment_added: Comment added
   filtered_mail_wiki_content_added: Page added
-  filtered_mail_wiki_content_updated: Page edited
+  filtered_mail_wiki_content_updated: Page edited
diff --git a/lib/decrypt_mails.rb b/lib/decrypt_mails.rb
@@ -11,6 +11,15 @@ module InstanceMethods
 
     def receive_with_encryption(email, options={})
 
+      # Extract useful metadata for logging
+      sender_email = email.from.to_a.first.to_s.strip
+      # We need to store this before decryption, because after decryption
+      # email.encrypted? == false
+      encrypted = email.encrypted?
+      # Sometimes this isn't available after decryption. This seems like a bug,
+      # so extract it here so we're guaranteed to have it
+      message_id = email.message_id
+
       # encrypt and check validity of signature
       if email.encrypted?
         email = email.decrypt(
@@ -32,19 +41,28 @@ def receive_with_encryption(email, options={})
       # compare identity of signature with sender
       if valid
         valid = false
-        sender_email = email.from.to_a.first.to_s.strip
         user = User.find_by_mail sender_email if sender_email.present?
         key = Pgpkey.find_by user_id: user.id
         signatures.each do |s|
-          valid = true if key.fpr == s.fpr
+          key.subkeys.each do |subkey|
+            valid = true if subkey.capability.include? :sign and \
+                            subkey.fpr == s.fpr
+          end
         end if not signatures.empty?
       end
 
       # error on invalid signature
-      if Setting.plugin_openpgp['signature_needed'] and not valid
-        if logger
-          logger.info "MailHandler: ignoring emails with invalid signature"
-        end
+      ignored = !!(Setting.plugin_openpgp['signature_needed'] and not valid)
+
+      if logger
+        logger.info "MailHandler: received email from #{sender_email} " +
+                    "with Message-ID #{message_id}: " +
+                    "encrypted=#{encrypted}, " +
+                    "valid=#{valid}, "+
+                    "ignored=#{ignored}"
+      end
+
+      if ignored
         return false
       end
 
@@ -53,4 +71,4 @@ def receive_with_encryption(email, options={})
     end
 
   end
-end
+end