GpgOL: Unencrypted drafts on server even if draft encryption is on
Open, HighPublic
Actions

Assigned To

Authored By

	• aheinecke
	Aug 12 2020, 3:07 PM

Description

Unencrypted drafts can be recovered by using the "recover recently deleted items" feature from Outlook / Exchange.

This can mean an unintended plaintext leak to the server when a user wants to encrypt and had added enabled draft encryption.
As we marked draft encryption as no longer experimental with GpgOL-2.4.6 this gets high priority.

Details

Version: master

Revisions and Commits

rO GpgOL
	rO9f81ed6561c5 Change encryption to work on OOM
	rO1da8ce950401 Enforce sync_enc option

Related Objects

Mentioned Here: T4131: Sending a mail with Office attachments fails on Outlook 2016 with gpg4win 3.1.3 (GPGOL 2.3.0)

Event Timeline

• aheinecke created this task.Aug 12 2020, 3:07 PM

Further analysis shows that this only happens when async crypt is enabled.

So as a workaround users can enable the "Block Outlook during encrypt / sign" option.
Due to T4131 this is always the case when attachments are part of a mail. So this also only happens for mails without attachments.

• aheinecke added a commit: rO1da8ce950401: Enforce sync_enc option.Sep 4 2020, 12:20 PM

• aheinecke added a commit: rO9f81ed6561c5: Change encryption to work on OOM.Jan 8 2021, 6:14 PM

• werner mentioned this in Unknown Object (Phriction Wiki Document).Sep 26 2024, 3:36 PM