The output from gpgsm -K in the last quote is perfectly okay. -K works by iterating over all public keys and checking for each public key whether the private key part is also available. If the private key is not available gpg-agent returns an error.

The log file shows that gpgex (or explorer) crashes.

There are more Logfiles:

In T3450#104273, @tstreibl wrote:

I have both types of certificates stored in kleopatra; S/MIME from StartCOM and OpenPGP created by Kleopatra.

In the system settings outlook is not configured to sign with S/MIME. I don't know where to configure GPGOL to make the right choice between the two signatures. I would expect GPGOL to pop up a message box when sending the email if certificate situation is unclear - at least not to crash.

Please keep in mind that I have this ribbon buck (see T3441), too.

Please find attached log files from keopatra and gpgol.

logfiles.zip3 KBDownload

So far we could recreate the following issues:

1. Mails encrypted with S/MIME are stored with "No Data" in the sent EMail folder, but arrive properly at the recipients (you will recieve a readable copy, if you add yourself to the list of recipients). This Issue breaks the GpgOL Plugin after some time which is leading to the described Problem.

2. Files that are Signed and Encrypted to a S/MIME Certificate is broken. When you select a file and encrypt and sign it to a recipient, only a detached signature will be created and the Encrpyted file is missing. (Very similar to Issue 1, but file based).

3. Detached S/MIME Signatures can not be handled via Kleopatra/GpgEx. When having a detached signature, Kleopatra tries to decrypt it and overwrites the original file with a 0-Byte file. No verfication of the signature is done.

Since it is very likely that the Issues with Encrypting and Signing Files correlates with the EMail (and the followed breaking of GpgOL) issue, we try to get Kleopatra fixed first and then investigate if the rest of the issues, which are similar are then fixed as well.

2. Files that are Signed and Encrypted to a S/MIME Certificate is broken. When you select a file and encrypt and sign it to a recipient, only a detached signature will be created and the Encrpyted file is missing. (Very similar to Issue 1, but file based).

https://phabricator.kde.org/D8368

3. Detached S/MIME Signatures can not be handled via Kleopatra/GpgEx. When having a detached signature, Kleopatra tries to decrypt it and overwrites the original file with a 0-Byte file. No verfication of the signature is done.

https://phabricator.kde.org/D8376

But the changes do not fix the Issue, that S/MIME encrypted mails are correctly stored in the Mail sent folder.

1. Mails encrypted with S/MIME are stored with "No Data" in the sent EMail folder, but arrive properly at the recipients (you will recieve a readable copy, if you add yourself to the list of recipients). This Issue breaks the GpgOL Plugin after some time which is leading to the described Problem.

I installed gpg4win 2.3.4 and tried if this error persisted already in older Versions of Gpg4win. I couldn't reproduce it with an older Version, because S/MIME Encryption was done via NO-MIME (aka PGP/INLINE). But I was able to decrypt messages that were S/MIME encrypted with gpg4win 3.0.0 successfully that were put in the IMAP "Sent" Folder. The conclusion is, that messages in the sent folder have the correct content but aren't decrypted correctly.

Since this is a bug that is related to two different parts of the gpg4win package, this bug now only cares about the GpgOL Issue, that GpgOL crashes and cant decrypt messages from the sent folder that are encrypted with S/MIME. All File Based Issues are belonging to Kleopatra are documentet in the KDE Phabricator (https://phabricator.kde.org/T7310).

I tried to melt it down to a specific beta release with which it isn't possible anymore to decrypt send emails.

The latest beta that worked was gpg4win3.0.0-beta187 (with gpgol1.4.0) from 07.06.16 (12:33).

The next beta with which it didn't work anymore was gpg4win3.0.0-beta194(with gpgol2.0.0-beta172) from 15.11.16 (16:42).

So the introduction of this behavior boils down to that time window.

gpg4win3.0.0-beta187 contains gpgol-1.4.0, so the last official stable release before version 2.0.0. It should be identical to 1.4.0 tip from git.

gpg4win3.0.0-beta194 contains gpgol-beta172 which was created on 2016-11-15 15:19 (The earliest published beta is just a day younger, so not that big difference). That Version of gpgol is based on this commit. Since there was no release between 1.4 and 2.0 it has to be somewhere between the 172 commits between the 1.4.0 tip and that shipped version. That Version was the first version that was published with a gpgol 2.0.0 beta. In that change there are 164 files changed, 11596 insertions(+) and 4534 deletions(-). It may take some time to get through this.

Yesterday I could reproduce that emails in the "send" folder cannot be decrypted anymore.

Used S/MIME and encryption only. The sender could decrypt.
Gpg4win 3.0.0 DE on Window 10 DE with Outlook 2016.

Still have to see the crash part.
I've got a crash after turning S/MIME one, but not when trying to decrypt the "send" folder message.

Comparing the gpgol.log files in the case of OpenPGP decryption (successful) and S/MIME decryption in send folder (failing).

-> Idea: decryption is tried with the wrong protocol (OpenPGP, where it should be S/MIME).

Next steps:

1. compare with successful S/MIME decryption.
2. build gpgol

method

A command like the following helps to compare to gpgol.logs by cutting away the time and the process uid number:

cut --delimiter=/ --fields=3--d/  gpgol-20171026-3-openpgp-decr.log >cut/gpgol-20171026-3-openpgp-decr.log

cut/gpgol-20171026-3-openpgp-decr.log

application-events.cpp:Invoke: ItemLoad event. Getting object.
application-events.cpp:Invoke: Creating mail object for item: 00000222A0C9C3B0
mapihelp.cpp:mapi_change_message_class: have override message class
mapihelp.cpp:mapi_change_message_class: checking message class `IPM.Note.GpgOL.MultipartEncrypted'
mapihelp.cpp:mapi_change_message_class: saving old message class
mapihelp.cpp:mapi_change_message_class: setting message class to `IPM.Note.GpgOL.MultipartEncrypted'
mapihelp.cpp:mapi_get_message_type: have override message class
mapihelp.cpp:mapi_create_attach_table: message has 1 attachments
mapihelp.cpp:mapi_create_attach_table: attachment info:
    41093 mt=3 fname=`gpgolXXX.dat' ct=`multipart/signed' ct_parms=`(null)'

mail.cpp:do_parsing: preparing the parser for: 000002229FAAFF70
parsecontroller.cpp:parse:000002229FAD8DE0 decrypt: 1 verify: 0 with protocol: OpenPGP sender: test1@example.com

parsecontroller.cpp:parse:000002229FAD8DE0 decrypt / verify done.
parsecontroller.cpp:parse:000002229FAD8DE0: decrypt err: 0 verify err: 0
parsecontroller.cpp:parse:348: tracepoint
Decrypt / Verify result: GpgME::DecryptionResult(
 error:                GpgME::Error(0 (Success))
 fileName:             <null>
 unsupportedAlgorithm: <null>
 isWrongKeyUsage:      0
 isDeVs                1
 recipients:

cut/gpgol-20171025-smime-send.log

application-events.cpp:Invoke: ItemLoad event. Getting object.
application-events.cpp:Invoke: Creating mail object for item: 000001D8601E0820
mapihelp.cpp:mapi_change_message_class: have override message class
mapihelp.cpp:mapi_change_message_class: checking message class `IPM.Note.GpgOL.OpaqueEncrypted'
mapihelp.cpp:mapi_change_message_class: saving old message class
mapihelp.cpp:mapi_change_message_class: setting message class to `IPM.Note.GpgOL.OpaqueEncrypted'
mapihelp.cpp:mapi_get_message_type: have override message class
mapihelp.cpp:mapi_create_attach_table: message has 1 attachments
mapihelp.cpp:mapi_create_attach_table: attachment info:
    40677 mt=3 fname=`gpgolXXX.dat' ct=`multipart/signed' ct_parms=`(null)'

mail.cpp:do_parsing: preparing the parser for: 000001D85A0FDFE0
parsecontroller.cpp:parse:000001D85A0A8380 decrypt: 1 verify: 0 with protocol: OpenPGP sender: test1@example.com
parsecontroller.cpp:parse:000001D85A0A8380 decrypt / verify done.
parsecontroller.cpp:parse:000001D85A0A8380: decrypt err: 58 verify err: 58
parsecontroller.cpp:parse:348: tracepoint
Decrypt / Verify result: GpgME::DecryptionResult(
 error:                GpgME::Error(117440570 (No data))
 fileName:             <null>
 unsupportedAlgorithm: <null>
 isWrongKeyUsage:      0
 isDeVs                0
 recipients:

When receiving an S/MIME mail that is encrypted, the successful log looks like:

gpgol-20171030-2-smime-decr.log

11:34:30/3120/application-events.cpp:Invoke: ItemLoad event. Getting object.
11:34:30/3120/application-events.cpp:Invoke: Creating mail object for item: 0000018F081A6F80
11:34:30/3120/mapihelp.cpp:mapi_change_message_class: checking message class `IPM.Note.GpgOL.OpaqueEncrypted'
11:34:31/3120/mapihelp.cpp:mapi_create_attach_table: message has 1 attachments
11:34:31/3120/mapihelp.cpp:mapi_create_attach_table: attachment info:
11:34:31/3120/»·41157 mt=1 fname=`smime.p7m' ct=`application/pkcs7-mime' ct_parms=`(null)'

1:34:31/6592/mail.cpp:do_parsing: preparing the parser for: 0000018F065F76C0
11:34:31/6592/parsecontroller.cpp:parse:0000018F065C9C70 decrypt: 1 verify: 0 with protocol: CMS sender: bernhard@intevation.de
11:34:31/6592/mimedataprovider.cpp:t2body: Collecting text body.
11:34:31/6592/parsecontroller.cpp:parse:0000018F065C9C70 decrypt / verify done.
11:34:31/6592/parsecontroller.cpp:parse:0000018F065C9C70: decrypt err: 0 verify err: 0
11:34:31/6592/parsecontroller.cpp:parse:348: tracepoint
11:34:31/6592/Decrypt / Verify result: GpgME::DecryptionResult(
 error:                GpgME::Error(0 (Success))
 fileName:             <null>
 unsupportedAlgorithm: <null>
 isWrongKeyUsage:      0
 isDeVs                1
 recipients:

@aheinecke Regarding closing: I'd say that we should have a test on this one and then close it for only the refocussed "send-folder problem".
Can you provide an updated gpgol.dll drop in replacement?
Some of the users in the forum may be willing to test as well.

A new binary for GpgOL can be found under: http://files.gpg4win.org/Beta/gpgol/2.0.2-beta8/ or for http://files.gpg4win.org/Beta/gpgol/2.0.2-beta8_x64/

Shutdown Outlook and replace your gpgol.dll in the gpg4win install folder to update to the beta version.

Hi,

tested your new .dll. Created a new email. Choosed "sign". Pasted an email adress from outlook address book into the "an" field. Outlook crashs. Took me 2 seconds to test. What the hell are you testing?

Starting Outlook still brings up the "

Starting Outlook still bring up the "Fehler in der Benutzeroberfläche von XML von "GpgOL .....Unbekannte Office.Steuerelemente-ID: TabComposerTool" Message Box.

Sorry for my inpatience...but it's a little bit hard to understand why the above, very simple test procedure obviously isn't reproducible on your systems.

Another unsolved bug: Reveiced an smime signed but unencrypted email. First time after starting outlook email got validated and afer endless waiting (approx. 30 sec) contense was shown. Restarting Outlook later and revisiting this email will restart the verification process. This time the message "Bitte warten Sie während die Nachricht entschlüsselt / geprüft wird..." stays forever. No chance to read this email again.

In T3442#105466, @tstreibl wrote:

Starting Outlook still bring up the "Fehler in der Benutzeroberfläche von XML von "GpgOL .....Unbekannte Office.Steuerelemente-ID: TabComposerTool" Message Box.

Sorry for my inpatience...but it's a little bit hard to understand why the above, very simple test procedure obviously isn't reproducible on your systems.

This will be fixed in the next release, the Task for this is still open ( T3441 ) I'm currently waiting on a confirmation there that the error happens on Outlook 2010. A version I don't have in my development setup (And yes I should probably set up a VM with this version, too). But you are right this will be a simple fix. The error is harmless though and only shown to users that have enabled an Add in development Option.

Another unsolved bug: Reveiced an smime signed but unencrypted email. First time after starting outlook email got validated and afer endless waiting (approx. 30 sec) contense was shown. Restarting Outlook later and revisiting this email will restart the verification process. This time the message "Bitte warten Sie während die Nachricht entschlüsselt / geprüft wird..." stays forever. No chance to read this email again.

For S/MIME checks for CRL's can take a long time as it depends on network communication between you and the Certificate issuer (cacert especially is known as very problematic in that regard). 30 Seconds even sounds like a timeout there. You could try to disable crl checks in Kleopatra settings for S/MIME. This should speed up the process.

If somehow the "Bitte warten" message does not disappear you could try to view another mail and reopen this mail later.

@tstreibl thanks for helping with your feedback!
Please note that this issue (T3442) still has the status "testing", because we want to perform some more tests before declaring it resolved. :)

With the Release of Gpg4win 3.0.1 the Error doesn't appear anymore while testing with Windows 10 (64bit) with Outlook 2016 and Windows 7 (64bit) with Outlook 2010.

May @tstreibl confirm this?

Hello Jochen,

I can confirm.

-The Message Box "Fehler in der Benutzeroberfläche von XML von "GpgOL .....Unbekannte Office.Steuerelemente-ID: TabComposerTool" doesn not show up anymore when starting outlook

-Copy Paste of email adresses from outlook adress book to mailitem works fine. No crash any more.

Added a new issue with signatures in 3.0.1