Page MenuHome GnuPG
Create Task
Maniphest T3802

GpgOL fails to decrypt email sent from Evolution/Apple Mail via Office365
Closed, ResolvedPublic
Actions

Description

Hi,
as per subject, if I send an email with Evolution or Apple Mail via O365 (both accounts configured with Exchange Web Services, IMAP/SMTP or POP/SMTP have not been tested), GpgOL with Outlook 2013 and 2016 cannot decrypt it.
If I send the same email using Outlook 2013 or 2016 using the same O365 account, GpgOL decrypts it properly.
I have done some debugging and I can confirm O365 is involved, using another email provider (we recently moved to O365), the problem did not occur.

Debugging this issue, I found that all emails received via O365 have in headers:

Content-Type: application/ms-tnef; name="winmail.dat"
Content-Transfer-Encoding: binary

Emails sent from Outlook have a "gpgolXXX.dat" attachment, that is properly read and decrypted by GpgOL, while emails sent from Evolution and Apple Mail have two attachments, one text file with PGP MIME Version (Version: 1) and one with encrypted PGP message.

In the attached debug log, you can see starting at 15:23:06 that email message Content-Type is set to "application/ms-tnef", but GpgOL fails to parse message.

Last but not least, both Evolution and Apple Mail can decrypt those messages correctly.

I can do further testing and debugging if necessary, just let me know.

Regards,
Federico Chiacchiaretta

gpgol.log12 KBDownload

Details

Version
2.0.6

Revisions and Commits

rO GpgOL
rOb4c25ecda4b0 Prefer Sender over SendUsingAccount for crypt mail
rO14d0e2d9d1e0 Fix multipart/signed detection if ms-tnef wrapped
rO13ec7979aaff Handle MS-TNEF PGP/MIME Mails

Related Objects
Search...

Event Timeline

federico.chiacchiaretta created this task.Feb 20 2018, 5:55 PM
aheinecke triaged this task as Normal priority.Feb 21 2018, 4:14 PM
aheinecke added a subscriber: aheinecke.

Thanks for your report and analysis.

We had a similar problem that we fixed in gpgol 2.0.4 (T3419) that PGP/Inline mails were ms-tnef attachments for some. For you it appears that PGP/MIME mails are part of an ms-tnef attachment. This will need some extra handling.

Can you please save such a message in outlook and attach the .msg file here? I don't need to be able to decrypt it but with that I should be able to debug / fix the parser.

If you don't want to attach it here you can send it to me privately aheinecke@intevation.de (pubkey 94A5C9A03C2FE5CA3B095D8E1FDF723CF462B6B1 ).

federico.chiacchiaretta added a comment.Feb 21 2018, 4:36 PM

You can find the message attached.
Message has been saved from Outlook 2013.

message_from_OL2013.msg75 KBDownload

aheinecke added a commit: rO13ec7979aaff: Handle MS-TNEF PGP/MIME Mails.Feb 22 2018, 9:58 AM
aheinecke changed the task status from Open to Testing.Feb 22 2018, 10:20 AM

Thank you. With that message I could reproduce the problem and have a fix. I now get to decryption failed / no secret key as it should be.

Could you please replace your gpgol.dll (in bin or bin_64) with the version 2.0.7-beta8 (x64) from:
https://files.gpg4win.org/Beta/gpgol/

And confirm that this fixes the problem for you?

If that fixes the problem it would also be great if you could test with a signed (not encrypted) mail from the same clients. I made an educated guess how such a mail would look like wrapped in ms-tnef but I'm not sure if that guess is correct ;-).

federico.chiacchiaretta added a comment.Feb 22 2018, 11:11 AM

I just tested version 2.0.7-beta8 x64 and I can confirm the bug is fixed, GpgOL can decrypt messages properly. Messages also appear to be properly signed.

I also did a test with a signed only email, but in this case GpgOL doesn't seem to detect signature properly, Outlook shows an attachment "signature.asc" and message is not tagged as "GpgOL: Trusted Sender Address".

You can find a screenshot, .msg and debug log attached, hope it helps.

Thanks,
Federico Chiacchiaretta


Test_signed_not_encrypted.msg53 KBDownload

gpgol_signed_only.log12 KBDownload

aheinecke mentioned this in rO7700f5da2744: Add some more sender address lookups.Feb 26 2018, 4:56 PM
aheinecke added a commit: rO14d0e2d9d1e0: Fix multipart/signed detection if ms-tnef wrapped.
aheinecke added a comment.Feb 26 2018, 4:58 PM

Thanks for the test and the example mail. Should also be fixed now.
While testing I also noticed that the sender email address was also not parsed correctly for these kind of mails and added some code to fix that.

If you like you can grab 2.0.7-beta10 from the same location.

aheinecke added a parent task: T3742: Gpg4win 3.1.0.Feb 27 2018, 7:10 AM
federico.chiacchiaretta added a comment.Feb 27 2018, 9:33 AM

Hi aheinecke,
I did some tests with 2.0.7-beta10 and still found some issues.
The message I attached as a test case in previous comment is now properly handled, I see no "signature.asc" attachment and message is correctly tagged as trusted sender; this test message was sent from Evolution and I sent it to myself (sorry for not pointing this out before).

If I try to open a message sent from Apple Mail by a different person, again I see no "signature.asc" attachment, so it has improved, but message is not tagged as trusted sender; messages from the same sender (and same client) were correctly tagged before switching to Office365.

You can find message and debug log attached. Debug log has been acquired with following steps:

  1. Open Outlook 2016 (it displays last received message)
  2. Click on test message from previous comment (self-sent), it is properly tagged
  3. Click on message attached below (sent from Apple Mail and different person)

Thanks,
Federico Chiacchiaretta

prova.msg97 KBDownload

gpgol.log23 KBDownload

aheinecke added a comment.Mar 6 2018, 3:17 PM

From the log I can see that GpgOL picks up the wrong "Sender" address. It thinks that you sent the mail yourself and then the mail address <> signature does not match. So it is not flagged as Trusted.

I think I found the bug in our code that caused that. This time I can't give you just an updated GpgOL as there were too many changes so that it can no longer be a drop in replacement. I let you know when I have a new installer.

aheinecke added a commit: rOb4c25ecda4b0: Prefer Sender over SendUsingAccount for crypt mail.Mar 6 2018, 3:18 PM
federico.chiacchiaretta added a comment.Mar 6 2018, 5:04 PM

Great.
I'll wait for v3.1.0 then.

Thank you.

Federico Chiacchiaretta

aheinecke added a comment.Mar 7 2018, 3:10 PM

I've uploaded a beta for the upcoming 3.1.0 Version: https://files.gpg4win.org/Beta/gpg4win-3.1.0-beta-current.exe

federico.chiacchiaretta added a comment.Mar 7 2018, 4:11 PM

I installed 3.1.0-beta and tested all use cases, everything is working properly now.

Thank you for your support and great work!

Federico Chiacchiaretta

aheinecke closed this task as Resolved.Mar 8 2018, 8:39 AM
aheinecke claimed this task.

Hurray :-) -> Resolved.

Thanks for your help / report.

aheinecke mentioned this in T3777: GpgOL cannot verify greater than level 0 if addresses are capitalized .Mar 8 2018, 2:41 PM