GpgOL and weird encryption for HTML or image sent

Hello,

Tested with Outlook 2010 and Outlook 365 on my Windows 7 computer.

GPG4Win OL has a weird behavior: when I send an email in html it is not correctly supported and ProtonMail receives an openpgp-encrypted-message attachment that I cannot open. Same goes with regular attachment sent. Although it works fine with a plaintext email from Outlook to ProtonMail.

But in the other way, meaning I send an email from ProtonMail to Outlook, everything is correctly decrypted (html, attachment, inline image).

I also tested with another web browser type email address with the Mailvelope extension to decrypt PGP, and there is also this same attachment: openpgp-encrypted-message.asc and in the body of the email there is only the disclaimer of my company in plaintext. Moreover I haven’t succeeded decrypting this openpgp-encrypted-message.asc file.

Actually, when I take a look at the Sent box, there is no PGP at all in the email sent by Outlook and GPG OL.

I can’t be 100% sure but I think GPG OL was working much better a few versions back.
In comparison, GPG4o worked correctly on O365 (I couldn’t install it on Outlook 2010 though)

Anybody else has issues?

Dear Antonio,

note that Gp4win sends emails in the recommended standard OpenPGP/MIME
by default since a while. This standard solved a number of long standing problems.

It is possible that ProtonMail does not support this standard fully.
And falls back to just attach some encrypted attachments to the email (which is
non-standard).

The Mailvelope-Browser extension uses the same OpenPGP.js library that ProtonMail does
and it also needs support from the webclient to work properly for OpenPGP/MIME messages.and attachments overall for technical reasons beyond its control.

My suggestion is:

  • Save one of the attachments and use Gpg4win to try to decrypt it (via explorer, contect menu for instance)
  • Test with a different email client that is know to support OpenPGP/MIME

Maybe we can support pecularities of a services like ProtonMail in the future and try to compensate for their non-standard way to add an attachment, but it may also be not very usuable that it would need you to configure this for special recipients manually.

So an even better solution would be if ProtonMail starts to support OpenPGP/MIME.

Regards,
Bernhard

If it is possible to add a workaround, we’ve created a task for this
https://dev.gnupg.org/T4686

Hello,

There is a misunderstanding :

with ProtonMail I can send to my Outlook that uses GPG OL an email encrypted with an attachment or/and an email in HTML format with pictures embedded. GPG OL decrypts it normally. It works fine.

with Outlook 365 that uses GPG OL I can only send text emails to ProtonMail because html is removed and something weird happens to the email and its content (included the attachment) as in ProtonMail I only receive an email with a file attached named openpgp-encrypted-message (that I haven’t succeded decrypting by the way) and there is no lock showing the message is encrypted.

Look at the attachement, it’s a screen capture of my Sent Items in Outlook (email sent from Outlook with GPG OL to my ProtonMail address):

  • 1st email was a text email, we can see ----BEGIN PGP MESSAGE and no blue lock;
  • 2nd email was an html email but it is automatically converted in text, and we can see ----BEGIN PGP MESSAGE and no blue lock;
  • 3rd email was a text email with an image attached, there is no ----BEGIN PGP MESSAGE and there is a blue lock. When I click on this email, there is not the flashing window (for a few ms) showing it is decrpyted whereas I get it for the 1st and 2nd message.

IMO it has nothing to do with ProtonMail but more how GPG OL treats the email I want to send.

Am I the only one with this issue?

20190826-b.png

On this screen capture, no lock (meaning the email is not encrypted) and an attachment (openpgp-encrypted-message) and a footer about the environment.

20190826-c.png

On this screen capture, this is the text email received correctly encrypted in ProtonMail (green and checked lock meaning it is a trusted sender), and no footer.

And honestly I don’t understand why there is no footer as it should be automatically added on every email sent…
When I send a text email with no GPG OL encryption, the footer is added.

I wonder if it has something to do with my problem…

20190826-d.png

Hi Antonio,

thanks for sending more details! We are interested to understand what the problem is.

To clarify a few more details (or assumptions):

  • You are using Outlook 365 with the most current Gpg4win version 3.1.10?
  • How is your email provider connected, via Exchange or via IMAP/SMTP (or something else)?
  • You are using the webinterface of ProtonMail with a different email account?

If the answers are: Yes. IMAP/SMTP. Yes.
then technically it still maybe that ProtonMail cannot handle the standard for sending encrypted emails nicely (it is called OpenPGP/MIME).

Would you mind sending my an encrypted email with both accounts
(bernhard@intevation.de, you can get my public key with WKD (automatically with GPGOl)
or https://intevation.de/~bernhard/bernhard_gpgkey.asc)

Regards,
Bernhard

Hi,

I’ve read the thread now. What I understand:

  1. Antonio has the Option “Send OpenPGP mails without attachments as PGP/Inline” active.

→ This options is a clutch for mail clients that do not understand PGP/MIME. This option does not support HTML. It replaces the plain text of the email with the PGP Message.

  1. When Protonmail sends mails they apparently do it as PGP/MIME otherwise attachments would not work in GpgOL.

  2. When Protonmail receives proper PGP/MIME it apparently has problems with our Mails or PGP/MIME in general. Our Mails are to the best of our knowledge correct.
    The “openpgp-encrypted-message.asc” is the name of the encrypted MIME Part. (In the protonmail explanation this would be the same as “encrypted.asc”)

So I’ve duckducked “protonmail pgp/mime” and found that they have an explanation site:
https://protonmail.com/support/knowledge-base/pgp-mime-pgp-inline/

But it does not say what it actually supports.

I’ve sent a mail to a developer of protonmail that I know and asked him about this or if we could do something to help.

I’ll let you know if I have new information.

Best Regards,
Andre

On this screen capture, I’ve just rebooted my Outlook client, here’s the email I sent with a picture as an attachment.
As you can see, there are now 2 files attached:
the openpgp-encrypted-message.asc
and a file xxx.gpg
There is no lock anymore, and it wasn’t encrypted.

When I try to decrypt or verify the xxx.gpg, I get an error with Kleopatra.

20190826-e.png

To answer your questions:

  • You are using Outlook 365 with the most current Gpg4win version 3.1.10?
    Yes, exactly and GPG OL 2.4.2

  • How is your email provider connected, via Exchange or via IMAP/SMTP (or something else)?
    The Outlook 365 is used in a corporate environment with Exchange 2010/2013 ; this is used for my business email address.

  • You are using the webinterface of ProtonMail with a different email account?
    ProtonMail or Mailvelope (YahooMail in my case) are used for my personal email address. I use the web interface for both of them and the Android app on my smartphone for ProtonMail.

I’m going to send you emails for testing.

Hi,

so my contact at protonmail said that they definitely have working PGP/MIME support also when receiving mails. Our next step is to exchange some test mails to check if it is a general problem or something specific to Antonio.

But as he is on Pacific Daylight Time we have a 1d communication delay :wink:

Regards,
Andre

I’m going to send you emails for testing.

Thanks a lot, maybe you can also send email as copy to Andre
aheinecke@g10code.com
94A5C9A03C2FE5CA3B095D8E1FDF723CF462B6B1

Bernhard

I’ve sent multiple PGP/MIME mails in various formats to a protonmail developer and all worked fine. So we have confirmed that protonmail and GpgOL are generally compatible.

So this gets a bit stranger as it seems to be a personal problem.

You could maybe also ask the Protonmail support for help?

I have to agree with you that it seems to be on my side.
It could be Exchange or Cisco IronPort Mail.
My IT team doesn’t have enough time and knowledge to solve this issue unfortunately.
Thanks again for your hard work!

Hi Antonio,

if you want to get further: The idea for analysis is to follow the structure of the email between the components. For instance if you can get the email before it enters and when it leaves IronPort. We know that Exchange works in principle, so chances are high it is a different component.

Having this knowledge it good for your team in general (not just crypto emails), because there are cases from time to time where you really want to be sure where which data is flowing.

Regards,
Bernhard