PGP Encrypted mail with Gpg4win and Kopano from Outlook
-
Hi,
I’m the developer of GpgOL, Gpg4win’s Outlook extension. We provide a plugin to send PGP encrypted mails from Outlook.
It’s been reported to us that our Plugin does not create valid PGP/MIME mails when used with a Kopano Server. The report can be found in our ticket system: https://dev.gnupg.org/T3824
It would be interesting to hear if someone else using Outlook and Kopano could confirm that our Plugin does not create valid mails in such a setup. It’s free Software. download
Maybe our assumption that Kopano is to blame is wrong and there is something else broken in the setup of our reporter : -)
Just generate a Key and send yourself a “secured” mail with some text. If it looks weird and has stuff like “Content-type” in it you have confirmed the problem. It should look exactly as you have composed it.
Technical Details:
Our Plugin relies on the MS-OXOSMIME MAPI to MIME conversion algorithm in Outlook/Exchange.
In short: If you create a Message with a special Message Class (for us: IPM.Note.InfoPathForm.GpgOL.SMIME.MultipartSigned ) Outlook treats the first (and only) attachment as the MIME structure of the mail.So we build a valid multipart/signed or multipart/encrypted mime message and attach it, remove the body, set the message class and send it.
With SMTP Servers Outlook does the conversion but if it’s connected through Exchange the server does the conversion.
This somehow does not work with Kopano (at least we currently think so).What happens is that our Attachment is split up and put into a Multipart/Mixed message. The “inline.txt” attachment contains the PGP/MIME version marker. The text/plain attachment contains the PGP content.
It looks like this:
Content-Type: multipart/mixed; boundary="=_oTgDbYJZJIkHstD84AzOsmjp4jFEt+cRHoHCd4sbXNjT-YqH" X-Mailer: Kopano 8.3.4-12 X-Original-Mailer: Microsoft Outlook 16.0 This is a multi-part message in MIME format. Your mail reader does not understand MIME message format. --=_oTgDbYJZJIkHstD84AzOsmjp4jFEt+cRHoHCd4sbXNjT-YqH Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable =2D----BEGIN PGP MESSAGE----- ...... =2D----END PGP MESSAGE----- --=_oTgDbYJZJIkHstD84AzOsmjp4jFEt+cRHoHCd4sbXNjT-YqH Content-Type: application/pgp-encrypted; name=inline.txt Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=inline.txt VmVyc2lvbjogMQ0K --=_oTgDbYJZJIkHstD84AzOsmjp4jFEt+cRHoHCd4sbXNjT-YqH--
While a valid PGP/MIME Message would be:
Content-Type: multipart/encrypted; protocol="application/pgp-encrypted"; boundary="=-=w4Rm8tvUXpODtB=-=" This is a multipart message in MIME format. --=-=w4Rm8tvUXpODtB=-= Content-Transfer-Encoding: 7bit Content-Type: application/pgp-encrypted Version: 1 --=-=w4Rm8tvUXpODtB=-= Content-Transfer-Encoding: 7bit Content-Type: application/octet-stream -----BEGIN PGP MESSAGE----- .... -----END PGP MESSAGE----- --=-=w4Rm8tvUXpODtB=-=--
Any Ideas where the MIME message is built / modified in your setup?
We could add some hacks to parse such a broken message but It would be better if we could really fix it so that we are able to send standard confirming PGP/MIME mails.
I would be happy to help analyzing and debugging this from our side, but I don’t have a Kopano setup.Thanks,
Andre -
Hi @aheinecke ,
I can confirm the above problems.
Here the received signed and encrypted mail (textonly) is displays differently in Outlook 16 and Webapp (the Kopano-client), but both carry an additional attachmentunknown_content_type.bin (285 bytes)
.
The message was sent from Outlook 16 via Kopano-OL-extension/z-push/Outlook representation - note the unencrypted mail-body-fragment:
Webapp version (end-tag was correctly written):
Best regards,
umgfoin. -
Thank you very much for the confirmation. This is exactly the problem my reporter had and which I describe above.
-
To shed some light on this: several conversions happen. This is related to how Outlook over ActiveSync and Kopano (MAPI) work.
When you send an email via OL+KOE a mime message (RFC2822) is generated by Outlook and sent to the server (z-push) via ActiveSync.
We cannot directly send this email, because it has to pass the MAPI layer of Kopano, so this mime message is converted into a mapi message (via libvmime/im2mapi), placed in the users Outbox as MAPI message, picked up by the kopano-spooler, converted back into a mime message (again via libvmime) and then sent via SMTP.@umgfoin could you post the mime message received by Z-Push (printed in wbxml log) when sending the mail from Outlook?
I guess that this one is still correct, but in the following two conversions break it. -
@sebastian said:
@umgfoin could you post the mime message received by Z-Push (printed in wbxml log) …?
Yes, of course - I’ll post the log-info asap, but I’m off till Friday.
++umgfoin. -
Hi @sebastian,
sent you a pm with link to wbxml log.
++umgfoin. -
What are the next steps here?
Should we move to a ticket? I’m not sure into which category this falls.As you support S/MIME somehow I think it might not be such a huge step to support OpenPGP in a similar way. GpgOL’s whole MIME support is based on “faking to be S/MIME” ;-)
Btw. would it help If I would ask my reporter to report this issue somehow as a customer?
-
@aheinecke said in PGP Encrypted mail with Gpg4win and Kopano from Outlook:
Btw. would it help If I would ask my reporter to report this issue somehow as a customer?
If you want something to get a higher priority this always helps.
-
I hope this will be solved soon.
-
Hi @aheinecke ,
I just remembered this thread, did your customer get in contact with our support?
-
Hello all / @aheinecke,
recent changes seem to have solved above problems for encryption - gpg-signatures still are broken:
Gpg4win + Outlook + Kopano OL + Z-Push + Kopano-core + Kopano-webapp produces valid output for GpgOL generated mails.
Tested 2018-06-19 15:17 CEST with :
core kc-git-master 8.6.80.1128
webapp git-master 3.4.15final.221-ga3347f1
z-push 2.4.3.beta1+6
GpgOL 2.06
KOE 3.0.305
Outlook 16.0.4639WebApp received representation of a mail composed in Outlook with GpgOL as below:
++umgfoin-----BEGIN PGP MESSAGE----- hQGMA4zJmb2qRccfAQwAn3e8WDWa0so17nGbEIchol82iGI3AfDNBKbUyuy/rHPd K2i0OHpwDVR0d8u/Yp4OFBIx9MH4OCOyPvEpsmh2maMJlZtFi4hxsYWR4J97Uu0d 8FKCJpPgTW7TCweu2MJAGNVqd6LzJ4zucixpua3r1Cj1fmQXyTg6w7ydSSL0nFLt QrFTQ+GxvYvnwPBPmbVGUBaVxkiRJQt6nVbmxoMd0nLPZGIOCoTpkREm1jZmpSoO 5IhKuk22de1puYehNBWMh5MpzxD20pO+qsdksXbv5D4BRFWwGpRbgbNIxUyJqnJi 4h6vQJoa8ajQmvSozA884bBmSSNRvwb7ErYKebX0O5D7lX7uU9fOV3azeSpFc6lf sYirAONRpVENialTh+ysDK/DjkHZGBYTotYDKDZP0ozxq1K68JRbfc9p/A0Rgv5V LGjiL3CS9GWVBby80mqjh0u2Wi6IqDb9dPpUhN+G005vri0IqEvcygIN8A7vJRQB BtaNwHgP0TdZsoemZ+4chQQMA6uKCGdx0EY7ASAAjiOrdU2Se6cqe1BU+hhAr1SR hhN/s97Pm1eQZgPSgQozD5bNWSh/QutYT9oex26aTaUZKNZDTpo0HInbWlPQrx+r ZfPAPxMRvSiQG5yC50LjGs+DIGiNjbsFjY2plhH2/p//FbpFIdrJAsLvpflIL0Ad FlmXLfBe9HAJGvvAjElhEI8OMTxb6lCGr9Tnn3V9nXB2f2EICiWPJo20EOAUmMAq cxENwZ54+UfzEdjuALUmKDDp9deU2TYb11b6KNkL/TWdKAB57Ne9AmREJpOGxHtL 3K6dYIqoJWWmu3lihYoiDl7ZeGbC2nHVSqL8cHy3cI/AA0/dAYh1A9RdIg6lirPV h5K3Us0YC57aZSztMcXY4LzbaIVAHKOGPslHgERc6dAyIoc2+MdBpm6zrfYfNcFP 5TvHamxifEP5GJFfnJ83Ay7Og5F4QsXTXx1PMfLk5kUKyrvw6cEYr4LJxZc4WyP6 +Rh2jjNB4teGkn8r73xAzNOcbkq5LsT2EABC3wZcwlU72gBCRNU462PCbSlzKdb3 erKmThzb0k4bJdTJ0CbOD/eUDvkBAE+RnCOp7zcJEsZgIG4qReKxxFl2h1xiGLUK TlI8Y7/FXHFX0JohgNvi/J22T3HA2DkWfYYmx6XuBuPrRbF5SamjsVK/3ylzwusy R4FjqMD2UnHzQnlP7p7Bwq3JFt0XiOqRPFHwWmEtApUqXW5pVDw13PmRtnMcfJWj ShnR5yFr21I2I3Kivi60hX3TVMJbllmhowFYwW8oJdFk5BzSgE4AQgJlcZjLLi4O Oau/rhzljyUN9MGpc10WqAYNEc3BwYeq3UGMIOukuZLyI64uMm9Da8hgnr2CCpM1 ECXphMN0pSLvUjhGtm7pwcvJWo0i4WmdsZlV+W3DCEid6XLA3BeX9ATpsXtTUwg6 ExpN/yH/pKcXid87QIMsbcvZIUuwptB0nvBD2TV/8MdB7Si4RX7kPpA7Wo5cdjWu Tl8+B0F1m/hjUSZ4zV8Xsn/yqJkV1Z9Kg6PpS4R8MSWqnhyMFQbtCVmWoyynq8f2 Ubc+pfk/ngLiskE/0LGemnb+omMVN75EyTApKW29GkPtUSnIgIy+/QnIZMhVHkKN aW1o4U6Hh/ViIFnmlSf4w6VnJvA4a470XB7OtJnORMiyTYje9QrX2Hr1BSKy/OO9 POenOtwmx67ncotKztZZlwrc6onlIZ0oFJsixSqTyDrfvHfRgZbHREzFdc7vJquI DznPX2fhNFfTCB2U6BmDy106jAmSs6qOEhtQcQtmfp20bkH7tUS5+xyxl5WtlWpO fQG4U87Fqb19aL9nJpslXjnJn8GdJ2FiiNeg81yapv5JTd7tPijLn3jOc4sIL9Lq AQPf/gL3R76bpkFD9S611EtX2L5o6SFIkmTlnmQqHkWnkcl/XnMh0910PSHn/8Qo KYN2zhwUeZwecDxPj8kpRG+WC04tezST5Nc20ElQ4cKn5leTbPrqUgigBvWGePRC JWIQPbJLDgBHYQoWZhySHY2JfWs+TBKtv7KWi6BmIPoEdP0wTyKfi7deXDnRhAB4 MJ/Jh5N/XzSOOEVuVx/dFHsjtz5JRjEQSnzSND6jdlwz6QPUyKmSsrV26TpaG0PX dgmhlnEULwc2XgDgevrPfQVcQHnkkXQUBDOuRGt7LbyvFINILCCa5ifaWT3vfcOJ oAybKDpAcXE2KjioLq37QxQ9K4+0jpLBfKQWvGhNtUGLlsGruvYlWiJfBnDGU5JI 6g0jNyQmy6OJ+AvPeahwE5D1x2413+XLEFnkvkuh4KjSKCPkjVWwSDaz4UCkiS2h dK7u5SMbYcp/JQuxsqjT+e4GvSaPBbto6DZ9Ul1uXZmlX06FOK2pLTml6fy79Yzx ea6/aoekg90kVHMlOVBhsZkx0x4IwXAvT+YW5J851lOjzx6ZF7sOPCPJrGTPdqhc OyJG9ZHydTWHJbRo43mX6DPU8U89Fo8BW4PhVN8JEPU373Ak7LdFW4Gjc4GOT19K EWaOvhsd0BHNQsT0KiUo8fViydsU4yPEMS96f/75A5CVlBLz10/yRMTNd4MYrtq8 OKBEr23JYlhRXPl5O8NK5GKE1ZXteDiL6uSBMSEwZnCtb/w1rPDuRDJsw1n/XmKA Gk2eJLpS7MaR2bPnqfkkTIItfhXVtyFciAy7ePNUdgRKHQayMqq4HptBM/+N5Q8R RBKEayIt66Ei6vP+JsnQ6auGiZS8+66ziWPOJszdynnnRm4/tAZKT08YFiEQnKS4 wtdCZEe/IK6n4AlHLy9PPhSToGjfUA/Ugv+A1pve9t9B8APxwfyN63Nz8CxhL+XF U06ohHPch7SNrE7js5ibLTOoe9SkZni/cf98nHVRfZTnsEAgzLm/DQbb/X9zRGCg /+jyxrxH6mOFnHLl3jLw6TEjvuXjFf5rfp88YA/00nMREzHxOf7MkU+12Hh3Y6YV JldCaYXO7euqq8wrRCcewh9a9bnCI8FGVfI6wkHJ/XZ/R2SAPdVWt3AlPjsc1wjT Oht3xY/kVatsHw1X7Kef2eY0p3EFo4PlzS55gJ7MwQXvqVK7ITgrhE/Pf5Hd58+9 7nalGKiIaNImGHS2QqvVSebYUDYdgmBkHGSyLZeta0i3uN1/wCeFf0nY99/MtPWm hMwfyvapRvXy7Owo+dKMG12XI5Tk3+GSzrXONLZKqKOWfTYGNDtOUs7LbJ8XU51P lCmceK4ApbFkepatJGNvmulAOddDTC4mcU2d9wIpq4I68XzBNnsDWWdbJY9F6+Ml gZMLjY+FQ0QI3/hGqU3hoePX5TxWmDjCzGU/3uE/wecVqfq7JKY1KmYoRsoQrIl7 8R07rYfd3NwRPmfnmB93ykKPG7/xFm+nMUz/lO1e/NrLEsb7vbRYXPYB5+Y7gKcZ wHr14TCsjnlueLGYT6RH3rxa0Q4ZaXJMgmvyAgg+55i+FAS63xkN0c1JO4k+4bSh OdhEABlFJXId4n16epPmmVDR34UCk6zEFkC8u9RT6mketIiFk2O1BwsKbFFfqduc T5vVIVXQaKnYrxZf1zJq821tPel5IK43lazngBTCXLznvJS6VRnzDUF4DRCemhqF J0V2L5JqwQaBxwWE+BOud+TGVSSeNGXuebOZwarkxbduEuVpzqWn/SWKPk+8o+Hf 2ImEFGRjjSSYzFgdUXJYeOlaCgE8vV492hLNDCODFB4fdoCDQJgtFvtqG0YJ4Ahi o9Ou50elhWcXbbwncFXaOA0e2utcaBXsBclkivwYAbbMYQkM0EK0p8fELcQ2CYwI kXvDpEy5Ami1yVPpVjj4s073JNFsHZIyiRK8SHKx5swUnGZeNgl1HcDaxTQCMbnv 1FQJkLZmVuMfAZFcUILfo9upqGUGM6XMjmHTUdfpLFtElxlY0LfEZyUEfYTAic0r +cDLQvjA540UgRmEZuZJ4pOvPOMzqiW8oMR7bj1cgYupzhVMWm7EAokDj08pYl6q fSsZ80QtD6W3ezsfUUTMLJB9ogge32g9O/cgKezxvG1F3b0/ThmOvKbJQJoK6oTv 0j3UALO5yabSr2bT+/UPMVZpiWOpFLnpMonp6aGUkar++qU+dAT8WmF37p8ZLc+x 8xgvcLZckVBEH9/v0aF6Q29Qt5UAc4gb4XECMAax+3zS3VLlXvqrfb5W2OOt1Yd3 1Nws15GELOiPIWw8U7ST0Qqs7XCwINN9shRT1tZfq39okf8TqZcLakgXYY+xw1wg IAg494c3eYzdajRyFD10zxJ67OoCn9Tq//hxpTenId5G78Jl49IGOo+t8Lvw3bDA JAOZLzxpwBv6EFcTzmM0/GsgujousUYBt+5xia6EwnPNxYl1yIKmxtcyS9CAGzao MCgGyBkXG87t5fo3FcubiGYENMeu2sso2dz10SqAmw86Te6oR0hK7x9CS/ahnY4Q kD2wzfED8TJ+MFwUNb4= =P78E -----END PGP MESSAGE-----
-
Malheureusement, the above said is valid for gpg-encryption, only.
If the mail ist gpg-signed, too or only, the mail arrives with an attachmentunknown_content_type.bin
containing either the pgp-signature, or the stringVersion: 1
. Additionally, the decrypted body contains MIME-tags. -
@umgfoin said in PGP Encrypted mail with Gpg4win and Kopano from Outlook:
Malheureusement, the above said is valid for gpg-encryption, only.
If the mail ist gpg-signed, too or only, the mail arrives with an attachment unknown_content_type.bin …Yes, that is what I also was able to observe.
-
…and now the
goodbetter news:gpg-encryption & signature works
as expectedfor PGP/Inline-messages with GpgOL v2.2.0, which is part of recent Gpg4win 3.1.2 .It still fails with wrongly constructed/ parsed MIME-multipart elements (unknown_content_type.bin), unencrypted attachments etc. as soon as
Content-Type: multipart/mixed
MIME-structures are involved.++umgfoin.
-
This post is deleted! -
Hi,
how is the actual state of this point? Is it solved?
I’m wondering if this problem maybe could be a problem of gpb4win and not kopano: there is a alternative gpg plugin existing for outlook 2016 (and other versions) called gpg4o that works perfectly with outlook and kopano.
If you need further data, please let me know…
Kind regards
Rolf
-
-
@fbartels thats unfortunately just 50%.
- It still doesnt work when sending crypted (and optionally signed) messages with attachments.
- with attachments it just works when receive
- the way to use pgp/inline is just a workaround and NOT a solution.
sorry, but the bug is still existing and prevents the usage of a lot of pgp usecases.
is there the possibility that this may be solved this year? That’ll be great :-)
Kind regards
Rolf
-
@rolf said in PGP Encrypted mail with Gpg4win and Kopano from Outlook:
thats unfortunately just 50%.
Ah, I wasn’t aware since I just briefly tried it out myself.
@rolf said in PGP Encrypted mail with Gpg4win and Kopano from Outlook:
is there the possibility that this may be solved this year? That’ll be great :-)
PGP currently isn’t a priority for us at Kopano. If an external developer want to dive into this then patches are welcome.
-
Hello,
I just want to ask if there are any news on this topic. I have a client who licensed a new Kopano subscription (30 Users). My client has the same problems as described above. The use of GPG/PGP encryption is a must have in this case.I hope we can find a solution on this topic?