Page MenuHome GnuPG
Create Task
Maniphest T7836

GpgOL: Both disable and prefer S/MIME does not work
Closed, InvalidPublic
Actions

Description

It looks like the S/MIME settings (disable/prefer) are ignored:
a) Regardless of being disabled, decryption seems to work and pinentry shows up for the smime key
b) Regardless of preference, openpgp keys are used for encryption (when security approval dialog is disabled)

a) To reproduce the disable issue:

  1. Disable smime
  2. Kill background processes and restart Outlook
  3. Open a smime mail => pinentry shows up and mail is decrypted

b) To reproduce the preference issue:

  1. Make sure you have both secret openpgp and smime certs (I tested with ted)
  2. Deactivate "Always show security approval dialog"
  3. Enable S/MIME and activate "Prefer S/MIME"
  4. Kill background processes and restart Outlook (just to be sure)
  5. Send an encrypted/signed mail => always openpgp encrypted/signed

Note: I had both secret openpgp and smime keys of ted/edward in keyring and both accounts in outlook added, if that matters

Details

Version
vsd-3.3.90.16-beta

Related Objects

Event Timeline

timegrid created this task.Oct 2 2025, 12:25 PM
timegrid added a project: S/MIME.Oct 2 2025, 1:14 PM
timegrid added a comment.EditedOct 2 2025, 2:09 PM

(removed: wrong statement)

ebo renamed this task from GpgOL: Activate/Prefer S/MIME does not work to GpgOL: Activate "Prefer S/MIME" does not work.Oct 9 2025, 9:36 AM
ebo triaged this task as High priority.
ebo moved this task from Backlog to Triage on the gpgol board.
ebo added a comment.Oct 9 2025, 5:02 PM

Might this be related to T4953?

ebo mentioned this in T6548: GpgOL: Prefer S/MIME might result in different results with internal and external resolution.Oct 9 2025, 5:08 PM
timegrid renamed this task from GpgOL: Activate "Prefer S/MIME" does not work to GpgOL: Both disable and prefer S/MIME does not work.Nov 6 2025, 8:57 AM
timegrid updated the task description. (Show Details)
timegrid updated the task description. (Show Details)Nov 6 2025, 9:11 AM
timegrid mentioned this in Unknown Object (Maniphest Task).Nov 6 2025, 3:01 PM
ebo added a comment.EditedMon, Feb 2, 4:47 PM

a) Info given by @mmontkowski: decryption can't be disabled

b) sounds like a bug

Could you create a log file, @timegrid?

ebo updated the task description. (Show Details)Mon, Feb 2, 5:07 PM
timegrid assigned this task to mmontkowski.Tue, Feb 3, 12:31 PM

a) Here's a log anyway (ignore it, if decryption does always work):

gpgol.smime-disabled_smime-mail-decrypted.log579 KBDownload

Note: If that's the case, the setting label might better be "Enable S/MIME encryption".

b) Another log for the preference setting (smime and pgp key in keyring, smime prefered, pgp mail sent):

gpgol.smime-prefered_openpgpg-mail-sent.log2 MBDownload

mmontkowski closed this task as Invalid.Thu, Feb 5, 2:24 PM
mmontkowski moved this task from Triage to Done on the gpgol board.
mmontkowski removed projects: vsd34, vsd.

The problem resulted from a split up key (one for encryption and one for signing) Resulting in no SMIME encryption key found for one recipient and thus falling back to OpenPGP.

See T8089

timegrid mentioned this in T8089: GpgOL has problems looking up splited keys.Thu, Feb 5, 2:43 PM