I have Outlook 2013 w/ Exchange installed on Win10 and a fresh installation of Gpg4win. I can Sign and encrypt an email, and the recipient gets the full text of the Mail plus an attachment “gpgolXXX.dat”, probably with the encrypted Mail inside.
I mean, what’s the point of encrypting when the E-Mail is being sent unencrypted as well?
it is a
Windows Server 2008 R2 with Exchange Server 2007. I tried both HTML and Plain Text Messages with the same result.
I never hat Gpg4win or Gpgol on my maschine before. I use GpgOL Ver 2.0.1 which came with Gpg4win 3.0.0. It seems to include a GPA 0.9.10 [9d0c65f] (GnuPG 2.2.1)
Honestly: I am a Computer Consultant and know quite a bit. But this is my 5th attempt over the last 20 years to get started with email encryption and it has hardly become better. The Ggp4win project is hard to cope with: There is no clear overview about what is what and does what and no clear workflows either, not even for an IT professional like me. Just two examples:
I am offered to send my public key to a keyserver. Trying to do this, I get a warning that I shut create a revocation certificate first. But no hint can be found how to do this. Dead end.
I open Kleopatra, press F1 for Help and get to the KDE page. It describes the program all right, but assumes I am a linux user and gives plenty of command line options. Feels like wrong movie.
Any real help will help and exceed my expectations.
Thank you, Wolfgang
PS: Becoming a registered user in this forum took me five attempts because the captchas were horrible to read an user name restrictions were unclear.
Unfortunately you are right: Many things can be improved about Gpg4win
and we are painfully aware of a number of problems and working on some of them.
a) We are planning a Gpg4win 3.0.1 quite soon (within the next 7 days),
it comes with a number of fixes.
b) We plan to make the exchange of pubkeys much simpler with https://wiki.gnupg.org/WKD
(which is so far only partly implemented in Gpg4win 3.0)
c) If possible email clients shall do much more automatically to avoid that users have to learn much about crypto operations. See the draft/work in progress document at https://wiki.gnupg.org/EasyGpg2016/AutomatedEncryption
d) Since a few months we are asking to chose the amount people would like to pay for Gpg4win, this increases the funding available to increase the documentation and support infrastructure step by step.
We cannot reproduce it in out test settings using a newer version of Exchange.
(And it is not easy to get a test account for outdated Exchange servers. Would it be possible to get a test account on the machine you are using.)
Nevertheless it would be helpful for us, if you’d try and catch a GpgOL logfile from the encrypting and sending operations that fails. See the GpgOL section on https://www.gpg4win.de/doc/en/gpg4win-compendium_29.html how to activate it.
Thank you very much. I think I see the problem from your log:
14:30:03/12660/engine.c:engine_wait: filter 1E270048 ready: Success
14:30:03/12660/mail.cpp:encrypt_sign: Status: 0
14:30:03/12660/oomhelp.cpp:invoke_oom_method_with_parms: Method ‘Save’ invokation failed: 0x80020009
14:30:03/12660/oomhelp.cpp:dump_excepinfo: Exception:
wCode: 0x1000
wReserved: 0x0
source: Microsoft Outlook
desc: Ein Clientvorgang ist fehlgeschlagen.
help: null
helpCtx: 0x0
deferredFill: 00000000
scode: 0x80004005
14:30:03/12660/mailitem-events.cpp:Invoke: Passing send event for message 22B2A138.
A failure of this save might be fatal because this means that our encryption code did not properly save. This includes the removal of any plaintext.
As a Minimum We need to handle this failure and block sending / show an error in that case. There might be ways to work around this but that would mean experimenting. E.g. calling the save at a different time.
I suspect that either Exchange 2007 is to blame here (which we don’t have in our test environments / development envrionments as it’s EOL). Or some interaction with another addon.
Thank you André. We will migrate to a new Version of Exchange Server soon and I will review the problem then. Meanwhile I’ll feed the NSA with my secret knowledge.
I’ve opened a report in our Bug Tracker https://dev.gnupg.org/T3511 because I think it’s critical if plain text is sent after encryption and we should at the very least error out.
So I’ve added an additional check that the body is really empty before sending out a mail and if not trying to wipe it clean with a different API call. If that fails again it will finally put up an error message and abort sending.
This should work. Although I’m not 100% certain that if Outlook does not error out on the second deletion try it really did delete it or if it then just returns that the body is empty.
And try again? If you get the Error Message Box or if the mail still is sent out with a plain body I would again be grateful for the log as I added some more debug output.