Change Details

Google Apps Sync is a COM Addin for Outlook that creates it's own data store / transport layer in Outlook. This conflicts with GpgOL in that it is not possible to create valid PGP/MIME or S/MIME Messages when using the Google Apps Sync account. As a workaround users have to use IMAP / SMTP to access their Google Mails through Outlook. Then GpgOL works as expected. Alternatively GpgOL might fallback to the old "no-mime" interface for these accounts. Technical Details: GpgOL relies on the [[https://msdn.microsoft.com/en-us/library/cc433474(v=exchg.80).aspx | MS-OXOSMIME: S/MIME Email Object Algorithm]] to send a valid PGP/MIME Mail. Basically we use the same way Outlooks S/MIME Mails use to create valid MIME without being mangled by Exchange. As far as we know it is not possible even with Outlooks built in S/MIME Support to send crypto mails through Google App Sync. So there is no obvious way we could also use such a message handling for our PGP/MIME or S/MIME Mails. Normally GpgOL creates the full PGP/MIME Structure as an attachment, sets a specific message class and Outlook / Exchange then use this attachment as the MIME structure of the sent mail. Google Apps Sync takes this attachment and wraps it additionally in a multipart/mixed structure and doubly encodes the contents. There is no Mail User Agent known that gracefully handles such a structure. Resulting in broken mails both for the sender and the receiver. Example of such a mangled MIME Structure: ``` Content-Type: multipart/mixed; boundary="001a11402dda2db6c6055f0d1edc" --001a11402dda2db6c6055f0d1edc Content-Type: application/pgp-encrypted Content-Disposition: attachment Content-Transfer-Encoding: base64 VmVyc2lvbjogMQ0K --001a11402dda2db6c6055f0d1edc Content-Type: application/octet-stream Content-Disposition: attachment Content-Transfer-Encoding: base64 LS0tLS1CRUdJTiBQR1AgTUVTU0FHRS0tLS0tDQoNCmhRRU1BeDdVOEx4cys4a1NBUWdBa05GWmtu ( < doubly base 64 encoded PGP Message) ``` This issue is supposed to be a "big picture" / discussion issue that may include subtasks to improve compatibility with G Sync. Some ideas: * We could put the Mail Body into a PGP MESSAGE and add that as a text/plain part. (PGP/Inline) ** This would work with most mailers but would not work properly with attachments. * We could only allow sending encrypted PGP Mails without attachments. (Users would have to send attachments in a different mail with file encryption) ** Encrypting attachments automatically would be a lot of effort to properly implement on the sending and the reading side. * We could show the old 1.x Interface with the "Add Encrypted File" "Encrypt Text" buttons for manual encryption if a G Sync account is detected. * We could just bail out if a G Sync account is detected and insist that for Crypto Mail IMAP / SMTP access to gmail is used.

Google Apps Sync is a COM Addin for Outlook that creates it's own data store / transport layer in Outlook. This conflicts with GpgOL in that it is not possible to create valid OpenPGP/MIME or S/MIME Messages when using the Google Apps Sync account. As a workaround users have to use IMAP / SMTP to access their Google Mails through Outlook. Then GpgOL works as expected. Alternatively GpgOL might fallback to the old "no-mime" interface for these accounts. Technical Details: GpgOL relies on the [[https://msdn.microsoft.com/en-us/library/cc433474(v=exchg.80).aspx | MS-OXOSMIME: S/MIME Email Object Algorithm]] to send a valid PGP/MIME Mail. Basically we use the same way Outlooks S/MIME Mails use to create valid MIME without being mangled by Exchange. As far as we know it is not possible even with Outlooks built in S/MIME Support to send crypto mails through Google App Sync. So there is no obvious way we could also use such a message handling for our PGP/MIME or S/MIME Mails. Normally GpgOL creates the full PGP/MIME Structure as an attachment, sets a specific message class and Outlook / Exchange then use this attachment as the MIME structure of the sent mail. Google Apps Sync takes this attachment and wraps it additionally in a multipart/mixed structure and doubly encodes the contents. There is no Mail User Agent known that gracefully handles such a structure. Resulting in broken mails both for the sender and the receiver. Example of such a mangled MIME Structure: ``` Content-Type: multipart/mixed; boundary="001a11402dda2db6c6055f0d1edc" --001a11402dda2db6c6055f0d1edc Content-Type: application/pgp-encrypted Content-Disposition: attachment Content-Transfer-Encoding: base64 VmVyc2lvbjogMQ0K --001a11402dda2db6c6055f0d1edc Content-Type: application/octet-stream Content-Disposition: attachment Content-Transfer-Encoding: base64 LS0tLS1CRUdJTiBQR1AgTUVTU0FHRS0tLS0tDQoNCmhRRU1BeDdVOEx4cys4a1NBUWdBa05GWmtu ( < doubly base 64 encoded PGP Message) ``` This issue is supposed to be a "big picture" / discussion issue that may include subtasks to improve compatibility with G Sync. Some ideas: * We could put the Mail Body into a PGP MESSAGE and add that as a text/plain part. (PGP/Inline) ** This would work with most mailers but would not work properly with attachments. * We could only allow sending encrypted PGP Mails without attachments. (Users would have to send attachments in a different mail with file encryption) ** Encrypting attachments automatically would be a lot of effort to properly implement on the sending and the reading side. * We could show the old 1.x Interface with the "Add Encrypted File" "Encrypt Text" buttons for manual encryption if a G Sync account is detected. * We could just bail out if a G Sync account is detected and insist that for Crypto Mail IMAP / SMTP access to gmail is used.

Google Apps Sync is a COM Addin for Outlook that creates it's own data store / transport layer in Outlook. This conflicts with GpgOL in that it is not possible to create valid OpenPGP/MIME or S/MIME Messages when using the Google Apps Sync account. As a workaround users have to use IMAP / SMTP to access their Google Mails through Outlook. Then GpgOL works as expected. Alternatively GpgOL might fallback to the old "no-mime" interface for these accounts. Technical Details: GpgOL relies on the [[https://msdn.microsoft.com/en-us/library/cc433474(v=exchg.80).aspx | MS-OXOSMIME: S/MIME Email Object Algorithm]] to send a valid PGP/MIME Mail. Basically we use the same way Outlooks S/MIME Mails use to create valid MIME without being mangled by Exchange. As far as we know it is not possible even with Outlooks built in S/MIME Support to send crypto mails through Google App Sync. So there is no obvious way we could also use such a message handling for our PGP/MIME or S/MIME Mails. Normally GpgOL creates the full PGP/MIME Structure as an attachment, sets a specific message class and Outlook / Exchange then use this attachment as the MIME structure of the sent mail. Google Apps Sync takes this attachment and wraps it additionally in a multipart/mixed structure and doubly encodes the contents. There is no Mail User Agent known that gracefully handles such a structure. Resulting in broken mails both for the sender and the receiver. Example of such a mangled MIME Structure: ``` Content-Type: multipart/mixed; boundary="001a11402dda2db6c6055f0d1edc" --001a11402dda2db6c6055f0d1edc Content-Type: application/pgp-encrypted Content-Disposition: attachment Content-Transfer-Encoding: base64 VmVyc2lvbjogMQ0K --001a11402dda2db6c6055f0d1edc Content-Type: application/octet-stream Content-Disposition: attachment Content-Transfer-Encoding: base64 LS0tLS1CRUdJTiBQR1AgTUVTU0FHRS0tLS0tDQoNCmhRRU1BeDdVOEx4cys4a1NBUWdBa05GWmtu ( < doubly base 64 encoded PGP Message) ``` This issue is supposed to be a "big picture" / discussion issue that may include subtasks to improve compatibility with G Sync. Some ideas: * We could put the Mail Body into a PGP MESSAGE and add that as a text/plain part. (PGP/Inline) ** This would work with most mailers but would not work properly with attachments. * We could only allow sending encrypted PGP Mails without attachments. (Users would have to send attachments in a different mail with file encryption) ** Encrypting attachments automatically would be a lot of effort to properly implement on the sending and the reading side. * We could show the old 1.x Interface with the "Add Encrypted File" "Encrypt Text" buttons for manual encryption if a G Sync account is detected. * We could just bail out if a G Sync account is detected and insist that for Crypto Mail IMAP / SMTP access to gmail is used.