GpgOL does not show signature validation of German Buerger-Cert-Warnings for some months
Open, NormalPublic

Description

With both Microsoft Outlook for Office 365 MSO (16.0.11929.20144 + 20234) 64 Bit

If I view the email using Windows 10 Mail (Exchange Online) I see the signature.asc attachment. In Outlook is is sometimes hidden by GpgOL. In the inbox or with the email opened GpgOL does not show anything about a signature - the email looks as any other unsigned mail. Sometimes during the past months it even empties the mail - so I have data loss. Not that good… I attach one of two todays signed emails copied to the desktop by drag & drop + zipped.


[Update:] That's funny: only the 3rd newsletter today was processed correctly - see screenshot. And I attached it as .msg, too.

Details

Version
3.1.10
OliverL created this task.Aug 27 2019, 3:55 PM
OliverL updated the task description. (Show Details)Aug 27 2019, 3:59 PM
OliverL updated the task description. (Show Details)
OliverL updated the task description. (Show Details)Aug 27 2019, 4:02 PM
OliverL updated the task description. (Show Details)Aug 27 2019, 4:07 PM
aheinecke added a project: gpgol.
aheinecke added a subscriber: aheinecke.

Hi,

can you hover over the GpgOL Icon and look at the tooltip? Maybe there was an error during validation.

But I'll also look at the zipped messages myself. Thanks a lot for your detailed report and example files.

Best Regards,
Andre

aheinecke triaged this task as Normal priority.Aug 30 2019, 9:18 AM

Hi Andre,

thank you for taking action. If I open the .msg files with e. g. Notepad++ and Ctrl-End, I see the PGP signature in both.
But the tooltip in mail 1 says "no data".

Kind regards from Dortmund :-)
Oliver

Mmh, No Data usually means that our parser had a hickup. I'll look at your examples.

Mmh, No Data usually means that our parser had a hickup. I'll look at your examples.

If helpful I can demonstrate or let you debug in a TeamViewer (I have a license) or VNC remote session in a fresh VM.
For sure this is not urgent for me. So, take your time!

JW-D added a subscriber: JW-D.Sep 4 2019, 6:17 PM

I have the same problem since today with Outlook 2016. In the past months / weeks GpgOL version 2.4.2 worked fine. I received some mails today signed by the German Buerger CERT warnings. The signature as "asc" file was attached, but could not be verified. Today I received also a PGP signed e-mail from Hasso-Plattner-Institute (Identity leak checker), also this signature could not be checked. Both worked fine in the past and the public keys stored in Kleopatra are valid.

This is suprissing, because it never happened before. I assume it is a general problem of the addon. I open for some tests, if I receive an advice how to carry it out.

JW-D added a comment.Sep 9 2019, 9:33 AM

The signature of the latest communication from German Buerger CERT Warnings could be read and the signature could be verified. I tried also with Hasso-Plattner-Institute (Identiy leak checker), the same result. I do not understand, why all signature verification failed last week, and they can be verified this week. However, at the moment it seems to work fine.

Last week GpgOL again destroyed an email with a BSI newsletter - it was shown as empty after I opened it a second time - and the same is true in such cases then in Windows 10 Mail as well as using Outlook Web Access:

I'll try to look at it this week. Apologies for the delay with this.

There is no reason for apologies :-). As far as I know this all is open source, freeware and you don't get paid for this, right? So, I simply also try to add my contribution by most precise error reports to help to find the error and am grateful if it will be solved one day in the future :-).

JW-D added a comment.Sep 9 2019, 4:51 PM

Today a new signed message from BSI Buerger CERT was received. The PGP signature could be verified by first opening of the document. As I opened the file some hours later again, it failed, as I opened it a third time (shortly after the second time), the signature was verified. Outlook was not closed between the second and third opening. Signature verification appears unstable.