GpgOL - Outlook shows empty email body for encrypted email
Closed, ResolvedPublic

Description

Steps to reproduce on Windows 7 (x86) and Outlook 2010

  1. install gpg4win version 3.0.1
  2. create a key with Kleopatra, selecting ECDSA for sign,certify and ECDH for encrypt
  3. create a new email and enable encryption; add subject and body
  4. select recipient to be the same as sender (the owner of the private key; gpgol correctly recognize the sender and recipient)
  5. send-receive the email
  6. the received email shows in outlook message list with the correct icon for encrypted message
  7. the email preview and the email full window is not showing the email body, but does show the email subject

Expected result:

  • the email preview and the email full window should show the email body

Same email sent to another email client (like Evolution of KMail) shows correctly with full email body after decrypt.

Other actions while trying to display the email body:

  1. kill the gpg-agent
  2. close Outlook
  3. open Outlook again (fill-in the password prompt dialog )
  4. Outlook does show the email body for the encrypted email
  5. in Outlook mail list panel, select any other email
  6. in Outlook mail list panel, go back to the encrypted email: the email body is not showed again

GpgOL log file attached.

Details

Xv created this task.Nov 25 2017, 11:03 PM
Xv updated the task description. (Show Details)Nov 25 2017, 11:06 PM
Xv added a project: gpgol.
Xv updated the task description. (Show Details)Nov 26 2017, 4:38 PM

Thank you very much for your good and detailed report.

Your Log is very surprising. What happens is that GpgOL receives a "Read Event" for object X. GpgOL extracts the crypto data from Object X and starts the decryption. Immediately afterwards GpgOL receives an "Unload Object X" event. Which means that Outlook says it deleted Object X. Now GpgOL removes it's internal representation of the Mail and the event listener. When the decryption (which runs in a different thread) is finished GpgOL no longer finds the mail it belongs to.
I have

This could happen normally if you quickly switch between mails but I doubt that you did that.

Do you have any other Addons active in Outlook and if so could you please disable them for another test?

I would like to find out now why this happens for you and not other people. What kind of Server are you connected to? (e.g. Exchange 2010)

aheinecke triaged this task as High priority.Nov 27 2017, 1:14 PM

Normal priority for now until we get more reports of this. For now we have to assume that while this problem is disastrous it happens rarely as we did not get many reports about this.

aheinecke lowered the priority of this task from High to Normal.Nov 27 2017, 1:14 PM
Xv added a comment.Nov 28 2017, 5:58 AM

I have some progress and a step back.
Turns out that one of the installed plugins was causing the problem: "PDF Converter 7.1 Outlook Add-in".
I disabled all plugins (except GpgOL) and then enabled them back one by one.
With PDF Converter add-in disabled I'm now able to see the decrypted email body (sent from myself).

Maybe, as a feature request, GpgOL could display some error message in the email body if the decryption failed for some reason.

But now I have a slightly different problem: I can send an encrypted email to another recipient. If the other recipient is using a Linux client (like Gnome Evolution) and is replying to the original email, Outlook will display again no email body and 3 attachments :
-Message
-untitled attachment 00001.gpg
-encrypted.asc

My gpg keyring contains the other recipient public key (certified)
The other recipient has my public key (certified).

I extracted the log file again.
The log file shows an exception:

/oomhelp.cpp:dump_excepinfo: Exception:

wCode: 0x1000
wReserved: 0x0
source: Microsoft Outlook
desc: The property "http://schemas.microsoft.com/mapi/string/{31805AB8-3E92-11DC-879C-00061B031004}/GpgOL UID/0x0000001F" is unknown or cannot be found.
help: null
helpCtx: 0x0
deferredFill: 00000000
scode: 0x8004010f

I know that this might be completed unrelated to the issue reported initially and the fact that again there is no message body does not have the same cause.
Let me know if you think we should close this ticket and have the new issue reported as a new ticket.

In T3537#106396, @Xv wrote:

I have some progress and a step back.
Turns out that one of the installed plugins was causing the problem: "PDF Converter 7.1 Outlook Add-in".
I disabled all plugins (except GpgOL) and then enabled them back one by one.
With PDF Converter add-in disabled I'm now able to see the decrypted email body (sent from myself).

Ok good to know i put it on my todo to try with that plugin but the likely cause for this issue is that PDF Converter has an error that causes the problem (EMail is unloaded too early) We could then add that as a known problem. I keep this issue open as a reminder.

Maybe, as a feature request, GpgOL could display some error message in the email body if the decryption failed for some reason.

For this error case I don't have a good idea how to detect it. For GpgOL it looks like you selected a different mail immediately after opening the mail and we don't have a reference to the object that is displayed so we could not put an error in there. And we can't detect if it failed because you selected a different mail or because another Add In triggered unexpected behavior.

But now I have a slightly different problem: I can send an encrypted email to another recipient. If the other recipient is using a Linux client (like Gnome Evolution) and is replying to the original email, Outlook will display again no email body and 3 attachments :
-Message
-untitled attachment 00001.gpg
-encrypted.asc

I opened a new task for this T3542

hs added a subscriber: hs.Dec 12 2017, 3:45 PM

Just installed Gpg4Win 3.0.2.
Had a very similar effect with Windows 7 / Outlook 2010:

  • Sending an encrypted e-mail to myself.
  • E-mail will be decypted once after receiving.
  • After that, e-mail is shown as "unsecure" and with empty message body (both in preview and own window).
  • E-mail in "Sent" folder still decryptable with right content.

I've added gpgol.log for opening Outlook again after receiving the e-mail (with empy body, now).

@hs Your log is interesting but I don't yet understand it. We see a "Load" event for an encrypted mail, create our internal data modelling. But later there is a mismatch between the reference Outlook gives us and our internal reference (Failed to find mail in map).
Out of the blue there might be something I could do in that case but it's still somewhat unclear to me why this state occurs.

The same question to you here: Do you have any other addons that might interfere and could you try to disable them and see for which addon the behavior changes.
While I don't see a chance to fix the problem PDF Creator creates here I might find a solution through trial and error if I could reproduce it by installing an addon that would cause this behavior.

hs added a comment.Dec 13 2017, 9:33 AM

@aheinecke Because it was mentioned in another comment, I've tried to restart Outlook with the GpgOl plugin enabled, only. Same result. But the fact that I could see the message just after arrival, but not in a second approach may point in a direction that incoming messages are processed by an server-based filter changing potentially vulnerable email content (as embedded links).
I could try to log the complete process of sending an email to myself, decrypting once and failing in a second trail. This would actually increase the size of the log file.

hs added a comment.Dec 13 2017, 1:45 PM


What I did:

  • fresh install of Gpg4Win 3.0.2
  • reboot
  • openening Outlook 2010 with only one plugin (GpgOL)
  • sending an encrypted email to myself
  • trying to open that email (no content)
hs added a comment.Dec 13 2017, 1:50 PM


The registry setting used above.

hs added a comment.Dec 13 2017, 5:33 PM

One problem seems to be that the content of Inbox message differs from this one in the Sent folder (10 vs. 20 KB).
The content of the Inbox is shown as empty, even using the "show source" option. Saving the message as plain text shows a PGP part inside, but this is ignored by Outlook.
I tried this advice:
How to view the message source in Outlook
But the result is the same, after maked as read, the message becomes unreadable.

hs added a comment.Dec 14 2017, 9:45 AM

Looking at the messages from above using another PC, same Windows 7 and Outlook 2010 but Gpg4Win 2.3.3 :

  • received message in Inbox is decrypted shown correctly inline both in preview and opening it
  • original message in Sent is not decrypted, but shown as encrypted with gpgolXXX.dat attachment

Hence, it shows the opposite behavior to the 3.0.2 handling.

hs added a comment.Dec 14 2017, 1:55 PM

A signed but not encrypted message appears in the same way (visible in Sent, empty in Inbox)

Hi @hs,
given that you have used the instructions from the link above to look at the message,
I'll take it that you are using an IMAP/SMTP setup for mail transportation?

Overall it may be better to create a new defect and focus this one more (e.g. on exhance an pdf creator plugin).

aheinecke changed the task status from Open to Testing.Jan 8 2018, 11:39 AM

While trying to reproduce another bug I've set up an account with Exchange Online. With that account I had similar behavior with empty mails shown. The behavior also matched to the logging of the last mail in your log.

This problem is fixed now. The fix is part of 2.0.6-beta7 from https://files.gpg4win.org/Beta/gpgol/
@hs Please confirm that this also fixes the issue in your setup.

hs added a comment.Jan 8 2018, 2:59 PM

All e-mails I tried to open with 2.0.6-beta7 gpgol.dll were readable and showed the correct content in my environment, now. Great!

aheinecke closed this task as Resolved.Jan 12 2018, 10:59 AM
aheinecke claimed this task.

Multiple confirmations -> Resolved.