Page MenuHome GnuPG

you cannot be sure who encrypted this message as it is not signed
Closed, DuplicatePublic


Everything was working fine, but after I got a new laptop and new email domain (.qa instead of .com), encrypted emails (in & out) can't be read, showing the error message "you cannot be sure who encrypted this message as it is not signed" screenshot attached.

Outlook 365, ver 2308

Can you help please? coz this is stopping critical communication with other parties.



Event Timeline

aheinecke added a subscriber: aheinecke.

Ok. Let me unpack this for you. I think your problem is that now since you switched to your new domain the mails in Outlook are no longer directly decrypted, then you open the attachment and get this message.

So the underlying problem is more likely that your new mail server modified the mail in a way that they are no longer detected by the Outlook plugin to be encrypted and not just unencrypted mail with an encrypted attachment. T6686 would fix this for you.

In the next Version of Gpg4win this will work btw. since we have a new feature planned to be able to open these attachments in Kleopatra and get a view.

If you like to verify this please see for instructions how we could analyze this better.

Thank you for your reply.

Yes I confirm your assumption, that emails are no longer directly decrypted, and I open the attachment and get this message.

However, I checked the case you refer to "", but I couldn't spot what's the resolution.

I found your following comment "Will be fixed in the next release. Your test message was correctly detected as an encrypted message. I just couldn't decrypt it as I accidentally sent you the wrong demo key :) But it shows the "OpenPGP encrypted message" and to which keys it is encrypted now.
Will be fixed in the next release. Your test message was correctly detected as an encrypted message. I just couldn't decrypt it as I accidentally sent you the wrong demo key :) But it shows the "OpenPGP encrypted message" and to which keys it is encrypted now."

Could you please elaborate more what need to be done to solve this issue?
or I just need to wait for the next Gpg4win version? and when it will be released?

FYI, we raised ticket with Microsoft as well and after several troubleshooting sessions they concluded nothing from The Outlook and issue most probably with GpgOL plugin

and FYI, normal file encryption is working fine, the issue with Outlook plugin only

Appreciate your urgent feedback .. as all encryption communication in my company is pending this to be solved.

Yes the resolution in that issue is "I have fixed this, you need to wait for the next update." The comments above explain the problem, the mail is modified in transit, if you change something there then you can maybe workaround in the meantime. The exact comment I linked gave the instructions on how to assist with analyizing this issue. If you would follow them I could also tell you for sure weather or not this is your problem.

I can't tell you when a new Gpg4win / GpgOL version will be released as we have no fixed date. But maybe I'll update a beta which would work for you.

Mh, closing this as invalid is wrong. I close it as duplicate of T6686 now because I currently think it is the same underlying issue.

Thanks once more... and appreciate your swift response.

To ensure it's the same issue and hopefully will be solved in the next release, can I send you a test encrypted email so you can check and confirm?
If so, I think I'll need to send you my public key and get yours? what is your email to communicate for that?

I sent the test encrypted email

Appreciate to check and feedback

Received, but it is not the same problem at least on your side. Your mail looks perfect. It would have been handled by any version of GpgOL on my side. So I think it is the receiving side meaning your incoming crypto mails are modfied by some middleware in a way that GpgOL does not detect them as crypto mails anymore. But before we debug more here with logs for you, let me finish up some other work on GpgOL and I can probably give you and some others in the tracker here a beta this week where we can then confirm if its already fixed. I'm currently actively working on GpgOL.

To say this differently, the problem fixed recently which Relaxed detection of encrypted mails might still fix your problem. But the "corruption" of the mail which makes it harder to detect as a crypto mail for GpgOL does not happen when you send a mail, it appears to happen when you receive a mail.

Just out of curiosity, can you decrypt mails in your sent emails folder?

Yes, I can decrypt my sent mails, in my Sent folder

also, it's strange that you could decrypt my mail, as the person I'm testing with (, can't decrypt my mails !

I tested once more with another person, issue confirmed, he can read my encrypted mail (as you did), however, I can NOT read his emails (with the same error: you cannot be sure who encrypted this message as it is not signed)

Appreciate to let me know when possible to have the fix for this issue.. as my company is pushing me to find an alternative encryption tool if problem continue for long

I am pretty sure that we can fix that issue and have a beta for you maybe even today or tomorrow. But afterwards we should talk about your company actually using a product with professional support (which you are getting right now from me) like GnuPG Desktop. Gpg4win is basically only "goodwill" support.

If you want to further help please reproduce the issue with a test mail send to yourself and my test account and then drag & drop the mail to the file system from your inbox and put it in a zip archive and send it to unencrypted. Important to do it this way with the zip archive to ensure that the mail is not modified and that I can see exactly how it looks in your inbox.

But first please delete "" from your keyring and use attached key for the test:

In the other ticket I accidentally uploaded a wrong test/demo key which I had only temporarily created.

Thanks Andre for your response..

I sent you the mail as requested. hopefully it's correct.

Let me know pls if anything else I need to do.

Hi Andre,

Any update please about the beta version?

And where I can find information about GnuPG Desktop features vs Gpg4win, and price?

Working on both. Beta will come later today, I had one on friday but did not upload it yet and need to recompile it first.

With regards to GnuPG desktop I send your information to one of our team. That we currently don't have a good english offer or language page for this is a bit bad because we mostly sold it through direct sales and not over a website.

Please try: This should solve your problem. And if not you can now open the encrypted attachments with Kleopatra and it will show your mail.

Thanks .. will try it now

Important question pls:
To be able to read my old encrypted emails ( .com) and to use the encryption with my new domain ( .qa) at same time, do I need to create new Private/Public key with (.qa) and use it for future communication, and import my old (.com) Private key to read the old encrypted mails? so to have two Private keys?

or I should follow different procedure?

I've installed the Beta version, but issue still exist !!
My encrypted mails are readable by the other party, while I can't read his mail giving the same error msg "Decryption succeeded ......... Note: you cannot be sure who encrypted this message as it is not signed" , while I can read my sent encrypted mails.
see attached.
Any suggestions?

strange, your test mail in the attachment decrypted for me, too. What happens if you now use the "Show EMail" button?

this is what I'm getting when trying to open the mail then the attachment. Am i missing something?

and where I can find "Show EMail" button

There in the last screenshot on the right. Btw. since the mail you sent me with the ZIP archive looked also fine to me, there might be another problem here. Could you try disabling your other Addons in Outlook temporarily and check if that might solve the issue? Other addons are also often a cause for some unusual client behavior. You can do that if you go to File -> Options -> Add-Ins -> Manage COM Addins, and then unselect others just for a test.

Ah wait, in the first of your screenshots it is obvious which addin is modifying your mail so that we don't see it as an encrypted mail anymore. It is that warning text from the protection Addin that you should report that mail if you are unsure where it came from. That would cause such problems because when it inserts this text the type of the mail is changed and it is no longer detected as an encrypted mail.

I disable all Addons (see screenshots) and restarted the Outlook, but still getting the same warning when trying to open the email.

It may be some essential feature in Outlook?!

Maybe its not a com addin but one of the New JavaScript webapi addins? They have a different menu to disable. Definetly not an outlook feature its this protectit thingy. But have you now Trierdto open the mail from the Kleopatra menu? That is the cool New feature we are currently working on.

Thanks a lot Andre ... I believe it's solved.

our IT team disable this Warning message then I did few test mails and I can decrypt the mail.

Moreover, to be able to decrypt/read my old (.com) mails, I imported my (.com) private and public keys, then I'm able to read the old decrypted mails.

I'll do some more testing and will let you know if any observations.

Meanwhile, can you please share how to use the new feature "open the mail from the Kleopatra menu" would be nice to test it.

Meanwhile, can you please share how to use the new feature "open the mail from the Kleopatra menu" would be nice to test it.

Yes we will make a video about this.


^ Yaser in this picture. Do you not see on the right side do not see the button "Show Email". I want to know from you what happens when you click on this ;-) That would really be interesting to me from a testing feedback standpoint.

that's really cool :) .. I tested now with a mail whole having the Warning message, I press "Show Mail" and it indeed open .. see the pic.
very nice feature indeed.

Happy to help with any further testing :)