GpgOL: Insecure Ribbon button for secure emails, showing empty body (because of MailStore Outlook Add-in)
Open, NormalPublic

Description

  • gpg4win 3.0.3
  • Outlook 2016
  • Windows 10 Pro (10.0.16299)

When I receive an email, I only see the "Insecure" GpgOL Ribbon button
(instead the "Security Level 4" one), the blue lock icon (or award
icon for signed) in the email overview pane, and an empty email body
in the preview or opened detail email view.

This way, I can not decrypt, verify, or read the email.

One exception: when I re-start Outlook and a signed or encrypted email
is the topmost email and thus displayed by default, encryption and
verification works for this topmost email. When I switch to a
different email and/or back to the first one, it again shows the
faulty behavior described above.

My GpgOL plugin is still activated: File > Options > Add-Ins > Manage
COM Add-ins > Go... > (active GpgOL)

I updated my computer to gpg4win 3.1.0 with no change to this issue.

We have three GnuPG4Win instances in our office. Two computers show
this issue, one is working fine. The one, which is working fine has
the same versions than my computer above.

Different computer showing the same issue:

  • Windows 8.1 Enterprise
  • MS Office 2013 Professional
  • gpg4win 3.1.0

Please tell me how to analyze this issue any further.

Details

Version
3.1.0
Karl created this task.Apr 24 2018, 11:45 AM
Karl created this object in space S1 Public.
Karl updated the task description. (Show Details)Apr 24 2018, 9:31 PM
aheinecke triaged this task as Normal priority.Apr 25 2018, 7:25 AM
aheinecke claimed this task.
aheinecke added a subscriber: aheinecke.

Thanks for your report!

If only some computers show it (and our other users also don't see this issue) it might be a problem with conflicting addons. We had reports of similar behavior with addons listed here: https://wiki.gnupg.org/GpgOL/IncompatibleAddons

Could you try to disable all other addons and see if this problem persists?

If it persists we will need debug output from you:

To get the debug log:

  • Close Outlook
  • Open regedit.exe and
  • set HKEY_CURRENT_USER\Software\GNU\GpgOL enableDebug to either 1 or 1922
  • set HKEY_CURRENT_USER\Software\GNU\GpgOL logFile to some writeable file (e.g. c:\users\<youruser>\gpgol.txt )
  • Open Outlook again and reproduce look at an encrypted mail.

The value of enableDebug -> If set to 1 it logs less and should not leak any
private data. If set to 1922 the log will contain the plaintext of decrypted
messages, so only use that if you have a test mail or some unconfidential mail.

Karl added a comment.Apr 30 2018, 11:35 AM

Thanks for the great direction on how to debug the issue any further.

https://wiki.gnupg.org/GpgOL/IncompatibleAddons

-> We do not run any of those incompatible add-ons (or add-ins as Microsoft says)

Outlook > File > "Manage COM Add-ins": previously not seen message:

"Outlook detected a COM add-in problem:

GpgOL

This add-in caused Outlook to start slowly. It wasn't disabled because it's in the always enable list."

Okay, this does not seem to be an issue, just an unrelated(?) warning.

Outlook > File > Options > Add-ins:

Active Add-ins:

  • Conversation History Add-in for MS Office 2016
  • ESET Outlook Add-in
  • GpgOL
  • MailStore Outlook Add-in
  • MS Exchange Add-in
  • MS VBA for Outlook Addin(sic)
  • Outlook Social Connector 2016

Inactive Add-ins:

  • MS Access Outlook Add-in for Data Collection and Publishing
  • MS SharePoint Server Colleague Import Add-in
  • Onenote Notes about Outlook Items
  • Skype Meeting Add-in for MS Office 2016
  • TeamViewer Meeting Add-in

I disable:

  • Conversation History Add-in for MS Office 2016
  • ESET Outlook Add-in
  • MailStore Outlook Add-in
  • Outlook Social Connector 2016

Success: GpgOL works as expected.

Let's do find out, which add-in causes this effect by enabling it one by one and restarting Outlook.

The culprit is: MailStore Outlook Add-in

I do have installed:

  • MailStore Client 9.0.3.9873
  • MailStore Outlook Add-in 9.0.3.9873

I could not locate any web page mentioning MailStore Add-in with GpgOL.

Log output with enableDebug==1 for:

  1. Opening Outlook
  2. wait for a sec
  3. change to a folder which has a signed email on top (which is shown correctly)
  4. wait a sec
  5. switch to a different (encrypted) email in same folder which is not shown due to the error

#+BEGIN_EXAMPLE
09:29:47/13216/enabled debug flags:
09:29:47/13216/gpgoladdin.cpp:OnConnection: this is GpgOL 2.1.0
09:29:47/13216/gpgoladdin.cpp:OnConnection: using GPGME 1.10.1-beta188
09:29:47/13216/gpgoladdin.cpp:OnConnection: in Outlook 16.0.0.4678
09:29:47/13216/gpgoladdin.cpp:OnStartupComplete:423: tracepoint
09:29:47/13216/Ensure category exists called for GpgOL: Encrypted Message, 8
09:29:47/13216/oomhelp.cpp:ensure_category_exists: Found category 'GpgOL: Encrypted Message'
09:29:47/13216/oomhelp.cpp:ensure_category_exists: Found category 'GpgOL: Encrypted Message'
09:29:47/13216/Ensure category exists called for GpgOL: Trusted Sender Address, 5
09:29:47/13216/oomhelp.cpp:ensure_category_exists: Found category 'GpgOL: Trusted Sender Address'
09:29:47/13216/oomhelp.cpp:ensure_category_exists: Found category 'GpgOL: Trusted Sender Address'
09:29:47/13216/olflange.cpp:install_forms: form `C:\Program Files (x86)\Gpg4win\share\gpgol\gpgol.cfg' installed
09:29:47/13216/olflange.cpp:install_forms: form `C:\Program Files (x86)\Gpg4win\share\gpgol\gpgol-ms.cfg' installed
09:29:47/13216/olflange.cpp:install_forms: form `C:\Program Files (x86)\Gpg4win\share\gpgol\gpgol-cs.cfg' installed
09:29:47/13216/olflange.cpp:install_forms: form `C:\Program Files (x86)\Gpg4win\share\gpgol\gpgol-form-signed.cfg' installed
09:29:47/13216/olflange.cpp:install_forms: form `C:\Program Files (x86)\Gpg4win\share\gpgol\gpgol-form-encrypted.cfg' installed
09:29:47/13216/storing option enableSmime' value=0'
09:29:47/13216/storing option encryptDefault' value=0'
09:29:47/13216/storing option signDefault' value=0'
09:29:47/13216/storing option previewDecrypt' value=0'
09:29:47/13216/storing option encodingFormat' value=1'
09:29:47/13216/storing option logFile' value=C:\Users\karl.voit\log\GpgOL.log'
09:29:47/13216/storing option defaultKey' value='
09:29:47/13216/storing option enableDefaultKey' value=0'
09:29:47/13216/storing option gitCommit' value=0x0'
09:29:47/13216/storing option formsRevision' value=335'
09:29:47/13216/storing option announceNumber' value=0'
09:29:47/13216/storing option bodyAsAttachment' value=0'
09:29:47/13216/storing option mimeUI' value=1'
09:29:47/13216/storing option inlinePGP' value=0'
09:29:47/13216/storing option autoresolve' value=0'
09:29:47/13216/storing option replyCrypt' value=0'
09:29:47/13216/storing option deprecationShown' value=0'
09:29:47/13216/gpgoladdin.cpp:check_html_preferred: No type or key for ReadAsPlain
09:29:47/13216/application-events.cpp:Invoke: ItemLoad event. Getting object.
09:29:47/13216/application-events.cpp:Invoke: ItemLoad event without mailitem.
09:29:47/852/windowmessages.cpp:delayed_invalidate_ui: Invalidation canceled as it is in progress.
09:29:48/13216/windowmessages.cpp:gpgol_window_proc: Recieved user msg: 1101
09:29:48/13216/windowmessages.cpp:gpgol_window_proc: Invalidating UI
09:29:48/13216/windowmessages.cpp:gpgol_window_proc: Invalidation done
09:29:48/13216/application-events.cpp:Invoke: ItemLoad event. Getting object.
09:29:48/13216/application-events.cpp:Invoke: Creating mail object for item: 0000015C299DAA90
09:29:48/1176/windowmessages.cpp:do_async: Do async with type 1108
09:29:48/13216/mapihelp.cpp:mapi_change_message_class: checking message class `IPM.Note'
09:29:48/13216/mapihelp.cpp:change_message_class_ipm_note: content type is 'text/html'
09:29:48/13216/mapihelp.cpp:mapi_get_body_as_stream: OpenProperty tag=83df0102 failed: hr=0x8004010f
09:29:48/13216/mailitem-events.cpp:Invoke: Non crypto mail 0000015C187D5BE0 opened. Updating sigstatus.
09:29:48/13216/windowmessages.cpp:gpgol_window_proc: Recieved user msg: 1108
09:29:48/13216/windowmessages.cpp:gpgol_window_proc: Invalidating last mail
09:29:48/13216/windowmessages.cpp:gpgol_window_proc: Recieved user msg: 1101
09:29:48/13216/windowmessages.cpp:gpgol_window_proc: Invalidating UI
09:29:48/13216/windowmessages.cpp:gpgol_window_proc: Invalidation done
09:29:48/13216/gpgoladdin.cpp:GetCustomUI_MIME: GetCustomUI_MIME for id: Microsoft.Outlook.Explorer
09:29:48/13216/gpgoladdin.cpp:GetIDsOfNames: GetIDsOfNames for: ribbonLoaded
09:29:48/13216/gpgoladdin.cpp:Invoke: enter with dispid: 11
09:29:48/13216/gpgoladdin.cpp:GetIDsOfNames: GetIDsOfNames for: getIsDetailsEnabled
09:29:48/13216/gpgoladdin.cpp:Invoke: enter with dispid: 13
09:29:48/13216/ribbon-callbacks.cpp:getContext: contextObj: _Explorer
09:29:48/13216/oomhelp.cpp:get_pa_string: Property `http://schemas.microsoft.com/mapi/string/{31805AB8-3E92-11DC-879C-00061B031004}/GpgOL UID/0x0000001F' is not a string (vt=0)
09:29:48/13216/oomhelp.cpp:get_unique_id: No uuid found in oom for '0000015C29D4A460'
09:29:48/13216/mapihelp.cpp:mapi_get_uid: Failed to get prop for '0000015C26C75308'
09:29:48/13216/ribbon-callbacks.cpp:get_mail_from_control: Failed to get uid for 0000015C29D4A460
09:29:48/13216/gpgoladdin.cpp:GetIDsOfNames: GetIDsOfNames for: getSigLabel
09:29:48/13216/gpgoladdin.cpp:Invoke: enter with dispid: 1b
09:29:48/13216/ribbon-callbacks.cpp:getContext: contextObj: _Explorer
09:29:48/13216/oomhelp.cpp:get_pa_string: Property `http://schemas.microsoft.com/mapi/string/{31805AB8-3E92-11DC-879C-00061B031004}/GpgOL UID/0x0000001F' is not a string (vt=0)
09:29:48/13216/oomhelp.cpp:get_unique_id: No uuid found in oom for '0000015C29D4DCA0'
09:29:48/13216/mapihelp.cpp:mapi_get_uid: Failed to get prop for '0000015C26C75308'
09:29:48/13216/ribbon-callbacks.cpp:get_mail_from_control: Failed to get uid for 0000015C29D4DCA0
09:29:48/13216/ribbon-callbacks.cpp:get_sig_label: No mail.
09:29:48/13216/gpgoladdin.cpp:GetIDsOfNames: GetIDsOfNames for: btnSigstateLarge
09:29:48/13216/gpgoladdin.cpp:Invoke: enter with dispid: 1d
09:29:48/13216/ribbon-callbacks.cpp:getContext: contextObj: _Explorer
09:29:48/13216/oomhelp.cpp:get_pa_string: Property `http://schemas.microsoft.com/mapi/string/{31805AB8-3E92-11DC-879C-00061B031004}/GpgOL UID/0x0000001F' is not a string (vt=0)
09:29:48/13216/oomhelp.cpp:get_unique_id: No uuid found in oom for '0000015C29D4E060'
09:29:48/13216/mapihelp.cpp:mapi_get_uid: Failed to get prop for '0000015C26C75308'
09:29:48/13216/ribbon-callbacks.cpp:get_mail_from_control: Failed to get uid for 0000015C29D4E060
09:30:02/18684/windowmessages.cpp:delayed_invalidate_ui: Invalidation canceled as it is in progress.
09:30:02/13216/mailitem-events.cpp:Invoke: Removing Mail for message: 0000015C299DAA90.
09:30:02/13216/windowmessages.cpp:gpgol_window_proc: Recieved user msg: 1101
09:30:02/13216/windowmessages.cpp:gpgol_window_proc: Invalidating UI
09:30:02/13216/gpgoladdin.cpp:gpgoladdin_invalidate_ui: Invalidating ribbon: 0000015C268CA138
09:30:02/13216/windowmessages.cpp:gpgol_window_proc: Invalidation done
09:30:02/13216/gpgoladdin.cpp:GetIDsOfNames: GetIDsOfNames for: getSigLabel
09:30:02/13216/gpgoladdin.cpp:Invoke: enter with dispid: 1b
09:30:02/13216/ribbon-callbacks.cpp:getContext: contextObj: _Explorer
09:30:02/13216/oomhelp.cpp:get_oom_object: failure: 'WordEditor' p=0000000000000000 vt=0 hr=0x80020009 argErr=0x0
09:30:02/13216/oomhelp.cpp:dump_excepinfo: Exception:

wCode: 0x1000
wReserved: 0x0
source: Microsoft Outlook
desc: The operation failed.
help: null
helpCtx: 0x0
deferredFill: 0000000000000000
scode: 0x80004005

09:30:02/13216/ribbon-callbacks.cpp:get_mail_from_control: No mailitem. From _Explorer
09:30:02/13216/ribbon-callbacks.cpp:get_sig_label: No mail.
09:30:02/13216/gpgoladdin.cpp:GetIDsOfNames: GetIDsOfNames for: btnSigstateLarge
09:30:02/13216/gpgoladdin.cpp:Invoke: enter with dispid: 1d
09:30:02/13216/ribbon-callbacks.cpp:getContext: contextObj: _Explorer
09:30:02/13216/oomhelp.cpp:get_oom_object: failure: 'WordEditor' p=0000000000000000 vt=0 hr=0x80020009 argErr=0x0
09:30:02/13216/oomhelp.cpp:dump_excepinfo: Exception:

wCode: 0x1000
wReserved: 0x0
source: Microsoft Outlook
desc: The operation failed.
help: null
helpCtx: 0x0
deferredFill: 0000000000000000
scode: 0x80004005

09:30:02/13216/ribbon-callbacks.cpp:get_mail_from_control: No mailitem. From _Explorer
09:30:02/13216/gpgoladdin.cpp:GetIDsOfNames: GetIDsOfNames for: getIsDetailsEnabled
09:30:02/13216/gpgoladdin.cpp:Invoke: enter with dispid: 13
09:30:02/13216/ribbon-callbacks.cpp:getContext: contextObj: _Explorer
09:30:02/13216/oomhelp.cpp:get_oom_object: failure: 'WordEditor' p=0000000000000000 vt=0 hr=0x80020009 argErr=0x0
09:30:02/13216/oomhelp.cpp:dump_excepinfo: Exception:

wCode: 0x1000
wReserved: 0x0
source: Microsoft Outlook
desc: The operation failed.
help: null
helpCtx: 0x0
deferredFill: 0000000000000000
scode: 0x80004005

09:30:02/13216/ribbon-callbacks.cpp:get_mail_from_control: No mailitem. From _Explorer
09:30:02/13216/application-events.cpp:Invoke: ItemLoad event. Getting object.
09:30:02/13216/application-events.cpp:Invoke: Creating mail object for item: 0000015C2A231990
09:30:02/18316/windowmessages.cpp:do_async: Do async with type 1108
09:30:02/13216/mapihelp.cpp:mapi_change_message_class: checking message class `IPM.Note.GpgOL.MultipartSigned'
09:30:02/13216/mapihelp.cpp:mapi_create_attach_table: message has 1 attachments
09:30:02/13216/mapihelp.cpp:mapi_create_attach_table: attachment info:
09:30:02/13216/ 952549 mt=1 fname=smime.p7m' ct=multipart/signed' ct_parms=`(null)'
09:30:02/13216/windowmessages.cpp:gpgol_window_proc: Recieved user msg: 1108
09:30:02/13216/windowmessages.cpp:gpgol_window_proc: Invalidating last mail
09:30:22/18544/windowmessages.cpp:delayed_invalidate_ui: Invalidation canceled as it is in progress.
09:30:22/13216/application-events.cpp:Invoke: ItemLoad event. Getting object.
09:30:22/13216/application-events.cpp:Invoke: Creating mail object for item: 0000015C2A0637C0
09:30:22/19780/windowmessages.cpp:do_async: Do async with type 1108
09:30:22/13216/mapihelp.cpp:mapi_change_message_class: checking message class `IPM.Note.GpgOL.MultipartEncrypted'
09:30:22/13216/mapihelp.cpp:mapi_create_attach_table: message has 2 attachments
09:30:22/13216/mapihelp.cpp:mapi_create_attach_table: attachment info:
09:30:22/13216/ 952485 mt=1 fname=ATT00001' ct=application/pgp-encrypted' ct_parms=`(null)'
09:30:22/13216/ 952517 mt=1 fname=msg.asc' ct=application/octet-stream' ct_parms=`(null)'
09:30:22/13216/mailitem-events.cpp:Invoke: Removing Mail for message: 0000015C2A231990.
09:30:22/13216/windowmessages.cpp:gpgol_window_proc: Recieved user msg: 1108
09:30:22/13216/windowmessages.cpp:gpgol_window_proc: Invalidating last mail
09:30:22/13216/windowmessages.cpp:gpgol_window_proc: Recieved user msg: 1101
09:30:22/13216/windowmessages.cpp:gpgol_window_proc: Invalidating UI
09:30:22/13216/gpgoladdin.cpp:gpgoladdin_invalidate_ui: Invalidating ribbon: 0000015C268CA138
09:30:22/13216/windowmessages.cpp:gpgol_window_proc: Invalidation done
09:30:22/13216/gpgoladdin.cpp:GetIDsOfNames: GetIDsOfNames for: getSigLabel
09:30:22/13216/gpgoladdin.cpp:Invoke: enter with dispid: 1b
09:30:22/13216/ribbon-callbacks.cpp:getContext: contextObj: _Explorer
09:30:22/13216/oomhelp.cpp:get_pa_string: Property `http://schemas.microsoft.com/mapi/string/{31805AB8-3E92-11DC-879C-00061B031004}/GpgOL UID/0x0000001F' is not a string (vt=0)
09:30:22/13216/oomhelp.cpp:get_unique_id: No uuid found in oom for '0000015C299DF270'
09:30:22/13216/mapihelp.cpp:mapi_get_uid: Failed to get prop for '0000015C2A0374A8'
09:30:22/13216/ribbon-callbacks.cpp:get_mail_from_control: Failed to get uid for 0000015C299DF270
09:30:22/13216/ribbon-callbacks.cpp:get_sig_label: No mail.
09:30:22/13216/gpgoladdin.cpp:GetIDsOfNames: GetIDsOfNames for: btnSigstateLarge
09:30:22/13216/gpgoladdin.cpp:Invoke: enter with dispid: 1d
09:30:22/13216/ribbon-callbacks.cpp:getContext: contextObj: _Explorer
09:30:22/13216/oomhelp.cpp:get_pa_string: Property `http://schemas.microsoft.com/mapi/string/{31805AB8-3E92-11DC-879C-00061B031004}/GpgOL UID/0x0000001F' is not a string (vt=0)
09:30:22/13216/oomhelp.cpp:get_unique_id: No uuid found in oom for '0000015C299DD650'
09:30:22/13216/mapihelp.cpp:mapi_get_uid: Failed to get prop for '0000015C2A0374A8'
09:30:22/13216/ribbon-callbacks.cpp:get_mail_from_control: Failed to get uid for 0000015C299DD650
09:30:22/13216/gpgoladdin.cpp:GetIDsOfNames: GetIDsOfNames for: getIsDetailsEnabled
09:30:22/13216/gpgoladdin.cpp:Invoke: enter with dispid: 13
09:30:22/13216/ribbon-callbacks.cpp:getContext: contextObj: _Explorer
09:30:22/13216/oomhelp.cpp:get_pa_string: Property `http://schemas.microsoft.com/mapi/string/{31805AB8-3E92-11DC-879C-00061B031004}/GpgOL UID/0x0000001F' is not a string (vt=0)
09:30:22/13216/oomhelp.cpp:get_unique_id: No uuid found in oom for '0000015C299DE910'
09:30:22/13216/mapihelp.cpp:mapi_get_uid: Failed to get prop for '0000015C2A0374A8'
09:30:22/13216/ribbon-callbacks.cpp:get_mail_from_control: Failed to get uid for 0000015C299DE910
#+END_EXAMPLE

HTH

Karl renamed this task from GpgOL: Insecure Ribbon button for secure emails, showing empty body to GpgOL: Insecure Ribbon button for secure emails, showing empty body (because of MailStore Outlook Add-in).Apr 30 2018, 11:36 AM

Thanks for the detailed information. From the log I can see the same behavior as in T3769 with the TITUS plugin. No Read event is passed to us.
I've added MailStore to the list of incompatible addons for now https://wiki.gnupg.org/GpgOL/IncompatibleAddons

As this list grows we'll have to look into it some more to try to find a workaround somehow. We are pretty much helpless if an Addin "eats" the Read event and it is not passed to us. Sadly, my first workaround attempt in T3769 did not work. I don't have access to such an incompatible addin so I'll probably have to write an incompatible test addin myself to try to figure out if we can do anything.

In short what happens is that Outlook generates a Read Event when a mail is read. In this event GpgOL decrypts the mail and replaces the content with the decrypted / verified content. But when there are multiple addins they get the read event, one after each other. And each addin has the option to say "Processing stops here, don't pass this event down the line". This is at least what I take from the logs here and in T3769.

Karl added a comment.Apr 30 2018, 2:15 PM

Glad that we could locate the issue.

I have reported this bug to MailStore (they do not seem to give away public URLs for open tickets) and deactivated their Outlook add-in in order to be able to decrypt and verify emails.

Thanks!