Beta3_I can see msg content in Outlook before encryption

Hi,
I am trying new Beta3 version, and wen I received mail from my colleague I observed that I can read the message in mail list (attachemnt) It is not whol mail, bud if there would be password I can read it without entering my password…
(env. Win10 Outlook365)

i.

gpg_bug.JPG

Dear John,
thanks for trying a Gpg4win Beta version.

In your screen shot I can see the email list where the subject of an email is shown.
OpenPGP/MIME only protects the email contents (which is also called the body of the email and the attachments). So it would be expected and okay if you could read the subject of the email without encryption, but not more.

As for password: Please note that the agent will cache the password for a few minutes. So once you have typed in the password for your secret key, it can be used to decrypt several emails.

Does this fully address your question?

Best Regards,
Bernhard

Hi,
the supbject of email was “PGP” rest “Dal som to si Beta3, S pozdravom…” is content of body of email.

Aand one more thing, now I have sent email to myself and encrypt it with my openpgp certificates (filled according recipient in kleopatra popup). When I send email and receive it, I cant open it because it say “S/MIME encrypted …”.
I didnt change encryption to S/MIME and in Beta3 there is only blue lock icon, so where I can change encryption back to openpgp? There isnt such option even in popup where I am choosing certificates

Thank you

Hi John,

the current betas use OpenPGP by default.
Which version are you using in particular?

The email body that you are seeing parts of,
is this an email that you had seen before.
(My ideas is that maybe Outlook keeps a record of which emails it had
already displayed and uses this storage to add a line to the list of email
when redisplaying the email.) It is hard to tell without seeing an actual
case. You wrote that you are using Office 365, that comes with Outlook 2016
desktop version, does it?

Best Regards,
Bernhard

Yes! Sry, it was my fault, it took S/MIME because the email was resend with our internal certificate, when I disabled ours, the openpgp was primary again :slight_smile:
But the email content problem is still same as you can see in new attachment.
I ask my colleague to send me new email, so I couldnt saw the content before… On picture you can see there is Subject “abcd” and in red is sentence he wrote into the body. The email was sent with public certificate of someone else (not my), email is unread, but I can read body.
So even I cant decode the email, I can read some part of it. That is really hard bug I think.

Thank you

mail_body.JPG

John,
which version did you use precisely?

How is the email transported from sender to receiver?
Exchange ↔ Exchange
or SMTP ↔ SMTP → IMAP
or something else?

Best Regards,
Bernhard

Hi,
my version is Beta 3.0.0 version 276 from appx. 3weeks ago.
Email transport is Exchange-Exchange

BR

J.

Hi John,
thanks for the additional details, this helps us to get a better idea what could possibly be the problem.

About the email transport: Is this one exchange instance the email is transported over or does the email travel between two different exchange servers that are completely independent?

BTW: We are currently up to beta282 which has release candidate status. I don’t expect beta282 to behave differently than beta276 in this point. Of course this issue, is a potential release blocker.

Best,
Bernhard

Indeed. I tested with Exchange again and it shows the unencrypted body and has the unencrypted body in the sent mail folder. Mails in the sent mail folder on exchange behave similar to exchange <> exchange transfer.

This is a critical bug. Thank you very much for your report. I opened a ticket: https://dev.gnupg.org/T3369

Happily the fix was pretty straightforward. I don’t really see from our code when this broke but sometime in the summer 2016 it worked and then the body was not removed from mails when they were not sent over SMTP but only through Exchange or stored in the Sent mail folder. So the Body property was still available unencrypted additionally to the encrypted MIME attachment.

Please confirm that with the latest beta (>= 3.0-beta287) the behavior is fixed for you, too.

( http://files.gpg4win.org/Beta/current/ )

Please note that the problem is on the Senders side. So Mails that you have already gotten will still show the old behavior. You have to send a new test mail with the fixed version.

Thanks again. Regards,
Andre

Hi,
we use Office365 with remote server, so we cant say for sure how many servers they have. We have branches in two cities.

BR
j.