[gpgol] Plugin handling of messages....

Bo Berglund bo.berglund at telia.com
Tue Aug 8 23:13:32 CEST 2006


I am using the GPGol plugin from gpg4win-1.0.4.
While testing GPGol I have noticed a few strange phenomena as follows:

Message saved decrypted
------------------------
1) I receive an encrypted message
2) I use the decrypt button to decypt it
3) My passphrase is required for decryption (OK)
4) After reading I close the message window
5) A while later I again open the message and now it is no longer
encrypted!!!! It appears immediately with the clear text!

So I thought that the passphrase maybe was cached and used
automatically. So I closed Outlook and waited several hours and then
again started OL 2003 and opened the message, but it still popped up
in cleartext!

However, this does not happen to all messages I receive as GPG
messages. Some of them behave like I expected (decryption is only for
viewing and does not alter the data saved in the PST file). It might
be so that plaintext messages are OK whereas HTML messages are
autosaved after decryption.

Replies do not encrypt
----------------------
As a variation to the above I did this:
1-2-3 as above
4) Now with decrypted message visible I hit the Reply button
5) I see my own cleartext mail signature and the message I am replying
to in a PGP block.
6) The encryption button is depressed indicating that the message will
be encrypted.
7) I add a bit of text and send the message out.
8) When I look at the message in my sent items folder it is *not*
encrypted, i.e. the original PGP block is there but the text I added
is not encrypted. The person I sent to also see my added text as
cleartext and his own original text as a PGP block.

It really looks like the existence of a PGP block *within* a larger
message that precedes the block with cleartext inhibits the encryption
on send. Maybe the plugin checks if the message is already encrypted
by checking for the existence of a PGP block?

Recipient with unknown public key causes Outlook crash
------------------------------------------------------
I tried to send a message for testing the reply issue where I included
one of my email addresses as recipient even though I have not
associated a public key to that address. I did this to really see what
was being sent.
But what happened was that when I clicked the send button GPGol popped
up a dialog where it told me that one recipient was not found
(expected). When I clicked OK it said that I should select a recipient
key first. So I did this but it still came back to the same message
(obviously there was no matching key). So I clicked cancel instead,
but this brought up a dioalogue telling me that if I cancel then the
message will be sent *unencrypted*!!!!
So now I could not use the OK button because of the missing key and
not use Cancel because the least I want is to send the message
unencrypted!!!
So I used the X button in the upper right corner of the dialog
instead. This produced a message saying something like "bad
passphrase" and when I clicked OK on that Outlook2003 crashed and
offered to send a debug message to Microsoft!!!
Why did this happen?
The message should be encrypted and there are at least two keys to use
(the recipient and my own key). The fact that the Cc address was not
associated with a valid key is no excuse for not encrypting the
message, and there should *never* be a fallback to sending the message
in cleartext. :-(


Are there settings somewhere that I have missed for this?
I found the GPGol settings in the Outlok Tools/Options/GnuPG and I
have made sure that all the checkboxes are unchecked.

Issues:
- Decryption of messages seem permanent at least for certain types
- Replies do not encrypt even though the encrypt button is activated
- Unacceptable handling when a recipient key is not known

/Bo

Bo Berglund




More information about the Gnupg-users mailing list