To make the image seen (manually), you’d need to find the image data in the email, decode and safe it to disk and then change the src part in the HTML to point to this file.
I don’t know where it is either, you could try to look for image001.png or 01D6FBC0
in the mail or saved attachments, even within the HTML file.
I really appreciate what you have done.
I searched all places I can imagine but still failed to find the image.
I am giving it up.
Hope someone in the future can help me or I may turn to GPG4o or Symantec Desktop.
In fact, I have tried GPG4o trial version and it just works fine.
Symantec Desktop is doing well too (because I always call help to my colleague, a Symantec user, to forward the decrypted mail to me)
hopefully in the future, your recipient will switch to sending a standard format.
(As the format used will not be parsed by other crypto clients as well.)
The next step of debugging would be, if you could get an email from your recipient encrypted to us, so we can at least search for the structure. But has you wrote, your recipient is not cooperating with you, so it is probably not an option.
Is the standard format you are talking about “OpenPGP/MIME format”?
I am wondering if I did anything wrong on the configuration of GpgOL.
The GpgOL on my outlook is version 2.4.8.
All configurations are unchanged with default value.
I just noticed that the check box of “Enable the S/MIME support” is unchecked.
Should I enable it? I am not sure whether it is related to encryption (send email) or decryption (receive email) or both?
Also there is another option “Send OpenPGP mails without attachments as PGP/Inline” which is also unchecked.
This looks like exactly what I want from my recipient.
Otherwise their emails are always decrypted in plain text with a encrypted attachment.
OK, I just enable the S/MIME support and nothing changed. Is the option applied to the emails which are downloaded from the mail exchange server to my local disk already?
Or maybe this option has nothing to do with the missing image of the decrypted email.
Regarding the next step of the debugging, I am a bit confused about the request.
Do you want me to send you an encrypted email which is sent by my recipient?
Or do you want me to send you an email which is decrypted by my local GpgOL where the image is missing? I think I can not do that either way since the mail is quite confidential (that’s why they are encrypted). I think I could locally use proper editor to show you the structure you mentioned. Do you think it makes sense?
regarding the format: Yes, “OpenPGP/MIME” is the standard format your sender should be using. (Your settings were default and good, please do not change them.) (I mixed up “sender” and “recipient” partly in my last message, sorry for the confusion.)
Because the existence of an attachment called “PGPexch.htm.pgp” means that the sender
did not use “OpenPGP/MIME”.
Regarding further debugging:
To where the image would be in the data and if it is there at all, we would need to have a test email which is encrypted to us, with the same structure. (Of course with only non-sensitive data, this is why I wrote it would mean to ask your sender to send such an email with the same configuration to a different address, which is unlikely).
For debugging, do I also need your public key so that you could decrypt it?
I am thinking to ask my colleague to help me reproduce the problem with Symantec Desktop which I guess the sender is using.
(My colleague is lucky to have the last Symantec license in my office…)
yes, you’d need to encrypt to me (or Andre) or one of the test key pairs, where both the public and the secret key is available for everyone to decrypt, e.g. https://wiki.gnupg.org/SampleKeys
My colleague and I just reproduce the issue with Symantec Desktop.
I decide to use Alice’s public key (from https://wiki.gnupg.org/SampleKeys) and send the encrypted email to Alice (alice@gpg4win.de).
I hope it will also work for you.
BTW, before we proceed, I would like to make sure the GPG4win is totally free to use even we plan to use it for business. Is my understanding correct?
Any illegal usage of a software is not allowed in my company.
using the sample key and sending it to alice@gpg4win.de should work for me.
All components in Gpg4win are “Free Software” (from the meaning of “liberty”) and you
can use the common version without mandatory fee.
For the precise legal terms, see https://www.gpg4win.de/license.html
We ask people to pay something volunteeringly, so we can keep this service and the maintenace up.
There are additional paid-for services, e.g. when you need Gpg4win for many work places and high or very high security setting, we recommend you check into the “GnuPPg VS-Desktop”, to ensure operating support, see https://gnupg.com/index.html
Again, summarized: Yes, you are allowed to use Gpg4win without fee for business use.
Thank you for giving me a explicit summary in the end of your post!!
It is weird that my colleague and I can not send an encrypted email to Alice ( alice@gpg4win.de).
The following organization rejected your message: kerckhoffs.g10code.com [217.69.77.222].
So I just tried to send you an email.
It seems the sending process is successful and no error message is shown this time.
I will ask my colleague to send you the test mail again later.
HI Acme,
your two testing emails arrived.
(For me to be able to encrypt back to you, I’d also need your public key, you could just attach them.)
The test mail I’ve got has two attachments:
Attachment1.pgp
PGPexch.htm.pgp
decrypting them both manually (not on windows), and then replacing
src=“cid:image001.png@01D7624C.32C3FAA0”
with
src=“./Attachment1”
I can see the HTML with the image.
So your problem is that you cannot see “Attachment1.pgp”? So you are
unable to save if from your GpgOL?
this maybe a problem specific to GpgOL when used with Exchange as mailtransport.
(As the attachment maybe stored and transported differently from exchange to outlook.)
Can you try the latest Gpg4win 3.1.16, if you haven’t done so far?
Note that it may take 2-3 weeks until we can act on this (because it is vacation time here in the summer).
Until then, you could try to use a different email client, like claws for windows
to access your exchange via IMAP and get the email in a more complete way as a
workaround. It is not very comfortable, but just in case you needed it urgently.
(Please still be aware that senders should better switch to OpenPGP/MIME and that opening HTML files can be a security problem.)
I really really really appreciate what you have done!!
And thank you for the prompt response all the time.
If you need someone to give the fix a try, please let me know.
(In case I may not visit this webpage for a while, you can find me by personal email).
Thank you for also providing a workaround before the problem is fixed. I’ve learned something from you for being considerate on this topic.
(If I really need the complete decrypted email with images embedded, I will ask my colleague who has the last Symantec license to forward the decrypted mail to me.
I believe I will not bother him frequently within those weeks.)
And I thank you as well, as we need people that help us understand where Gpg4win can be made better. (Our goal of course is to allow communication and be compatible, if we can.)!
(Take note that our work is partly funded by those who chose to pay/donate for Gpg4win.)
Totally understood.
As a first step, I will suggest more people in my company to use GPG4win.
The more people using it, the higher possibilities the company will choose to pay/donate for GPG4win.