Maybe its not a com addin but one of the New JavaScript webapi addins? They have a different menu to disable. Definetly not an outlook feature its this protectit thingy. But have you now Trierdto open the mail from the Kleopatra menu? That is the cool New feature we are currently working on.

I disable all Addons (see screenshots) and restarted the Outlook, but still getting the same warning when trying to open the email.

Ah wait, in the first of your screenshots it is obvious which addin is modifying your mail so that we don't see it as an encrypted mail anymore. It is that warning text from the protection Addin that you should report that mail if you are unsure where it came from. That would cause such problems because when it inserts this text the type of the mail is changed and it is no longer detected as an encrypted mail.

There in the last screenshot on the right. Btw. since the mail you sent me with the ZIP archive looked also fine to me, there might be another problem here. Could you try disabling your other Addons in Outlook temporarily and check if that might solve the issue? Other addons are also often a cause for some unusual client behavior. You can do that if you go to File -> Options -> Add-Ins -> Manage COM Addins, and then unselect others just for a test.

this is what I'm getting when trying to open the mail then the attachment. Am i missing something?

strange, your test mail in the attachment decrypted for me, too. What happens if you now use the "Show EMail" button?

I've installed the Beta version, but issue still exist !!
My encrypted mails are readable by the other party, while I can't read his mail giving the same error msg "Decryption succeeded ......... Note: you cannot be sure who encrypted this message as it is not signed" , while I can read my sent encrypted mails.
see attached.
Any suggestions?

Thanks .. will try it now

Please try the following beta: https://files.gpg4win.org/Beta/gpg4win-4.2.1-beta55/gpg4win-4.2.1-beta55.exe This should solve your problem. And if not you can now open the encrypted attachments with Kleopatra and it will show your mail.

Please try: https://files.gpg4win.org/Beta/gpg4win-4.2.1-beta55/gpg4win-4.2.1-beta55.exe This should solve your problem. And if not you can now open the encrypted attachments with Kleopatra and it will show your mail.

Working on both. Beta will come later today, I had one on friday but did not upload it yet and need to recompile it first.

Hi Andre,

Ok and its possible to know, how long its should usually take to make new release ?
Can you tell me more about support contract or when i can find more information about it ?
Regards
Lukas

I guess you need to wait until we do a new release. If your company relies on this software it might be a good idea to enter into a support contract as other do.

i dont get any responce, what is next step in this case.
Regards
Lukas

Thanks Andre for your response..

I am pretty sure that we can fix that issue and have a beta for you maybe even today or tomorrow. But afterwards we should talk about your company actually using a product with professional support (which you are getting right now from me) like GnuPG Desktop. Gpg4win is basically only "goodwill" support.

I tested once more with another person, issue confirmed, he can read my encrypted mail (as you did), however, I can NOT read his emails (with the same error: you cannot be sure who encrypted this message as it is not signed)

Yes, I can decrypt my sent mails, in my Sent folder

To say this differently, the problem fixed recently which Relaxed detection of encrypted mails might still fix your problem. But the "corruption" of the mail which makes it harder to detect as a crypto mail for GpgOL does not happen when you send a mail, it appears to happen when you receive a mail.

Received, but it is not the same problem at least on your side. Your mail looks perfect. It would have been handled by any version of GpgOL on my side. So I think it is the receiving side meaning your incoming crypto mails are modfied by some middleware in a way that GpgOL does not detect them as crypto mails anymore. But before we debug more here with logs for you, let me finish up some other work on GpgOL and I can probably give you and some others in the tracker here a beta this week where we can then confirm if its already fixed. I'm currently actively working on GpgOL.

I sent the test encrypted email

Thanks once more... and appreciate your swift response.

Yes the resolution in that issue is "I have fixed this, you need to wait for the next update." The comments above explain the problem, the mail is modified in transit, if you change something there then you can maybe workaround in the meantime. The exact comment I linked gave the instructions on how to assist with analyizing this issue. If you would follow them I could also tell you for sure weather or not this is your problem. https://dev.gnupg.org/T6686#174856

Thank you for your reply.

This sounds a bit more like you would maybe better suited with a batch script or command line usage anyway if you always want to encrypt in the same way you don't really need a fancy GUI for that.

Ok. Let me unpack this for you. I think your problem is that now since you switched to your new domain the mails in Outlook are no longer directly decrypted, then you open the attachment and get this message.

Hi, it would be great to make Kleopatra remember the last used settings.

Thank you for your time and your answer, we really do appreciate your work. We invested in this in hope to help make the software better. Please try it, so you will see how it works. We were able to reproduce the problem the way I described. When installed as a normal user it won't work. Installed as an Administrator user it works. So the more secure way does not work currently.

The way how you install it can have nothing to do with that, it must be a different issue, but it sounds to me like you are messing with privileges a bit too much. Did you ever receive the warning of Kleopatra that you are running it as Administrator and that will mess up the rights in your GnuPG folder? Be honest. :)

You mean if you right click on a file and select sign & encrypt or if you choose the action from Kleopatra?

So by we already have code to handle this problem, we had code for "No body but multipart/mixed" and your message was "empty body but multipart mixed" so I just needed to also check for an empty body and the code worked.

Ah damn, now that I closed this as a duplicate I found that we already have code to handle this problem.

Well the message is content-type multipart/mixed. For GpgOL to investigate the mail it needs to be multipart/signed oder application/encrypted or application/pgp-encrypted. (and some other things) But multipart/mixed is something that we don't take a second look at because this means "unencrypted mail with attachments."

For reference this is the code used to fill the pubkey table:

static gpg_error_t
store_into_pubkey (enum kbxd_store_modes mode,
                   enum pubkey_types pktype, const unsigned char *ubid,
                   const void *blob, size_t bloblen)
{
  gpg_error_t err;
  const char *sqlstr;
  sqlite3_stmt *stmt = NULL;

You are right - issuing an SQL statement returns the rrror. Hwoever, the selfcheck from sqlitebrowser does not show any errors.

In T6679#174951, @werner wrote:

The copy of the database we received for this case is not damaged. A possible problem might be insufficient rights to read the database. For example created with an Admin account and then later used by a different user.

The copy of the database we received for this case is not damaged. A possible problem might be insufficient rights to read the database. For example created with an Admin account and then later used by a different user.

thank you, i send you test mail
Regards

Hi, my suspicion with the different tenant is that some middleware of yours is inserting something like "DANGER this could not be Virus Scanned by your super secure and expensive middleware" which then results in the mail beeing multipart/mixed instead of pgp/encrypted in the MIME type. Could you ask your communication partner with the problem to send such a mail to you and with CC to "andre.heinecke@demo.gnupg.com

I was trying to solve it with support, but it was not solved until today, this issue we are facing more thank like 2years.
I guess its need to be solved with more advanced support than classic one.
Regards

Looks more like a support question but feel free to create a sample message, encrypt it to info at gnupg.com (WKD) and attach that message to this report.

This is a support requests. Please consult one of the mailing lists or the gpg4win forum. In case this turned out to actually be a bug, please feel free to reopen it.

Hi,
This is a classical support question. Please use one of the community channels under:
https://www.gpg4win.de/community.html
for this.

So this works for me now. The user where we build gpg4win has local diversions in ~/bin so as to not affect the GnuPG builds in any way and in the dockerfile we use update-alternatives to select the posix flavor.

Need to do this for the docker image and this way document how to do that with update alternatives. For our build setup it made most sense to manually link it only for the Gpg4win build user and not a system wide change.

No problem ;) Sorry for my snarky reply. Hope it worked for you now.

Noticed this issue was still open. This was resolved.

OK, I'm sorry, please accept my apologies for not having read the dialog message carefully enough. It seems I ignore the second sentence, replacing it with the omnipresent "Do you want to continue?" in my mind. Maybe the excuse is that it was terribly hot and damp in my office, preventing me from thinking.

😂 Skandal! Ein BUG!: "Möchten Sie die Installation ohne Administrator-Rechte fortfahren?" und Sie sagen "Nein". Ja dann brechen wir ab weil sie eben *nicht* fortfahren wollen.

Strong objection to close: When answering the question with "no", installation aborts!

This could have something to do with our changes to g4wihelp.c to adapt to the new plugin API.

You can install Gpg4win without admin rights. It requests "Highest available" rights by default to be installed into the protected Program Files (x86) folder. When you are not in the Administrators group It will install into your home directory much like firefox does. Any maybe if you don't want to leave a footprint installing Gpg4win on the System (without admin rights) where you don't have admin rights is kind of beside the point. You either leave a footprint by the installation or you could just use the installed Gpg4win there.

[For bug reports please don't refer to some other site - at least a brief but useful description should always be included]

I added my script to find icons, used in our packaging file. It is extremely stupid as it just greps the source for each icon and takes quite a while but it works for me and I can simply run it in the background. This was just a hacky "worksforme" solution, and we probably want to do it differently. Using a single expression for all the icons would already be a large improvement but I just did not care about that. It also does not really generate the -inst files and requires manual work. But since we probably will do it differently in the future anyway I just commited what I have right now. It does not take care of icon removals and so on. So we might need something with a bit more development put into it.

I have the website repo now filtered and ready to be pushed but the write access to repos only hosted on phabricator does not work. We probably need repos on playfair.gnupg.org and only then mirror them here. Since werner is currently busy and I need him for that I will do that tomorrow or wednesday. As tomorrow I am on the road.

I have created the repo now. https://dev.gnupg.org/source/gpg4win-compendium/

That was not me. I would much prefer to have the website in its own repo with its own contributors and so on. Maybe we could also do this then.

I am not sure what autoconf -o does though?

Ok cool, I think then you can mostly use git-filter-repo to filter out the history of the manual subfolder into a new git empty repo. Just give the word and I can create one here on dev.gnupg.org where you can then push to.
I am not sure what autoconf -o does though? How are the replacements handled which were defined in confiugure.ac etc?

What I tried so far (after checking out de40f2fe3336c63e5f73cce93402a73029779fd3, the commit before you removed the compendium):

I am reopening this at least for testing as we have reports that another client is facing the issue with recent versions and also with verified mails .

I spent my afternoon with git-filter-repo and while that worked nicely I failed to come up with a new build system for the compendium that worked, I tried to do the full autotools shebang but in the evening I realized that a simple static Makefile would probably be better like with the website branch. But I leave that to someone else. I will now tag gpg4win-4.2.0 as "the-last-compendium" and include the pdfs from that version from now on and just remove the compendium from master.

Oh wait. That shows a Problem in our side. We should include the full chain in our signature. I am renaming your task and will at least investigate if we do or if that maybe changed the last time we updated the certificate. Which might have been after 4.0.3

OK, had to install the intermediary CA certificate from https://support.globalsign.com/ca-certificates/intermediate-certificates/code-signing-standard-ev-intermediate-certificates . For some reason it was missing from my system.
After installing things look good.

this is not true. Our installers are always signed, even the included binaries are mostly signed.

Other options would be

• to display a warning if there are inline images in the email.
• an option not to automatically sign emails if they contain an inline image.

Thanks for the suggested workaround, I am going to try that. And thanks for pointing out this could be related to something like a Yubikey attached. Having the same symptoms as those described in T4581 and here.