PGP Encrypted mail with Gpg4win and Kopano from Outlook

aheinecke

Hi,

I’m the developer of GpgOL, Gpg4win’s Outlook extension. We provide a plugin to send PGP encrypted mails from Outlook.

It’s been reported to us that our Plugin does not create valid PGP/MIME mails when used with a Kopano Server. The report can be found in our ticket system: https://dev.gnupg.org/T3824

It would be interesting to hear if someone else using Outlook and Kopano could confirm that our Plugin does not create valid mails in such a setup. It’s free Software. download

Maybe our assumption that Kopano is to blame is wrong and there is something else broken in the setup of our reporter : -)

Just generate a Key and send yourself a “secured” mail with some text. If it looks weird and has stuff like “Content-type” in it you have confirmed the problem. It should look exactly as you have composed it.

---

Technical Details:
Our Plugin relies on the MS-OXOSMIME MAPI to MIME conversion algorithm in Outlook/Exchange.
In short: If you create a Message with a special Message Class (for us: IPM.Note.InfoPathForm.GpgOL.SMIME.MultipartSigned ) Outlook treats the first (and only) attachment as the MIME structure of the mail.

So we build a valid multipart/signed or multipart/encrypted mime message and attach it, remove the body, set the message class and send it.
With SMTP Servers Outlook does the conversion but if it’s connected through Exchange the server does the conversion.
This somehow does not work with Kopano (at least we currently think so).

What happens is that our Attachment is split up and put into a Multipart/Mixed message. The “inline.txt” attachment contains the PGP/MIME version marker. The text/plain attachment contains the PGP content.

It looks like this:

Content-Type: multipart/mixed; 
 boundary="=_oTgDbYJZJIkHstD84AzOsmjp4jFEt+cRHoHCd4sbXNjT-YqH"
X-Mailer: Kopano 8.3.4-12
X-Original-Mailer: Microsoft Outlook 16.0

 This is a multi-part message in MIME format. Your mail reader does not
understand MIME message format.
--=_oTgDbYJZJIkHstD84AzOsmjp4jFEt+cRHoHCd4sbXNjT-YqH
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable

=2D----BEGIN PGP MESSAGE-----
......
=2D----END PGP MESSAGE-----

--=_oTgDbYJZJIkHstD84AzOsmjp4jFEt+cRHoHCd4sbXNjT-YqH
Content-Type: application/pgp-encrypted; name=inline.txt
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename=inline.txt

VmVyc2lvbjogMQ0K
--=_oTgDbYJZJIkHstD84AzOsmjp4jFEt+cRHoHCd4sbXNjT-YqH--

While a valid PGP/MIME Message would be:

Content-Type: multipart/encrypted;
	protocol="application/pgp-encrypted";
	boundary="=-=w4Rm8tvUXpODtB=-="

 This is a multipart message in MIME format.

--=-=w4Rm8tvUXpODtB=-=
Content-Transfer-Encoding: 7bit
Content-Type: application/pgp-encrypted

Version: 1

--=-=w4Rm8tvUXpODtB=-=
Content-Transfer-Encoding: 7bit
Content-Type: application/octet-stream

-----BEGIN PGP MESSAGE-----
....
-----END PGP MESSAGE-----

--=-=w4Rm8tvUXpODtB=-=--

Any Ideas where the MIME message is built / modified in your setup?
We could add some hacks to parse such a broken message but It would be better if we could really fix it so that we are able to send standard confirming PGP/MIME mails.
I would be happy to help analyzing and debugging this from our side, but I don’t have a Kopano setup.

Thanks,
Andre

umgfoin

Hi @aheinecke ,
I can confirm the above problems.
Here the received signed and encrypted mail (textonly) is displays differently in Outlook 16 and Webapp (the Kopano-client), but both carry an additional attachment unknown_content_type.bin (285 bytes) .
The message was sent from Outlook 16 via Kopano-OL-extension/z-push/

Outlook representation - note the unencrypted mail-body-fragment:

Webapp version (end-tag was correctly written):

Best regards,
umgfoin.

aheinecke

Thank you very much for the confirmation. This is exactly the problem my reporter had and which I describe above.

Sebastian

To shed some light on this: several conversions happen. This is related to how Outlook over ActiveSync and Kopano (MAPI) work.

When you send an email via OL+KOE a mime message (RFC2822) is generated by Outlook and sent to the server (z-push) via ActiveSync.
We cannot directly send this email, because it has to pass the MAPI layer of Kopano, so this mime message is converted into a mapi message (via libvmime/im2mapi), placed in the users Outbox as MAPI message, picked up by the kopano-spooler, converted back into a mime message (again via libvmime) and then sent via SMTP.

@umgfoin could you post the mime message received by Z-Push (printed in wbxml log) when sending the mail from Outlook?
I guess that this one is still correct, but in the following two conversions break it.

umgfoin

@sebastian said:

@umgfoin could you post the mime message received by Z-Push (printed in wbxml log) …?

Yes, of course - I’ll post the log-info asap, but I’m off till Friday.
++umgfoin.

umgfoin

Hi @sebastian,
sent you a pm with link to wbxml log.
++umgfoin.

aheinecke

What are the next steps here?
Should we move to a ticket? I’m not sure into which category this falls.

As you support S/MIME somehow I think it might not be such a huge step to support OpenPGP in a similar way. GpgOL’s whole MIME support is based on “faking to be S/MIME” ;-)

Btw. would it help If I would ask my reporter to report this issue somehow as a customer?

fbartels

@aheinecke said in PGP Encrypted mail with Gpg4win and Kopano from Outlook:

Btw. would it help If I would ask my reporter to report this issue somehow as a customer?

If you want something to get a higher priority this always helps.

GeeGee

I hope this will be solved soon.

fbartels

Hi @aheinecke ,

I just remembered this thread, did your customer get in contact with our support?

umgfoin

Hello all / @aheinecke,

recent changes seem to have solved above problems for encryption - gpg-signatures still are broken:

Gpg4win + Outlook + Kopano OL + Z-Push + Kopano-core + Kopano-webapp produces valid output for GpgOL generated mails.

Tested 2018-06-19 15:17 CEST with :

core kc-git-master 8.6.80.1128
webapp git-master 3.4.15final.221-ga3347f1
z-push 2.4.3.beta1+6
GpgOL 2.06
KOE 3.0.305
Outlook 16.0.4639

WebApp received representation of a mail composed in Outlook with GpgOL as below:
++umgfoin

-----BEGIN PGP MESSAGE-----

hQGMA4zJmb2qRccfAQwAn3e8WDWa0so17nGbEIchol82iGI3AfDNBKbUyuy/rHPd
K2i0OHpwDVR0d8u/Yp4OFBIx9MH4OCOyPvEpsmh2maMJlZtFi4hxsYWR4J97Uu0d
8FKCJpPgTW7TCweu2MJAGNVqd6LzJ4zucixpua3r1Cj1fmQXyTg6w7ydSSL0nFLt
QrFTQ+GxvYvnwPBPmbVGUBaVxkiRJQt6nVbmxoMd0nLPZGIOCoTpkREm1jZmpSoO
5IhKuk22de1puYehNBWMh5MpzxD20pO+qsdksXbv5D4BRFWwGpRbgbNIxUyJqnJi
4h6vQJoa8ajQmvSozA884bBmSSNRvwb7ErYKebX0O5D7lX7uU9fOV3azeSpFc6lf
sYirAONRpVENialTh+ysDK/DjkHZGBYTotYDKDZP0ozxq1K68JRbfc9p/A0Rgv5V
LGjiL3CS9GWVBby80mqjh0u2Wi6IqDb9dPpUhN+G005vri0IqEvcygIN8A7vJRQB
BtaNwHgP0TdZsoemZ+4chQQMA6uKCGdx0EY7ASAAjiOrdU2Se6cqe1BU+hhAr1SR
hhN/s97Pm1eQZgPSgQozD5bNWSh/QutYT9oex26aTaUZKNZDTpo0HInbWlPQrx+r
ZfPAPxMRvSiQG5yC50LjGs+DIGiNjbsFjY2plhH2/p//FbpFIdrJAsLvpflIL0Ad
FlmXLfBe9HAJGvvAjElhEI8OMTxb6lCGr9Tnn3V9nXB2f2EICiWPJo20EOAUmMAq
cxENwZ54+UfzEdjuALUmKDDp9deU2TYb11b6KNkL/TWdKAB57Ne9AmREJpOGxHtL
3K6dYIqoJWWmu3lihYoiDl7ZeGbC2nHVSqL8cHy3cI/AA0/dAYh1A9RdIg6lirPV
h5K3Us0YC57aZSztMcXY4LzbaIVAHKOGPslHgERc6dAyIoc2+MdBpm6zrfYfNcFP
5TvHamxifEP5GJFfnJ83Ay7Og5F4QsXTXx1PMfLk5kUKyrvw6cEYr4LJxZc4WyP6
+Rh2jjNB4teGkn8r73xAzNOcbkq5LsT2EABC3wZcwlU72gBCRNU462PCbSlzKdb3
erKmThzb0k4bJdTJ0CbOD/eUDvkBAE+RnCOp7zcJEsZgIG4qReKxxFl2h1xiGLUK
TlI8Y7/FXHFX0JohgNvi/J22T3HA2DkWfYYmx6XuBuPrRbF5SamjsVK/3ylzwusy
R4FjqMD2UnHzQnlP7p7Bwq3JFt0XiOqRPFHwWmEtApUqXW5pVDw13PmRtnMcfJWj
ShnR5yFr21I2I3Kivi60hX3TVMJbllmhowFYwW8oJdFk5BzSgE4AQgJlcZjLLi4O
Oau/rhzljyUN9MGpc10WqAYNEc3BwYeq3UGMIOukuZLyI64uMm9Da8hgnr2CCpM1
ECXphMN0pSLvUjhGtm7pwcvJWo0i4WmdsZlV+W3DCEid6XLA3BeX9ATpsXtTUwg6
ExpN/yH/pKcXid87QIMsbcvZIUuwptB0nvBD2TV/8MdB7Si4RX7kPpA7Wo5cdjWu
Tl8+B0F1m/hjUSZ4zV8Xsn/yqJkV1Z9Kg6PpS4R8MSWqnhyMFQbtCVmWoyynq8f2
Ubc+pfk/ngLiskE/0LGemnb+omMVN75EyTApKW29GkPtUSnIgIy+/QnIZMhVHkKN
aW1o4U6Hh/ViIFnmlSf4w6VnJvA4a470XB7OtJnORMiyTYje9QrX2Hr1BSKy/OO9
POenOtwmx67ncotKztZZlwrc6onlIZ0oFJsixSqTyDrfvHfRgZbHREzFdc7vJquI
DznPX2fhNFfTCB2U6BmDy106jAmSs6qOEhtQcQtmfp20bkH7tUS5+xyxl5WtlWpO
fQG4U87Fqb19aL9nJpslXjnJn8GdJ2FiiNeg81yapv5JTd7tPijLn3jOc4sIL9Lq
AQPf/gL3R76bpkFD9S611EtX2L5o6SFIkmTlnmQqHkWnkcl/XnMh0910PSHn/8Qo
KYN2zhwUeZwecDxPj8kpRG+WC04tezST5Nc20ElQ4cKn5leTbPrqUgigBvWGePRC
JWIQPbJLDgBHYQoWZhySHY2JfWs+TBKtv7KWi6BmIPoEdP0wTyKfi7deXDnRhAB4
MJ/Jh5N/XzSOOEVuVx/dFHsjtz5JRjEQSnzSND6jdlwz6QPUyKmSsrV26TpaG0PX
dgmhlnEULwc2XgDgevrPfQVcQHnkkXQUBDOuRGt7LbyvFINILCCa5ifaWT3vfcOJ
oAybKDpAcXE2KjioLq37QxQ9K4+0jpLBfKQWvGhNtUGLlsGruvYlWiJfBnDGU5JI
6g0jNyQmy6OJ+AvPeahwE5D1x2413+XLEFnkvkuh4KjSKCPkjVWwSDaz4UCkiS2h
dK7u5SMbYcp/JQuxsqjT+e4GvSaPBbto6DZ9Ul1uXZmlX06FOK2pLTml6fy79Yzx
ea6/aoekg90kVHMlOVBhsZkx0x4IwXAvT+YW5J851lOjzx6ZF7sOPCPJrGTPdqhc
OyJG9ZHydTWHJbRo43mX6DPU8U89Fo8BW4PhVN8JEPU373Ak7LdFW4Gjc4GOT19K
EWaOvhsd0BHNQsT0KiUo8fViydsU4yPEMS96f/75A5CVlBLz10/yRMTNd4MYrtq8
OKBEr23JYlhRXPl5O8NK5GKE1ZXteDiL6uSBMSEwZnCtb/w1rPDuRDJsw1n/XmKA
Gk2eJLpS7MaR2bPnqfkkTIItfhXVtyFciAy7ePNUdgRKHQayMqq4HptBM/+N5Q8R
RBKEayIt66Ei6vP+JsnQ6auGiZS8+66ziWPOJszdynnnRm4/tAZKT08YFiEQnKS4
wtdCZEe/IK6n4AlHLy9PPhSToGjfUA/Ugv+A1pve9t9B8APxwfyN63Nz8CxhL+XF
U06ohHPch7SNrE7js5ibLTOoe9SkZni/cf98nHVRfZTnsEAgzLm/DQbb/X9zRGCg
/+jyxrxH6mOFnHLl3jLw6TEjvuXjFf5rfp88YA/00nMREzHxOf7MkU+12Hh3Y6YV
JldCaYXO7euqq8wrRCcewh9a9bnCI8FGVfI6wkHJ/XZ/R2SAPdVWt3AlPjsc1wjT
Oht3xY/kVatsHw1X7Kef2eY0p3EFo4PlzS55gJ7MwQXvqVK7ITgrhE/Pf5Hd58+9
7nalGKiIaNImGHS2QqvVSebYUDYdgmBkHGSyLZeta0i3uN1/wCeFf0nY99/MtPWm
hMwfyvapRvXy7Owo+dKMG12XI5Tk3+GSzrXONLZKqKOWfTYGNDtOUs7LbJ8XU51P
lCmceK4ApbFkepatJGNvmulAOddDTC4mcU2d9wIpq4I68XzBNnsDWWdbJY9F6+Ml
gZMLjY+FQ0QI3/hGqU3hoePX5TxWmDjCzGU/3uE/wecVqfq7JKY1KmYoRsoQrIl7
8R07rYfd3NwRPmfnmB93ykKPG7/xFm+nMUz/lO1e/NrLEsb7vbRYXPYB5+Y7gKcZ
wHr14TCsjnlueLGYT6RH3rxa0Q4ZaXJMgmvyAgg+55i+FAS63xkN0c1JO4k+4bSh
OdhEABlFJXId4n16epPmmVDR34UCk6zEFkC8u9RT6mketIiFk2O1BwsKbFFfqduc
T5vVIVXQaKnYrxZf1zJq821tPel5IK43lazngBTCXLznvJS6VRnzDUF4DRCemhqF
J0V2L5JqwQaBxwWE+BOud+TGVSSeNGXuebOZwarkxbduEuVpzqWn/SWKPk+8o+Hf
2ImEFGRjjSSYzFgdUXJYeOlaCgE8vV492hLNDCODFB4fdoCDQJgtFvtqG0YJ4Ahi
o9Ou50elhWcXbbwncFXaOA0e2utcaBXsBclkivwYAbbMYQkM0EK0p8fELcQ2CYwI
kXvDpEy5Ami1yVPpVjj4s073JNFsHZIyiRK8SHKx5swUnGZeNgl1HcDaxTQCMbnv
1FQJkLZmVuMfAZFcUILfo9upqGUGM6XMjmHTUdfpLFtElxlY0LfEZyUEfYTAic0r
+cDLQvjA540UgRmEZuZJ4pOvPOMzqiW8oMR7bj1cgYupzhVMWm7EAokDj08pYl6q
fSsZ80QtD6W3ezsfUUTMLJB9ogge32g9O/cgKezxvG1F3b0/ThmOvKbJQJoK6oTv
0j3UALO5yabSr2bT+/UPMVZpiWOpFLnpMonp6aGUkar++qU+dAT8WmF37p8ZLc+x
8xgvcLZckVBEH9/v0aF6Q29Qt5UAc4gb4XECMAax+3zS3VLlXvqrfb5W2OOt1Yd3
1Nws15GELOiPIWw8U7ST0Qqs7XCwINN9shRT1tZfq39okf8TqZcLakgXYY+xw1wg
IAg494c3eYzdajRyFD10zxJ67OoCn9Tq//hxpTenId5G78Jl49IGOo+t8Lvw3bDA
JAOZLzxpwBv6EFcTzmM0/GsgujousUYBt+5xia6EwnPNxYl1yIKmxtcyS9CAGzao
MCgGyBkXG87t5fo3FcubiGYENMeu2sso2dz10SqAmw86Te6oR0hK7x9CS/ahnY4Q
kD2wzfED8TJ+MFwUNb4=
=P78E
-----END PGP MESSAGE-----

umgfoin

Malheureusement, the above said is valid for gpg-encryption, only.
If the mail ist gpg-signed, too or only, the mail arrives with an attachment unknown_content_type.bin containing either the pgp-signature, or the string Version: 1. Additionally, the decrypted body contains MIME-tags.

fbartels

@umgfoin said in PGP Encrypted mail with Gpg4win and Kopano from Outlook:

Malheureusement, the above said is valid for gpg-encryption, only.
If the mail ist gpg-signed, too or only, the mail arrives with an attachment unknown_content_type.bin …

Yes, that is what I also was able to observe.

umgfoin

…and now the good better news:

gpg-encryption & signature works as expected for PGP/Inline-messages with GpgOL v2.2.0, which is part of recent Gpg4win 3.1.2 .

It still fails with wrongly constructed/ parsed MIME-multipart elements (unknown_content_type.bin), unencrypted attachments etc. as soon as Content-Type: multipart/mixed MIME-structures are involved.

++umgfoin.

rolf

This post is deleted!

rolf

Hi,

how is the actual state of this point? Is it solved?

I’m wondering if this problem maybe could be a problem of gpb4win and not kopano: there is a alternative gpg plugin existing for outlook 2016 (and other versions) called gpg4o that works perfectly with outlook and kopano.

If you need further data, please let me know…

Kind regards

Rolf

fbartels

@rolf as you can see in the reply from @umgfoin it seems to work now (that is what I also experienced when I tried it the last time)

rolf

@fbartels thats unfortunately just 50%.

• It still doesnt work when sending crypted (and optionally signed) messages with attachments.
• with attachments it just works when receive
• the way to use pgp/inline is just a workaround and NOT a solution.

sorry, but the bug is still existing and prevents the usage of a lot of pgp usecases.

is there the possibility that this may be solved this year? That’ll be great :-)

Kind regards

Rolf

fbartels

@rolf said in PGP Encrypted mail with Gpg4win and Kopano from Outlook:

thats unfortunately just 50%.

Ah, I wasn’t aware since I just briefly tried it out myself.

@rolf said in PGP Encrypted mail with Gpg4win and Kopano from Outlook:

is there the possibility that this may be solved this year? That’ll be great :-)

PGP currently isn’t a priority for us at Kopano. If an external developer want to dive into this then patches are welcome.

robgnu

Hello,
I just want to ask if there are any news on this topic. I have a client who licensed a new Kopano subscription (30 Users). My client has the same problems as described above. The use of GPG/PGP encryption is a must have in this case.

I hope we can find a solution on this topic?