diff --git a/NEWS b/NEWS
index 43483c9..722ef87 100644
--- a/NEWS
+++ b/NEWS
@@ -1,1066 +1,1078 @@
Noteworthy changes for version 2.5.15 (unreleased)
==================================================
+ * New feature to handle encrypted mails processed by the Titus data
+ classification software. This can be disabled by setting the GpgOL
+ Registry key "disableTitusHandling" to the value "1".
+
+ * New optional feature to disable the automatic verification or
+ decryption in the mail preview window. This feature can be enabled
+ by setting the GpgOL Registry key "disableAutoPreviewHandling" to
+ the value "1". If enabled the new "Start Decryption" context menu
+ item may be used to decrypt or verify a mail.
+
+ * Fixed a crash on certain mails. [rO34d53b4309]
+
Noteworthy changes for version 2.5.14 (2024-08-28)
==================================================
* Added support for message/rfc822 encapsulated
MIME parts. They are shown as attachment. (T7266)
* Improved handling of attachments with names
that cannot be represented on a Windows file
system. (T4835) (T6864)
* Fixed a potential crash which could rarely
occur after decryption and / or verification.
(rO8349fea6)
Noteworthy changes for version 2.5.13 (2024-08-21)
==================================================
* Fix duplications of shown attachments and other
oddities in signed mails.
Regression was introduced after 2.5.6. [T7242]
* Fixed additional incompatibilities with third
party mail clients where multipart/signed mails
would be shown as empty, after opening them with
GpgOL. (since 2.4.6) [T7242]
* Fixed that mails were marked directly as read
when viewed in GpgOL, disregarding the Outlook
settings. [T7223]
* Staticaly link with the threads library for
improved robustness. [T7241]
* Update the Italian translation.
Noteworthy changes for version 2.5.12 (2024-01-02)
==================================================
* Fixed a crash that could occur when switchting to
Outlook applications back to mailview while an
encrypted mail was visible. (T6861)
Noteworthy changes for version 2.5.11 (2023-11-29)
==================================================
* Moved initialization code from DLL Load point to
COM initialization. (T6856)
Noteworthy changes for version 2.5.10 (2023-11-29)
==================================================
* Internal attachments are now called
GpgOL_MIME_strucutre.mime to make it easier to
link them to Kleopatra. (T6656)
* Improved compatibility with other mail clients
or mails that might have been modified in transfer
to still be able to decrypt them. (T6686)
* It is now possible that after a warning users
can encrypt to S/MIME certificates which are not
trusted due to CRL errors or an untrusted root
CA. This is not VS-NfD compliant. (T6701)
* The error handling was improved if a preference
for S/MIME is set, signing selected but no signing
certificate can be found.
See: https://gnupg.com/vsd/registry-settings.html
How to add a custom message for that case. (T6683)
* Draft encryption with S/MIME certificates now
skips CRL checks and is much faster and reliable
now. (T6827)
Noteworthy changes for version 2.5.9 (2023-08-02)
=================================================
* Additional handling for multiline and language
encoded attachment names according to RFC2231.
(T6604)
* Fixed an issue with S/MIME opaque signed mails
where the contents of invalid signed mails would
not be shown. (T6624)
Noteworthy changes for version 2.5.8 (2023-07-07)
=================================================
* Fix crash for attachments without filename.
(T6546)
Noteworthy changes for version 2.5.7 (2023-05-16)
=================================================
* Fix for potential plaintext leaks. (dd3ff839)
* Ensure category and flag changes are saved
before decrypting a mail. (T4127)
* Fix truncation of short mails with a single
"protected-header" text/plain part. (T6357)
Noteworthy changes for version 2.5.6 (2022-12-19)
=================================================
* Fix theoretical integer overwflow in TLV parser.
Noteworthy changes for version 2.5.5 (2022-10-13)
=================================================
* Fixed IMAP access to encrypted mails. (T6203)
Noteworthy changes for version 2.5.4 (2022-09-06)
=================================================
* Fixed some encoding problems.
* Support sending drafts with modified sender.
* If an exclamation mark is added to a config
value in HKEY_LOCAL_MACHINE it is now forced
and cannot be changed by the user. (T5827)
* Fixed an issue that could cause a rare
hang when looking at unencrypted mails.
(RT #8917)
* Delete temporary files on error to avoid
problems with existing tmp files. (T5926)
Noteworthy changes for version 2.5.3 (2022-04-20)
=================================================
* Fixed a double free error which could lead
to random crashes. This double free was not
exploitable as a security issue.
Noteworthy changes for version 2.5.2 (2022-02-09)
=================================================
* Fixed re-encryption of drafts after modification
if draft encryption is enabled. (T5812)
* Added setting "auto" for draftKey registry
value to autoselect a draft encryption key.
(T5564)
Noteworthy changes for version 2.5.1 (2021-12-01)
=================================================
* Improved ReadAsPlain detection and plaintext
handling. (T5681)
Noteworthy changes for version 2.5.0 (2021-06-11)
=================================================
* Changed encryption code to work even more on
OOM. This avoids temporarily storing unencrypted
data to MAPI when asynchronously encrypting.
(T5022)
* Added support to encrypt / sign Outlook internal
data objects as attachments like mails, calendar
entries and contacts. (T4184)
Noteworthy changes for version 2.4.10 (2021-01-08)
=================================================
* Fixed a logic error in GpgOL's recipient selection
which caused one recipient to be ignored.
Noteworthy changes for version 2.4.9 (2021-01-07)
=================================================
* Fixed selection of "No Key" for a recipient.
(T5223)
* Fix preview of PGP mails when auto-key-retrieve
is enabled. (T5164)
Noteworthy changes for version 2.4.8 (2020-11-20)
=================================================
* Fixed attachment realted isses because of preview.
Noteworthy changes for version 2.4.7 (2020-09-04)
=================================================
* Fixed an issue that unencrypted drafts were sent
to the server even when draft encryption is on.
(T5022)
Noteworthy changes for version 2.4.6 (2020-07-22)
=================================================
* Improved handling of protected headers mails. (T4796)
* Experimental code for combined S/MIME and OpenPGP
operations and protected headers. Options are:
combinedOpsEnabled, encryptSubject, splitBCCMails
* Fixed handling of WKS mails. (T4839)
* Improved Addressbook integration. (T4874)
* Automatically learn keys from smartcards. (T4877)
* Fix signing key selection for group accounts.
(T4940)
* Show a preview when mail verification takes long.
(T4944)
* Allow changing the printer when printing crypto
mails. (T4890)
* Fix reply crypt selection when signing is selcted
by default. (T4949)
* Properly show level 2 validitity for Mails with keys
from WKD.
* Show a warning when both outlooks internal crypto
and GpgOL is active für a mail. (T4953)
* Fix cases where GpgOL would detect permanently decrypted
mails as still encrypted. (T4718)
* Disable automatic when displaying plaintext mails. (T4987)
* Use a generic filename for attachments that with
characters disallowed by Windows. (T4835)
Noteworthy changes for version 2.4.5 (2019-12-20)
=================================================
* Fix a crash when closing Outlook. (T4787)
Noteworthy changes for version 2.4.4 (2019-12-13)
=================================================
* Enable File -> Save As also for mails opened
in their own window.
Noteworthy changes for version 2.4.3 (2019-12-13)
=================================================
* Improved compatibilty with OWA and other Mail
clients working with the same S/MIME mails. (T4525)
* Added user friendly error handling when attachments
cannot be added. (T4731)
* Fix a crash that could happen in rare cases when opening
broken mails.
* Crypto mails are no longer always classified as
HTML. (T4639)
Noteworthy changes for version 2.4.2 (2019-07-14)
=================================================
* Fixed a possible plaintext leak. (T4662 T4661)
* Fixed an issue when changing plain text options
at runtime. (T4611)
Noteworthy changes for version 2.4.1 (2019-05-15)
=================================================
* Fixed printing of encrypted mails.
* File -> Save As does work for encrypted mails
now.
Noteworthy changes for version 2.4.0 (2019-06-06)
=================================================
* S/MIME Mails now use the same icons as Outlook
* Message classes in GpgOL have been changed to
improve compatibility with other clients.
* Draft encryption was added as an experimental feature.
* GpgOL autosecure no longer triggers for users
without an S/MIME certificate.
* Forwarding of crypto and non crypto mails has been
very much improved.
* Mails without headers are now handled better.
* S/MIME Address book integration was added.
Noteworthy changes for version 2.3.3 (2019-03-26)
=================================================
* Fixed external API for sent mails. (T4241)
* Fixed a crash in debug API. (T4262)
* Fixed some cases where S/MIME was not detected
correctly. (T4267, T4403)
* Fixed tooltip for bad signatures. (T4299)
* Fixed forwarding of sent mails. (T4321)
* Improved generated attachment names. (T4258)
* Added more, less secure automation options.
* Added minimalistic protected headers support.
* Added an option to decrypt mails permanently.
* Improved error handling in case encryption failed.
* No longer silently ignores unsupported attachments.
(T4184)
* Added external API to re-encrypt and decrypt. (T4241)
Noteworthy changes for version 2.3.2 (2018-11-12)
=================================================
* Reduced leakage of private information without
DBG_DATA. (T4193)
* Added handling for Junk folders. (T4188)
* Added a fallback for encoding problems. (T4156)
* Fixed system wide default configuration.
* Improved S/MIME handling.
* Populate keycache on startup.
Noteworthy changes for version 2.3.1 (2018-10-16)
=================================================
* Fixed attachement handling for office and pdf attachments.
* Improved signature info display.
* Added address book integration for OpenPGP.
* Added auto import capabilities for S/MIME.
* Added generic prefer S/MIME mode.
* Various bugfixes and regression fixes.
Noteworthy changes for version 2.3.0 (2018-08-31)
=================================================
* Massive stability and performance improvements.
* New configuration dialog.
* New option to automatically encrypt if possible.
* Moving mails is now possible.
* Improvements to attachment handling with long filenames.
* Support for contact Groups has been added.
Noteworthy changes for version 2.2.0 (2018-06-15)
=================================================
* Removed support for Outlook 2003 and 2007.
* Fixed reply handling of PGP/Inline mails. (T3964)
* Fixed a seemingly random crash. (T3946)
* Added dutch and ukrainian translation.
* Fixed encoding for some PGP/Inline mails. (T3986)
Noteworthy changes for version 2.1.1 (2018-04-24)
=================================================
* Fixed a regression in 3.1.0 that could lead to
decryption errors.
* Fixed internal keycache in de-vs mode.
* Fixed a crash during recipient lookup.
* Improved error handling.
* Keys from WKD are automatically acceptable
for auto encryption.
* Added quick print context menu option.
Noteworthy changes for version 2.1.0 (2018-04-12)
=================================================
* Encryption and Signing has been reworked to, again,
work without Kleopatra.
* WKS Setup is supported in a basic way.
* PGP/Inline is now fully supported.
* Many Bugfixes and Parser improvements.
Noteworthy changes for version 2.0.6 (2018-01-12)
=================================================
* PGP/Inline sending is now compatible with Microsoft Exchange
Online. (T3662)
* A bug that caused encrypted mails not to be displayed has been
fixed. (T3537)
* A bug that caused drafted mails not to encrypt the correct
content has been fixed. (T3419)
* The recipient lookup for Exchange addresses has been slightly
improved.
* When Outlooks internal S/MIME handling code was activated
mails might be sent out unencrypted (T3656)
* Fixed signed only PGP Mails with attachments. (T3735)
Noteworthy changes for version 2.0.5 (2017-12-08)
=================================================
* A crash when receiving crypto mails with attachments without
file extension has been fixed. (T3582).
* Fixed a cause for potentially undefined behavior when closing.
Noteworthy changes for version 2.0.4 (2017-12-05)
=================================================
* Some possible "random" crashes in GpgOL have been fixed (T3484)
* Fixed Outlook hang when selecting and deleting many mails (T3433)
* G Suite Sync plugin accounts are now detected. Only
no-mime PGP/Messages (without attachments) and encrypted only
is supported. Reading is fully supported.
* Basic support for No-MIME inline PGP Encryption (T3514)
* Improved error handling for signed, unencrypted mails (T3538)
* Performance improvements / Fix running out of resources (T3523)
* Improved detection of large PGP/MIME messages and MS-TNEF Messages.
(T3419 , T3542)
Noteworthy changes for version 2.0.3 (2017-11-20)
=================================================
* Additional saveguards have been added to prevent
sending out unencrypted bodys when used with
Exchange 2007.
* Fixed a regression from 2.0.2 regarding message
list display in Outlook 2010 and 2013.
Noteworthy changes for version 2.0.2 (2017-11-16)
=================================================
* A potential crash when pasting recpients was fixed.
* A potential random crash in Outlook 2016 has been worked
around.
* Encoding problems when reading HTML mails have been fixed.
* S/MIME Mails are reverted again if S/MIME is disabled.
* S/MIME Mails through Exchange and sent mails are now
handled correctly.
Noteworthy changes for version 2.0.1 (2017-09-12)
=================================================
* Support for some kinds of PGP Multipart / Signed
mails has been fixed if S/MIME is disabled.
Noteworthy changes for version 2.0.0 (2017-09-12)
=================================================
* Decryption / verification is done in a second thread so outlook
stays responsive while decrypting.
* Opening a mail in a reader window no longer causes Outlook to
resync the mail.
* Inline editors (Reply and Forward in the messagelist) are now
supported.
* The HTML preferences from Outlook are now respected when viewing
an encrypted multipart/alternative mail.
* Two crashes that sometimes occured when sending mail have been
fixed.
* The "Do you want to save the changes" Messageboxes from outlook
no longer show up.
* Signature details are now shown in the Mail ribbon when reading
messages.
* Signature and encryption status is now shown in Outlook through
categorisation. No more popups when reading encrypted mails.
* There is now an Option to use inline-pgp when encrypting mails
without attachments.
* When opening a mail in a reader window closing it no longer causes
the mail in the Messagelist not to be displayed anymore.
* Decryption no longer requires an UI-Server (GPA or Kleopatra).
* Various bugfixes.
Noteworthy changes for version 1.4.0 (2016-03-30)
=================================================
* (OL > 2007) An option dialog has been added to enable / disable
S/MIME support and the new "simplified interface"
* (OL > 2007) An option for a "simplified interface" has been Added.
With this option encrypt / sign is now done while sending,
including all attachments and using a standard format. (MIME Support)
In this mode GpgOL automatically decrypts / verifies messages. And the
only interface are the encrypt & sign buttons in the New Mail tab.
This option is currently disabled by default but will eventually become
the standard.
* 64 Bit versions of Outlook are now supported.
* (OL > 2007) Settings dialog added. (accessible over the new
mail ribbon)
* (OL > 2007) S/MIME Support is disabled by default. Enable it
in the settings.
* (OL > 2007) Reduced amount of syncing done by Outlook while
looking at decrypted MIME mails.
* (OL > 2007) If S/MIME is disabled GpgOL reverts the changes
it made while reading an S/MIME mail so that Outlook can
handle them again.
* (OL > 2007) If GpgOL can't prevent syncing changes through
IMAP or Exchange it tries to restore the original mail so
that other clients can also read them.
* (OL > 2007) Improved lookup of Exchange Sender address.
* (OL > 2007) Fixed crash when Exchange Active Sync (Outlook.com)
is used.
Noteworthy changes for version 1.3.0 (2015-11-24)
=================================================
* Outlook 2010 and later now handle recieved MIME mails.
* A class of random crashes in Outlook 2010 and later has been
fixed. Bug#1837
* Attachments of mime mails with non ASCII characters are
now handled correctly.
* Outlook 2016 is now supported.
* Added translations for Chinese and French.
Noteworthy changes for version 1.2.1 (2014-08-13)
=================================================
* Fixed recipient/sender lookup problems when using Exchange or
Active Directory.
Noteworthy changes for version 1.2.0 (2013-08-19)
=================================================
* Basic support for Outlook 2010 and later.
Noteworthy changes for version 1.1.3 (2011-12-27)
=================================================
* Fix data corruption bug for certain attachments. Bug#1352.
* Fix crash on opening attachments with OL2007. Bug #1110.
* Use the GIT commit ids instead of SVN revision numbers for version
checks and to construct the Windows file version.
Noteworthy changes for version 1.1.2 (2010-07-21)
=================================================
* Add Portuguese translation
* Fixed linking problems with latest libgpg-error.
Noteworthy changes for version 1.1.1 (2010-01-13)
=================================================
* Cleaned up some icons.
Noteworthy changes for version 1.1.0 (2010-01-05)
=================================================
* Replaced most ECE code by direct OOM code. This was required to
support better icons; i.e. icons not limited to a 16 color palette.
* New icons.
* Removed protocol selection. The UI-server is now expected to select
the protocol (i.e. the auto selection mode is now the only one).
Noteworthy changes for version 1.0.1 (2009-09-28)
=================================================
* No more event loop peeking to avoid problem with Office programs.
* S/MIME support is now enabled by default.
Noteworthy changes for version 1.0.0 (2009-06-18)
=================================================
* Show a notice about potential problems.
* After about 2 years of development, the 1.0 version is now due.
Noteworthy changes for version 0.10.19 (2009-02-27)
===================================================
* Save the crypto settings in a message draft.
* Unnamed attachments are now shown with a suffix matching its MIME
type.
Noteworthy changes for version 0.10.18 (2009-01-28)
===================================================
* Handle OL created S/MIME messages.
Noteworthy changes for version 0.10.17 (2008-11-14)
===================================================
* Minor cleanups.
* All operations are now somewhat faster.
Noteworthy changes for version 0.10.16 (2008-11-11)
===================================================
* Fixed a regression in the last release with opaque signatures.
* Fixed PGP cleartext signature verification.
* Encryption of attachments is now much faster.
Noteworthy changes for version 0.10.15 (2008-08-06)
===================================================
* New option to present the body of a message as an attachment. This
is useful to make sure that the body will never show up as
plaintext in the message store.
* New menu item to remove all GpgOL created flags and attachments
from all messages in a folder.
* Icons are now installed for messages processed by GpgOL. For now
only for the German version of Outlook.
Noteworthy changes for version 0.10.14 (2008-05-28)
===================================================
* Minor fixes.
Noteworthy changes for version 0.10.13 (2008-05-06)
===================================================
* Properly handle the disposition of text attachments.
Noteworthy changes for version 0.10.12 (2008-04-16)
===================================================
* Added icons.
* Minor usuability changes.
Noteworthy changes for version 0.10.11 (2008-04-04)
===================================================
* Fixed a performance problem with signed+encrypted.
Noteworthy changes for version 0.10.10 (2008-04-02)
===================================================
* Visual cleanups.
* Changes to the I/O dispatcher.
Noteworthy changes for version 0.10.9 (2008-03-19)
==================================================
* Decrypt opaque signed and encrypted S/MIME mails.
* Handle old-style PGP message with attachments. Note that the
signature verification currently may indicate a bad signature.
Noteworthy changes for version 0.10.8 (2008-03-18)
==================================================
* Fixed a segv introduced with 0.10.6.
Noteworthy changes for version 0.10.7 (2008-03-11)
==================================================
* Changed the way sign+encrypt works to help the UI-server.
Noteworthy changes for version 0.10.6 (2008-03-10)
==================================================
* More tweaks to allow processing of opaque encrypted or signed
S/MIME.
* Shows an error message when trying to decrypt/verify messages not
signed or encrypted.
* Soft line breaks in QP encoded messages are now correctly
processed.
* The sender's address is send to the UI server to allow it to select
an appropriate signing key.
* Automatic protocol selection works now also with signing.
* Processing large messages is faster.
Noteworthy changes for version 0.10.5 (2008-02-18)
==================================================
* PGP inline encrypted mails are not anymore deleted after the first
decryption.
Noteworthy changes for version 0.10.4 (2008-02-06)
==================================================
* Sign and encrypt works now.
* Texts with embedded attachments are now concatenated.
* Encrypted message are now viewable in the sent messages folder.
Noteworthy changes for version 0.10.3 (2007-12-10)
==================================================
* Minor fixes.
Noteworthy changes for version 0.10.2 (2007-11-12)
==================================================
* New menu items to select the default protocol.
* Code cleanups.
Noteworthy changes for version 0.10.1 (2007-10-22)
==================================================
* Auto start the server.
* Code cleanups.
* Made all dialogs language neutral.
* The manual has some notes about the Registry usage and new MAPI
properties.
Noteworthy changes for version 0.10.0 (2007-10-11)
==================================================
* Basically a complete rewrite. A lot of things are still missing but
if might be useful to see the direction the development takes.
Noteworthy changes for version 0.9.91 (2006-10-13)
==================================================
* Fixed a crash in the recipients dialog.
Noteworthy changes for version 0.9.90 (2006-08-28)
==================================================
* Fix problem that message would be sent in clear
text if the user cancelled the operation.
* Cosmetic updates for some dialogs.
* Do not show the 'select signer dialog' when only
one secret key is available in the keyring.
* Fixes for the automatic key selection algorithm
used in the recipient key dialog.
Noteworthy changes for version 0.9.10 (2006-04-25)
==================================================
* Fixes for Umlaut problems.
Noteworthy changes for version 0.9.9 (2006-04-24)
=================================================
* Some cosmetic changes.
* Encryption to the default key works again.
Noteworthy changes for version 0.9.8 (2006-03-28)
=================================================
* PGP/MIME signature verification may now work in some cases.
* New option to prefer displaying of the HTML part.
Noteworthy changes for version 0.9.7 (2006-03-21)
=================================================
* Minor changes
Noteworthy changes for version 0.9.6 (2006-01-26)
=================================================
* Cosmetic fixes.
Noteworthy changes for version 0.9.5 (2005-12-07)
=================================================
* Fixed problems related to use on non-admin accounts.
* Print a warning if used with OL prior to OL2003 SP2.
Noteworthy changes for version 0.9.4 (2005-12-06)
=================================================
* Added translation framework. Provided German translation.
* New option to enable automatic decryption in the preview window.
* Removed deprecated options to configure gpg path and homedir.
* Default key from the option dialog works.
* Support for HTML mails.
Noteworthy changes for version 0.9.3 (2005-09-29)
=================================================
* Fixed bugs introduced with the last release.
* PGP/MIME decryption works now correctly with Latin-1 and utf-8.
* No more pop-ups to ask whether to save changes after just decrypting
a message.
* Fixed a couple of bugs possibly leading to crashes.
Noteworthy changes for version 0.9.2 (2005-09-22)
=================================================
* Saving attachments from PGP/MIME encrypted messages works.
Noteworthy changes for version 0.9.1 (2005-09-19)
=================================================
* Bug fixes
Noteworthy changes for version 0.9.0 (2005-09-04)
=================================================
* Major rewrite. Renamed the package to GPGol. Note, that there used
to be intermediate versions unter the name OutlGPG
* The package as been renamed to GPGol and consist of only one DLL
named "gpgol.dll". Installation of gpgme.dll and libgpg-error.dll
is required.
* It may by now only be build using the Mingw32 toolchain.
* GPGol now uses the standard GPGME.
Noteworthy changes for version 0.6.1 (unreleased)
=================================================
* Fix the problem that the user can just reply with
the encrypted text.
* Fixes for a lot of minor problems with NT5 based
systems and for Outlook version 2003.
* Support for handling HTML mails.
This includes the encryption of the contents and
the proper decryption without losing the special
(html) text attributes like colors.
* Support for '%ENV%' strings for the log file.
Noteworthy changes for version 0.5.5 (2005-07-12)
=================================================
* Support to sign all outgoing attachments.
* Support for logging.
* Fixed some memory leaks.
Noteworthy changes for version 0.5.4 (2005-07-03)
=================================================
* Support for securing attachments.
This means the all attachments will be encrypted
if encryption has been selected for the message.
* A new option to allow to save decrypted attachments
to the disk.
* Several bug fixes all over the place.
Noteworthy changes for version 0.5.3 (2005-06-16)
=================================================
* Allow to set a default key which is used automatically
for encryption.
* Handle old V3 keys in the signature verification dialog.
* Issue and error if the encrypt process returned invalid
recipients.
Noteworthy changes for version 0.5.2 (2005-06-05)
=================================================
* Differ between possible decryption failures.
- General errors.
- No secret key available.
* Add a 'encrypt-to' listbox to the decryption dialog
to know the recipients the message was encrypted for.
* Add some checks to report problems with permissions
related to the Registry.
* Fixed a format string problem which was possible for
crashes when the signature has been expired.
Noteworthy changes for version 0.5.1 (2005-05-29)
=================================================
* Issue a warning if the user cancels the sign or
encryption procedure.
* Support to read and write X- headers for messages.
* Fixed a problem which crashes Outlook if the keyManager
exe did not exist but was set in the registry.
Noteworthy changes for version 0.4.0 (2005-05-10)
=================================================
* Verify dialog is automatically shown whenever needed. Plus it
contains a hint-label whenever the signature is special. For
example the signature has expire or it was issued by a key which
is not trustworthy.
* Offer a GPG configuration dialog to set the path to GPG, the home
directory and an optional field to specify a key manager.
* Common dialogs for the following procedures:
- verify a clearsign signature
- decrypt a message (and verify a signature)
- encrypt a message (and sign the plaintext)
- clearsign a message
* Provide a class to encapsulate MAPI messages and high-level functions
for all crypto operations.
diff --git a/doc/gpgol.texi b/doc/gpgol.texi
index 89f7657..97b6c2e 100644
--- a/doc/gpgol.texi
+++ b/doc/gpgol.texi
@@ -1,581 +1,586 @@
\input texinfo
@documentencoding ISO-8859-1
@setfilename gpgol.info
@include version.texi
@settitle The GpgOL Technical Manual
@dircategory GnuPG Plugin
@direntry
* gpgol: (gpgol). An Outlook Plugin for GnuPG.
@end direntry
@macro clnt
@sc{c:} @c
@end macro
@macro srvr
@sc{s:} @c
@end macro
@c Unify some of the indices.
@syncodeindex tp fn
@syncodeindex pg fn
@copying
This is @cite{The GpgOL Technical Manual} for @acronym{GpgOL} (version
@value{VERSION}, @value{UPDATED-MONTH}).
@iftex
Published by g10 Code GmbH@*
Bergstr. 3a@*
40699 Erkrath, Germany
@end iftex
Copyright @copyright{} 2007, 2008 g10 Code GmbH
@quotation
Permission is granted to copy, distribute and/or modify this document
under the terms of the GNU General Public License as published by the
Free Software Foundation; either version 3 of the License, or (at your
option) any later version. The text of the license can be found in the
section entitled ``Copying''.
@end quotation
@end copying
@c
@c Titlepage
@c
@setchapternewpage odd
@titlepage
@title The GpgOL Technical Manual
@subtitle Version @value{VERSION}
@subtitle @value{UPDATED-MONTH}
@sp 3
@sp 3
@author Werner Koch (@email{wk@@gnupg.org})
@page
@vskip 0pt plus 1filll
@insertcopying
@end titlepage
@ifnothtml
@contents
@page
@end ifnothtml
@c @ifhtml
@c @center @image{logo}
@c @end ifhtml
@ifnottex
@node Top
@top
@insertcopying
@noindent
This file documents @acronym{GpgOL}; a GnuPG plugin for Microsoft's
Outlook MUA.
@end ifnottex
@menu
* Introduction:: How to use this manual.
* External Helper:: Description of external helper tools.
* MAPI Properties:: MAPI Properties used by GpgOL.
* Registry Settings:: How GpgOL uses the Registry.
* MAPI Providers:: What MAPI Storage or Transport providers
can do to help GpgOL.
Appendices
* Copying:: The GNU General Public License says how you
can copy and share this manual.
Indices
* Concept Index:: Index of concepts and programs.
* Function and Data Index:: Index of functions, variables and data types.
@end menu
@ifhtml
@page
@summarycontents
@contents
@end ifhtml
@c
@c I N T R O
@c
@node Introduction
@chapter Introduction
THE DESCRIPTION HERE IS OUTDATED AND NEEDS TO BE REVISED.
To debug GpgOL you should set the Registry entry
@code{HKCU\Software\Gnu\GpgOL:enableDebug} to the string value @code{1}:
@cartouche
@example
[HKEY_CURRENT_USER\Software\GNU\GpgOL]
"enableDebug"="1"
@end example
@end cartouche
This allows easy setting of a debug file by using the extended options
menu and enables a few extra menu items.
@c
@c P R O T O C O L D E S C R I P T I O N
@c
@node External Helper
@chapter Description of external helper tools.
Cryptographic operations are either done using the GPGME library or by
utilizing external helper tools which are part of the `Kleopatra'
frontend.
@c xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
@c
@c M A P I P r o p e r t i e s
@c
@c xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
@node MAPI Properties
@chapter MAPI Properties used by GpgOL
GpgOL uses a some custom MAPI properties in the named properties range.
Thus their actual numbers are determined at runtime and only the names
should be used. The GUID assigned to these properties is
@code{31805ab8-3e92-11dc-879c-00061b031004}.
@table @code
@item GpgOL Msg Class
This is a STRING8 property used as a override for PR_MESSAGE_CLASS.
GpgOL uses this internally for creating messages.
@item GpgOL Old Msg Class
This is a STRING8 property which saves the original PR_MESSAGE_CLASS
before GpgOL changes it.
@item GpgOL Attach Type
This is a property of type LONG and used to further describe the
attachments created by GpgOL. These values are used:
@table @asis
@item ATTACHTYPE_MOSS = 1
The attachment contains the original MOSS message. That is either an
S/MIME or a PGP/MIME message in its original RFC-2822 format (but only
with the relevant MIME parts of the main header).
@item ATTACHTYPE_FROMMOSS = 2
The attachment has been created from the original MOSS attachment. It
will automagically be recreated as needed. If the attachment has
been created from an encrypted message, it is saved re-encrypted under
a non-permanent session key. This session key is valid as long as the
current Outlook porcess exists.
@item ATTACHTYPE_MOSSTEMPL = 3
The attachment has been created in the course of sending a message.
@item ATTACHTYPE_PGPBODY = 4
The attachment contains the original PGP message body of PGP inline
encrypted messages. We need to save this away because it may happen
that in the course of displaying the plaintext Outlook overwrites the
actual body due to internal syncronization.
@end table
@item GpgOL Sig Status
This is a property of type STRING8 and used to cache the result of the
last signature verification. It is used with the actual message and
consists of a single character, a space and a human readable string
(utf-8 encoded). The first character is used as a machine processable
flag indicating the status. These values are defined:
@table @code
@item #
The message is not of interest to us. GpgOL may flag any message with
this signature status to avoid extra processing for messages already
known not to need any processing by GpgOL.
@item @@
The message has been created and signed or encrypted by GpgOL.
@item ?
The signature status has not been checked. This is for example used
if the public key to be used for the verification could not be found.
@item !
The signature verified okay and is deemed to be fully valid.
@item ~
The signature was not fully verified. This often means that the full
result information of the signature verification needs to be
considered to decide the actual validity. Used for example if the
signing key has expired
@item -
The signature is bad. Either this means the message has been tampered
with or an intermediate message relay has accidently changed
the message (e.g. due to recoding).
@end table
@item GpgOL Protect IV
This binary property is used to store the initialization vector of an
re-encrypted attachment. The existence of this property indicates that
the attachment has been encrypted under the non-permanent session key.
@item GpgOL Charset
This is a property of type STRING8 and used to describe the character
set of an attachment or of the body. If this propery is missing the
default of UTF-8 is assumed.
@item GpgOL Last Decrypted
This binary property is used on the message to save a session marker to
tell GpgOL whether the message as already been decrypted. If this
property does not exists or the session marker does not macth the one of
the current session, GpgOL needs to decrypt it again.
@item GpgOL MIME Info
This property is of type STRING8 and used to store the MIME structure of
the orginal message. The content are lines of colon delimited fields.
The specification has not yet been finished.
@item GpgOL Draft Info
This is a property of type STRING8 used to preserve crypto settings in a
draft message. For details see the function
@code{mapi_set_gpgol_draft_info}.
@end table
@c xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
@c
@c R e g i s t r y S e t t i n g s
@c
@c xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
@node Registry Settings
@chapter How GpgOL uses the Registry
This is a list of registry entries GpgOL knows about.
@table @code
@item HKLM\Software\GNU\GnuPG:Install Directory
This is used by GnuPG to describe the directory where GnupG has been
installed. GpgOL requires this to get the location of the localedir
which is used to show translated strings (@file{gpgol.mo}). It is
further used to check whether GnuPG has been installed at all.
@item HKCU\Software\GNU\GnuPG:UI Server
If the UI server could not be connected, GpgOL tries to start the one
given in this entry. It is assumed that the UI server is stored in the
@code{Install Directory} (as described above). This Registry entry
gives the actual command name relative to this directory. If the key
does not exist, is is first searched below @code{HKLM} and then it
defaults to @code{kleopatra.exe}.
@item HKCU\Software\GNU\GpgOL:enableDebug
Setting this key to the string @code{1} enables a few extra features in
the UI, useful only for debugging. Setting it to values larger than 1
make the log file output more verbose; these are actually bit flags
according to the following table (which may change with any release):
@table @code
@item 2 (0x0002) (ioworker)
Tell what the Assuan I/O scheduler is doing.
@item 4 (0x0004) (ioworker-extra)
Even more verbose Assuan I/O scheduler reporting.
@item 8 (0x0008) (filter)
Tell what the filter I/O system is doing.
@item 16 (0x0010) (filter-extra)
Tell how the filter I/O locks the resources.
@item 32 (0x0020) (memory)
Tell about resource allocation.
@item 64 (0x0040) (commands)
Tell about command events.
@item 128 (0x0080) (mime-parser)
Tell what the MIME parser is doing
@item 256 (0x0100) (mime-data)
Print data lines while parsing MIME.
@item 512 (0x0200) (oom)
Outlook Object Model reporting.
@item 1024 (0x0400) (oom-extra)
Verbose OOM allocation and advising reporting.
@end table
You may use the regular C-syntax for entering the value. As an
alternative you may use the names of the flags, separated by space or
comma.
@item HKCU\Software\GNU\GpgOL:logFile
If the value is not empty, GpgOL takes this as a log file and appends
debug information to this file. The file may get very large.
@item HKCU\Software\GNU\GpgOL:compatFlags
This is a string consisting of @code{0} and @code{1} to enable certain
compatibility flags. Not generally useful; use the source for a
description.
@item HKCU\Software\GNU\GpgOL:enableSmime
@itemx HKCU\Software\GNU\GpgOL:defaultProtocol
@itemx HKCU\Software\GNU\GpgOL:encryptDefault
@itemx HKCU\Software\GNU\GpgOL:signDefault
@itemx HKCU\Software\GNU\GpgOL:previewDecrypt
@itemx HKCU\Software\GNU\GpgOL:storePasswdTime
@itemx HKCU\Software\GNU\GpgOL:encodingFormat
@itemx HKCU\Software\GNU\GpgOL:defaultKey
@itemx HKCU\Software\GNU\GpgOL:enableDefaultKey
@itemx HKCU\Software\GNU\GpgOL:preferHtml
These registry keys store the values from the configuration dialog.
@item HKCU\Software\GNU\GpgOL:svnRevision
Obsolete since 1.1.3.
@item HKCU\Software\GNU\GpgOL:gitCommit
When leaving GpgOL's options dialog, the GIT commit id of the current
version will be stored in this entry. This is used to display a note
after software upgrades.
@item HKCU\Software\GNU\GpgOL:disableTitusHandling
If set to the string value of "1" the detection and special processing
of Titus processed mails is disabled.
+@item HKCU\Software\GNU\GpgOL:disableAutoPreviewHandling
+If set to the string value "1" an encrypted or signed message is not
+decrypted or verified immediately but requires the user to double
+click or use the new "Start decryption" context menu item.
+
@end table
@c xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
@c
@c MAPI Providers
@c
@c xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
@node MAPI Providers
@chapter What MAPI Storage or Transport providers can do to help GpgOL
GpgOL uses some tricks to make decryption of OpenPGP message better fit
into the Outlook framework. This is due to a lack of proper Plugin API
for Outlook and because some features of Outlook --- meant as a security
measure --- hinder a better implementation. That is not to say that
Outlook will be less secure when used with GpgOL --- to the opposite:
Due to encryption and digital signature reading and sending mail with
GpgOL support can be much more secure than using Outlook as is.
There are some points where custom MAPI storage or transport
providers can help GpgOL to gain better performance and to make it more
secure.
@section MAPI Message Class Renaming
To implement S/MIME processing using its own engine, GpgOL needs to
inhibit Outlook from doing the S/MIME before the message is passed to
the ECE hooks. As usual this is done by changing the message class
(PR_MESSAGE_CLASS). For new message this happens right away at the
OnDelivery hook; for already existing messages GpgOL tries to detect
the case at several other places (which is less reliable but in general
works).
@noindent
The renaming is very straightforward:
@itemize @bullet
@item
If the message class is just @code{IPM.Note} extra tests are done to
figure out a suitable message class. This yields one of these new
message classes:
@table @code
@item IPM.Note.GpgOL.OpaqueSigned
@item IPM.Note.GpgOL.OpaqueEncrypted
@item IPM.Note.GpgOL.ClearSigned
@item IPM.Note.GpgOL.PGPMessage
@end table
@item
If the message class is either @code{IPM.Note.SMIME} or that one
followed by a dot and a subclass, the @code{SMIME} string is replaced
by @code{GpgOL}.
@item
If the message class is @code{IPM.Note.Secure.CexSig} or
@code{IPM.Note.Secure.CexEnc} the class is changed depending on other
information to one of:
@table @code
@item IPM.Note.GpgOL.OpaqueSigned
@item IPM.Note.GpgOL.OpaqueEncrypted
@item IPM.Note.GpgOL.MultipartSigned
@item IPM.Note.GpgOL
@item IPM.Note.GpgOL.ClearSigned
@item IPM.Note.GpgOL.PGPMessage
@end table
@end itemize
To revert these message class changes one need to replace any message
class prefix of @code{IPM.Note.GpgOL} by @code{IPM.Note.SMIME}. There
are two caveats however:
@itemize
@item
GpgOL copies or flags the original MOSS attachment as created by
Outlook to a new attachment with the attach type set to ATTACHTYPE_MOSS.
If such an attachment exists it should be converted back to the original
attachment (or used to convert the message back to RFC-822). It might
however not exist and in this case there should be only one attachment
at all as created by Outlook, so no further changes are required.
@item
Inline PGP encrypted mails (@code{IPM.Note.GpgOL.PGPMessage}) might have
a wrong PR_BODY. This condition can be detected by the existance of an
attachment named @file{gpgolPGP.dat}, flagged as hidden and with the
attach type ATTACHTYPE_PGPBODY (See above under MAPI Properties). If
such an attachment exists, it should be copied to PR_BODY and may then
be deleted.
@end itemize
@noindent
Note that reverting original CryptoEx message classes (@code{CexSig}
etc.) back is not possible. They are identical to GpgOL messages.
@section MAPI Attachment Processing
GpgOL creates a couple of attachments for the purpose of storing a
parsed mail and to allow Outlook to display attachments in the usual way
without sending them as plaintext to the storage. The attachments are
only stored on the local disk while being opened from the attachment's
context menu for viewing. Almost all these attachments are ephemeral and
may be deleted when not displayed. GpgOL re-creates them by parsing the
original message if neeeded. In fact they are always re-created after
Outlook as been started again. This is because the attachments holding
the plaintext are symmetrical encrypted with an ephemeral session key,
only valid as long as Outlook runs.
FIXME: Needs more documentation.
@section MAPI PR_BODY Processing
GpgOL does not use the PR_BODY property. This is because internal
Outlook syncronisation may change that property after the plaintext of a
message has been displayed. In general this is not a problem because
the messages processed by GpgOL do not use that property (the orginal
S/MIME and PGP/MIME message is stored in attachments). However, there
is one exception: Inline PGP message (in contrast to the modern PGP/MIME
messages) are conveyed in the PR_BODY. To avoid changing that orginal
mail, GpgOL copies such a body to a new attachment named
@file{gpgolPGP.dat}, flags it as hidden and sets the attach type to
ATTACHTYPE_PGPBODY (See above under MAPI Properties). That attachment
may never be deleted!
Due to internal OL syncronisation, plaintext data may end up in PR_BODY,
GpgOL tries hard to delete PR_BODY so that it nevers shows up in the
MAPI storage. However this is hard and here a storage provider can help
by deleting PR_BODY under one of these conditions:
@itemize @bullet
@item
If the message class is either @code{IPM.Note.GpgOL.MultipartEncrypted}
or @code{IPM.Note.GpgOL.OpaqueEncrypted} and in addition the message has
a property @code{GpgOL Last Decrypted} (with any value), delete the
properties @code{PR_BODY} and @code{PR_BODY_HTML}.
@item
If the message class is @code{IPM.Note.GpgOL.PGPMessage} and an
attachment of ATTACHTYPE_PGPBODY with a filename @file{gpgolPGP.dat}
exists, delete the properties @code{PR_BODY} and @code{PR_BODY_HTML}.
@end itemize
Instead of deleting it should be sufficient to make sure
that such PR_BODYs are not updated and don't make it to the disk or a
strage server.
Implementing such a feature would really help with end-to-end encryption
where the security policy requires that the plaintext of an encrypted
message will never be stored on a disk or leave the local machine.
@section Filtering GpgOL internal properties
To avoid attacks by importing TNEF data with certain GpgOL internal
properties, a MAPI provider may want to filter them out when receiving a
message from an external location. It is not yet clear whether this is
really needed.
FIXME.
@c xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
@c
@c A P P E N D I X
@c
@c xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
@include gpl.texi
@c
@c I N D E X E S
@c
@node Concept Index
@unnumbered Concept Index
@printindex cp
@node Function and Data Index
@unnumbered Function and Data Index
@printindex fn
@bye
@c xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
@c
@c E D I T O R ' S A T T I C
@c
@c xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
What about the message class mangling?
* On receiving a new message GpgOL checks the MAPI message class
property of the message and if this is an S/MIME message class
("IPM.Note.SMIME"), it is changed to a GpgOL specific one
("IPM.Note.GpgOL"). This change is required so that OL does not not
apply its own S/MIME handler to the message but leaves it unchanged in
the message store.
* For ease of implementation the same thing applies to PGP messgaes,
although OL would not touch these messages.
* When reading a message GpgOL quickly checks the message class and if
it is "IPM.Note.GpgOL" it will hook itself into the code path and
decrypt/verify the message.
* Messages already in the message store before GpgOL was installed are
handled differently: Here an Outlook specific event is used to change
the message class when browsing the messages folder. This code path
is not fully ready as it requires the installation of an ECF(ile)
which has to be done manually as of now.
* If GpgOL is deinstalled, the existing S/MIME messages can't be
decrypted or verified by Outlook's internal S/MIME support.
Multipart/signed messages are still readable, though. We plan to add
a little tool for changing the GpgOL message classes back to
"IPM.Note.SMIME" which in turn allows using internal S/MIME support
again.
@c Local Variables:
@c coding: latin-1
@c End: