I imported 39 certificate files at once with Kleopatra with about 700 certificates and it worked. Took a long time though so It would be nice if Kleopatra would show a progess indicator or some indication that the import is running. But this is a different issue.

Or a better tl;dr; When you send mails without "inline" option everything is fine and standardized. The problem is that the old version of GpgOL that your college uses is too stupid to handle this ;-)

Yes your colleague should or basically needs to upgrade. 2.2.3 is very outdated. There are security issues that were fixed by then etc.

In T4515#125651, @aheinecke wrote:

Hi,

What client does your colleague use so that you have to use PGP/Inline?

That format where the attachment is it's own PGP Encrypted file is very problematic. You basically have mutliple signature and encryption states. An attacker can easily remove or add attachments to the message. The attachment name is leaked. etc. Also see: https://wiki.gnupg.org/PgpPartitioned

Our opinion is that if you really _have_ to use PGP/Inline that you must do so manually using Kleopatra's notepad and Encrypted files.

I am a bit unsure if I just close this as "Wontfix" or move it to Wishlist. I think for now I go with Wishlist but do not expect that feature soon. At least until maybe some really important use case comes up.

Anyway, thanks for your feedback. It is always valuable to know what users would like to have.

Best Regards,
Andre

What client does your colleague use so that you have to use PGP/Inline?

The last lines that the process currently holding wrote in the log:

To reproduce this issue I started Kleopatra with an empty GNUPGHOME and imported 10 S/MIME certs at once (which spawns a gpgsm process each) with enabled logging.

Mmh no. This needs to go into the resolver. If autoresolve is disabled we also want to have that functionality. Having the ca config in libkleo would also help to use the same values in Kleopatra for a CSR.

Good to hear this request from someone else, this gives it more priority :-).

But sadly I can't see any problem with the mail. Looking at the source of the mail it has the image as one attachment. That attachment is displayed. There are no other attachments part of the mail and so other clients also only show that one attachment.

I have sended the email...

Without more reports and without the info needed to analyze this further I'm lowering the priority.

I think this can go to wontfix for now. Inline PGP inside of S/MIME,.. well that is not good.

This was fixed.

Unsupported protocol still means something with your GnuPG installation is strange.
Whats surprising me most here is that Kleopatra works for you.

I've looked into it alot first: If I use outlooks builtin S/MIME support it also does not work for me, at least over SMTP. I see the attachments but they have unknown type and if I double click them I get errors.

This was fixed afaik in 3.1.7 please let me know if this still does not work for you.

No more reports about this in a while.

3.1.6 is released.

3.1.6 is released

3.1.6 is released.

3.1.6 is released.

3.1.6 is released please use that one.

I think I found it. The problem was that for mails without headers the S/MIME detection would fail and the mails would still be handled by GpgOL. I think this together with the fixes for T4403 / T4267 should finally solve this with Gpg4win-3.1.6

This has been implemented.

If the filename embedded in the encrypted message differs from the filename Kleopatra uses (which is derived from the file system filename) Kleopatra will now show the filename. This should cover the case where users receive an "Attachment.pgp" and do not know what that is.

I'm changing this to testing as the original problem is now fixed with a good solution that properly detects the contents of ms-tnef wrapped messages.

b8d651c4d083d2295cdd75e9f5882ab36ef8f418 Fixes this issue.

Hi - that did the trick. The linked gpgol.dll loads without any issues. However the decryption of e-Mails don't work. I get the
"OpenPGP Encrypted message (decryption not possible) Could not decrypt the data: Unsupported protocol" error.

Yeah, that worked halfways. Meaning, if I try to send the forwarded mail
from inline / reader / docked mode, the Button lights up but no sending
happens. If I send it from undocked window, it works and the original
problem doesn't happen.

see: https://wiki.gnupg.org/TroubleShooting#Manually_update_GpgOL_to_a_beta

This is very strange, common to all the crashes in the log is that they happen while a keylisting is running and before the first key from that keylisting is returned. But this could be a red herring because the keylisting is always started immediately in a background thread and so it would be normal that if the crash occurs immediately that it would still be running. The keylisting code is extremely similar to Kleopatra though. So I don't understand why Kleopatra would then work for you.

Since I configured call tracing the running O365 Client dies immediately after activating the addin. Same happens now if I activate the addin.
Anyways, here is the log.

Thanks for the report. Log looks not unusual.

I think that this might have the same underlying reason as the fixed T4321 (still open because it was not yet released).

Additionally that workaround is a bad idea because on closing Outlook it
leads to the GPG4Win error "Not all plain text could be removed, it's
possible that plain text from decrypted mails was transferred to your
server." (roughly remembered text-wise)

Something to add: This also affects deleted drafts. If I write a new email and decide to delete & not send it, Outlook saves the aborted draft in the trash without encryption.

Somehow I thought that storing drafts locally was not only configurable but the default. But you are right, I also can't find a way to change the storage location.

Hi,
sorry for the late reply. I cannot reproduce the issue.

If there is a way to disable sychronisation of the draft folder in Outlook 2019 when using IMAP, it could mentioned in the meantime, but I couldnt find it.

Also reported for Contacts in T4161.

I think that this is the same as T4388 So I'm merging it in.

Regarding 1. That is currently not possible. It is something we should have but which we did not yet implement. I'll move this out into a feature request.

The other option would also work for me. Thank you!

I agree! THANKS