Page MenuHome GnuPG

Bug 501820 Missing digital signature for GPGOL Outlook Add-in in GPG4Win 4.4.0
Closed, WontfixPublic

Description

Hey all,

we have upgraded approximately 80 clients with GPG4win from version 4.3.1 to 4.4.0, and the Outlook add-in doesn’t work anymore because the new version 4.4.0 uses an unsigned "gpgol.dll" for the Outlook add-in. In version 4.3.1, the "gpgol.dll" is still signed.

This issue impacts us because we need to configure our Office 365 according to the BSI (GER: „Bundesamt für Sicherheit in der IT“, EN: „Federal Office for IT Security”) standards for Office products. The Federal Office for IT Security regulations state that no unsigned add-ins or macros can be executed.

STEPS TO REPRODUCE
Addin File:

  1. "...\Gpg4win\bin\gpgol.dll"
  2. "Properties" > "Digitial Signatures" tab is missing.

Outlook Setup:

  1. Open "Option" > "Trust Center" > "Trust Center Settings" > "Macro Settings"
  2. Check Option "Notification for digitally signed macros, all other macros disabled
  3. Check Option "Apply macro security setting to installed add-ins"

best regards
Jens

Details

Version
GPG4Win 4.4.0

Event Timeline

werner added a subscriber: werner.

Gpg4win is a community version and we may or may not apply Authenticode signatures. You can do that yourself, after having checked our OpenPGP release signature. You may however be interested in GnuPG Desktop, which comes with full support and also Authenticode signature.

werner claimed this task.
werner removed a project: Won't Fix.