Can't decrypt message received in Outlook 2016

I have PGP4win 3.0.0 just installed and when performing the initial tests the incoming mails received in Outlook 2016 can’t be decrypted. The ribbon in Outlook shows ? Insecure (no options to decrypt). I can see the encrypted message and it has the markers for begining and end of pgp message. The incoming message was sent from PGP4win 2.3.2. My outbound messages are encrypted correctly and the recipient in PGP4win 2.3.2 can decrypt them although he receives them as attachments.

Hi Jorge,

The reason the receiver of your mail sees your mails as an attachment, is because you send mails via the OpenPGP/MIME Standard, a standard that is not fully supported in older versions of Gpg4win. If you want backwards compatibility you can change your Options in the GpgOL Plugin to send NO-MIME (aka PGP/INLINE) messages. They can be decrypted by older Versions, too. This may also be the reason why messages of that person are not recognized as encrypted messages correctly. The NO-MIME way is outdated and not standardized (other than the OpenPGP/MIME standard), so it can cause issues while recognizing the contents. This happens especially, when the send EMail is not in Plain Text Format, but in HTML/(or other)-Format. You can check if thats the case[1].

Best Wishes,
Jochen

[1] - https://superuser.com/a/238329/766798

Hi Jochen,
I tried your setting and it didn’t work. The email I sent is still received as attachment but at least it can be decrypted by the receiver,. If he sends me a message (He is in version 2.2.5) my Outlook still doesn’t recognize it as encrypted. I cut and paste it into Notepad, save it as a .gpg file and then from Kleopatra I try to open it with decrypt/verify and I get this message:

The file ‘C:\Users\Jorge\Documents\test4.gpg’ contains certificates and can’t be decrypted or verified.

I’m at a loss now. Please help. Thanks

Dear Jorge,

sorry to see that you are having problems.

From what I understood you are using Gpg4win 3.0.0 with Outlook 2016 and
you have problems communicating with someone.

For this person you are writing about Gpg4win version 2.3.2 and 2.2.5.
As both versions are outdated for a while now, could you ask your communication partner
to upgrade to Gpg4win 3.0.0 or at least 2.3.4? This probably is the best solution.
As you can download Gpg4win without costs if you decide to do so,
it is just doing the upgrade.

Can you try to check the header of the incoming email with the hint that Jochen gave you?
Look for the MIME-Type, but also for signs of the used product.

Best Regards,
Bernhard

Hi Bernhard,

unfortunately this issue causes a major impact because what it in the end means is that we have a serious compatibilty issue: I have the exact same problems, I cannot even decrypt my very own mails still in my Inbox. My mail header (excerpt) of an encrypted mail from GPG4Win 2.3.2, which I cannot decrypt:

Content-Type: application/ms-tnef; name=“winmail.dat”
Content-Transfer-Encoding: binary
MIME-Version: 1.0

Not that (in reality) you cannot ask all your clients to update their installations (just think of large enterprises/no admin rights/software deployment/policies), software should IMHO (to a certain point) be backward compatible.

Therefore I suggest to consider this to be a faulty behaviour.

Best,
Carsten

Hi, my colleague just figured out, why one cannot copy the body of an (with a former version of GPG4Win/GPGol) encrypted mail and decrypt it via Kleopatra and clipboard: There is no real line break between “Version: GnuPG v2” and the encrypted content: Once you hit enter between the lines the content can be decrypted - we suspect it is the same behaviour as with the plugin.

Best,
Carsten

Hi Carsten,
thanks for help to analyse the issue!

As towards the updating: Overall it is important that software can be updated.
We have fixed a number of smaller and larger defects, some security relevant
with the minor releases of Ggpg4win. So an update is the first options for several reasons.
I agree that there are circumstances where an update cannot just be done, though.

Your case seems to be slightly different that Jorge’s as he reported that using the clipboard as a fallback works.

As for line-endings, please note that Outlook as an option to hide some line-endings, are you sure that you have disabled this option when checking the issue?
(As for diagnosing problems: it is quite difficult to see a raw email message that Outlook has gotten from Exchange or and IMAP server. What kind of transport are you using?)

The messages in your local (pst-Storage) are different from the messages send over the wire.

Best Regards,
Bernhard

OK guys I just confirmed the line brake issue. This is correct if the message came in as HTML (there is no real line brake), Kleopatra will not even give the option to decrypt from the keyboard. However, if the message came in as plain text it works fine.

Hi Bernhard,
We’ve been doing some testing and here are the results (my partner still in 2.2.5 and I’m in 3.0):
Changed his setting to send in plain text but my 3.0 plug-in still doesn’t recognize the message as encrypted. The header shows MIME-Version: 1.0
I can copy to clipboard and use Kleopatra to decrypt it without issue though.
If he sends a message as an attachment, right clicking on the attachment brings the option to derypt and this works fine.
Set my outbound to “Send OpenPGP mails without attachments as PGP/Inline” as suggested but he still receives the message as an attachment although he can save it and decrypt it.
Hope this helps to give you a better picture of what’s going on.
As somebody else said please understand that we can’t ask our clients to upgrade.

Hi Bernhard,

you might now realize that Jorge and I have the exact same problem. We are using Outlook 2016 with Exchange, Transport is RPC/TCP. Would be great of you to consider this a bug, because of it’s major impact.

Best,
Carsten

PS: Bernhard, gerne stehe ich ab KW43 als Sparringspartner in der Sache bereit: Ihr habt eine tolle Software, die aktuelle Situation ist aber sehr problematisch für uns.

Hi Jorge,

thanks for your testing. This is helpful because there are so many
real world settings out there, that our testing cannot cover all cases!

Can you send me encrypted emails from your partner that are encrypted
to you and to me (see bottom of http://intevation.de/~bernhard/index.en.html
for my pubkey and email address).

2.2.5 ist old, though, what is the reason your communication partner cannot upgrade?
(I’m just interested to learn about this, 2.2.5 may have defects, the new GpgOL ist much better.)

Best Regards,
Bernhard

Hi Carsten,
[I’m sticking to Englisch in this Forum as courtesy to the other readers]!

Again thanks for reporting!
We are taking all feedback seriously, because know that there may be
defects hidden somewhere (all software has them).
User feedback has let to a number of very important improvements
during the beta and release-candidate phases. Gpg4win 3.0.0 is a big
step forward, so even with testing and pre-release phases, there will
be some problems left.)

To restate your problem description:
a) You are getting emails from someone you cannot decrypt.
What do you know about the senders (computer settings)?
Gpg4win 2.3.2? Outlook 2016 (or Office365)? Send via Exchange or SMTP to
their server?

 You are trying to decrypt it with Gpg4win 3.0.0 Outlook 2016 Windows?

b) You cannot decrypt emails in your storage.
Only emails you have send? Send with which version?

Best Regards,
Bernhard

From: Bernhard Reiter

Hi Carsten,
[I’m sticking to Englisch in this Forum as courtesy to the other readers]!
[CD] Fine.

Again thanks for reporting!
We are taking all feedback seriously, because know that there may be defects hidden somewhere (all software has them).
User feedback has let to a number of very important improvements during the beta and release-candidate phases. Gpg4win 3.0.0 is a big step forward, so even with testing and pre-release phases, there will be some problems left.)
[CD] Excellent, thank you.

To restate your problem description:
a) You are getting emails from someone you cannot decrypt[CD] .
[CD] As I mentioned, also my very own ones.

What do you know about the senders (computer settings)? Gpg4win 2.3.2? Outlook 2016 (or Office365)?
[CD] Gpg4win 2.3.2 and Outlook 2016 (not Office365)

Send via Exchange or SMTP to their server?
[CD] Exchange via RPC/TCP

You are trying to decrypt it with Gpg4win 3.0.0 Outlook 2016 Windows?
[CD] Exactly

b) You cannot decrypt emails in your storage.
[CD] Storage or .pst , doesn’t matter!

Only emails you have send? Send with which version?
[CD] No, all encrypted mails I have send or received with Gpg4win 2.3.2 (and very probably older versions) and Outlook 2016 (and very probably older versions).

Best Regards,
Bernhard

PS: Will be available and answering again from the 23th of October on.

Dear Carsten,

if Gpg4win 3.0.0 gives you problems detecting emails to decrypt,
please stick with 2.3.4 for now until we can test, reproduce and remedy the issues.

Technically your emails are probably not lost, they are just not detected as crypto emails.

Thanks for your offer to help us as a testing partner.

Best Regards,
Bernhard

Hi Bernhard,
I’m preparing the requested test and will send a bit later today.

Re your comment about the 2.2.5 version the reason we keep using it is because it works fine. It’s attached to Outlook and the Add-in shows in the ribbon. I can’t say the same when I tried to install 2.3.2 or 2.3.4 in other machines, the Add-in shows as enabled in Outlook but there is no way that it will show in the ribbon. I tried several different approaches but it doesn’t work (installed GPG4win running it as an admin, repaired MS Office, re-installed MS Office). However we have 2.3.2 installed and working in other machines. I’m assuming this must have something to do with some Outlook -aka Microsoft Office- update or even the Windows 10 version/build (In one of the machines running 2.3.2 the Add-in disables itself so you have to re-enable it which lasts until you re-start Outlook, and this started a few days ago). So I took the old approach: “If it’s working don’t fix it” .
Hope this helps
Regards

Jorge

Hi Bernhard,

We continued testing and uncovered a major issue in 3.0 .It is possible to send a message that is not encrypted even if you clicked in the encrypt button in Outlook. The software will send the message unencrypted without any warning! This is unacceptable. We should get a message indicating that the encryption failed and Outlook should not send it!. I investigated and found out that in settings the box “send encrypted messages by default” was checked. Maybe this was the reason for the behavior. I unchecked it and the encryption worked. However, there should be no way to send a message without encryption when I clicked on encrypt. This is extremely worrisome, we can’t use the software without a fix for this.

Hi Jorge,

Can you state how exactly you managed it to send an unencrypted EMail, even when you clicked the encryption option, so we can recreate this, file a bug report and fix it?

Best wishes,
Jochen

Hi Jochen,

I created the message, then clicked the secure button, got the pull down, clicked encrypt, and pressed send. There was no pop up requesting to confirm sender and receiver, the message was sent unencrypted. Please note my explanation in my previous message regarding the GpgOL settings where I mentioned that the box “Encrypt new messages by default” was checked (maybe two simultaneous requests to encrypt created the issue?). When I unchecked that box messages were sent encrypted again. However, as I mentioned before, no situation should permit sending an unencrypted message without a warning when I intended to encrypt it. Additionally, I believe GpgOL settings should not be accessible to a regular user. Hope this helps to clarify
Regards

I have the same problem, Outlook 2016, gpg4win 3.0.1. A user is sending from a 2.x version of gpg4win, and the inline message is not decrypted.

I think I may have found the problem. I took the content of the inline email, and created a text file, tried to decrypt it, but it didn’t work. Tried the decrypt from the Clipboard, and the option was greyed out.

Then I deleted the “Version: xxx” line on the file, and I could decrypt the message without problems. And also I could decrypt right out of the Clipboard.

Maybe this will offer a clue?

Please let me know if you are able to find out a fix to this.

Best regards,

Luis Carlos