Version 0.0.39 (macOS GUI and CLI)
I think that the keys decrypt
function (and the equivalent in the GUI if it doesn't shell out to CLI) should auto detect the armoring and the mode (encrypt
| signcrypt
) when decrypting content.
Especially for cyphertext that was signcrypt
vs. encrypt
as this is not something the recipient can know in advance. This causes UX issues in both the GUI and the CLI. Some examples.
Also, there are interoperability issues between GUI and CLI which is due to the related problem of improper mode selection for both signcrypt and decrypt type operations.
GUI
OK : Using the GUI Encrypt
tab to sign and encrypt a message (in this case signed by grempe@github
and encrypted to myself as well) and then pasting that ciphertext into the Decrypt
tab properly decrypts the contents and verifies the signature. So cyphertext BOTH created and decrypted WITHIN the GUI is OK.
ERROR : In GUI, pasting a signcrypt
message with the same users that was created in the CLI into the Decrypt
GUI pane fails with message Wrong saltpack message type: wanted an encrypted message, but got a signed and encrypted message instead
. The GUI should just 'do the right thing' and handle a signed and encrypted message created by the CLI.
The command used on the CLI to create the ciphertext for the GUI was:
echo "foo" | keys encrypt -r grempe@github -s grempe@github -m signcrypt -a
ERROR : If using the GUI to create encrypted text, and also choosing that it should be signed by someone is only creating encrypt
mode ciphertext, not signcrypt
as expected.
e.g. in GUI I encrypt 'FOOBAR' to myself, and also choose to sign with my same key results in ciphertext that is in encrypt
mode, not signcrypt
mode.
Note, I had to specify encrypt
mode not signcrypt
mode.
echo "BEGIN SALTPACK ENCRYPTED MESSAGE. kcJn5brvybfNjz6 D5ll2Nk0YySyo5u S8VITxP1Nu9IZBo GKPXIiQJPm0Pp0f 19D7dVOcGMstPuc lCqpOhGMzz8wFgS DRIO9gnIKuCZJwN dHpiNUpllGRU3LS 4vusrjLtGnrkzlE vbaUnW9HMd4IM9P N2ENoDnrXGbWTSW aZ3hELM4HppRWxJ Otp4pA2f6K8xGsD 9GVOcXCzAlnqJCw 24HRMmMHxNPwA7r isdGXipkuZfZJhZ ZlFMQ7KJrikG5cw kII7wNE4760U2jL RtYqclNUh36Hn2N Add. END SALTPACK ENCRYPTED MESSAGE." | keys decrypt -a -m encrypt
verified kex1ygrarq8l83l0tvhhesqwepuzza26zq75t9nm8pq78svz086ktk2sl5mtul grempe@github
FOOBAR%
CLI
echo "foo" | keys encrypt -r grempe@github -s grempe@github -m signcrypt -a | keys decrypt -a -m signcrypt
ERROR : this throws an error when no mode is supplied to decrypt
, even though the decrypt
function clearly knows that this content was both signed and encrypted. It should use this knowledge to just automatically apply the right mode.
❯ echo "foo" | keys encrypt -r grempe@github -s grempe@github -m signcrypt -a | keys decrypt -a
Wrong saltpack message type: wanted an encrypted message, but got a signed and encrypted message instead
ERROR : this throws an error when armor
setting is not applied to decrypt
. This despite the fact that decrypt
did not see the expected header bytes. In which case it should apply armoring mode as needed to attempt decrypt. The message is also not helpful in guiding the user to a proper solution (providing the -a
flag).
❯ echo "foo" | keys encrypt -r grempe@github -s grempe@github -m signcrypt -a | keys decrypt -m signcrypt
failed to read header bytes
Same for when neither armor or mode option is provided to decrypt
:
❯ echo "foo" | keys encrypt -r grempe@github -s grempe@github -m signcrypt -a | keys decrypt
failed to read header bytes
SUMMARY
Implementing these heuristics on decrypt
, in GUI and CLI, would allow decrypt to be much more forgiving (especially in a GUI context!). You should be forgiving as there is no way for the user to know the mode by looking at the ciphertext. In all cases content created by the GUI or CLI MUST be fully interoperable.