Fails to decode inline GPG payload

chrissv · April 8, 2025, 6:50pm

Hi, I’m not sure this is the correct forum; if not, please let me know a better place.

I am running Gpg4Win with Kleopatra + Microsoft Outlook APP on Windows.
I have a sender who uses an email app which places the PGP encrypted message as the body of the email, instead of an attachment “encrypted.asc” like other clients.

This in-line message has no problem being decoded by a Thunderbird recipient, as well as a Gmail + FlowCrypt recipient. But Outlook + Kleopatra doesn’t recognize it as an encrypted message, and just show the body raw.

Is this a known issue? Or is there a setting I can change to allow Kleopatra to decode these types of messages?

eebb · April 9, 2025, 9:12am

Hi @chrissv,
we would need some more information to try to help you.

Aside from the Gpg4win version you are using we would especially need to know more about the problematic mail and/or the program it was sent with. Do you now which program was used? Is the message PGP/MIME encrypted or PGP/inline? Does the “raw body” begin with “-----BEGIN PGP MESSAGE-----”?

chrissv · April 9, 2025, 12:07pm

Hi, thanks for the reply.
The email was composed using Gmail + FlowCrypt extension.
Here is the the raw message data (skipping the standard email headers):

From: Xxxxx Xxxxxx <xxxxxxx@xxxxxx.org>
MIME-Version: 1.0
Date: Wed, 2 Apr 2025 16:51:57 -0700
X-Gm-Features: AQ5f1JoGYyrmYdpbmO5uEs_dB71kfAn5kH4YVE3toMlEacitYuTi1tPvs7r9Bcc
Message-ID: <CAPf-+Scx32y8A34VFecbN+d_adPJ=85-JF2xBdGqbr_g4U8EqA@mail.gmail.com>
Subject: Test email from flowcrypt
To: yyyyyyy@yyyyyyy.com
Content-Type: text/plain; charset="UTF-8"

-----BEGIN PGP MESSAGE-----
Version: FlowCrypt Email Encryption 8.5.10
Comment: Seamlessly send and receive encrypted email

wcDMA893w9R/ScsgAQwAg8jQRpHPNh+8Xjs4Dsfl6KBzO+Sy28ki95B7BwCv
lMXqak6VRUlyy+sOt1QUXNQRBCH48wnJZCSO0ybzpi+fsWofKBoSH1UWxKSD
gaXW28rlvHl1XN+vBRAmu4AZMDRxsxnUOsfKsrAh9oPioexCfQgczQWF5l20
pv6R2RP1ZHM599QOIshU1r5/aeAPa5RZTF3S2QvwsKWILpNoJSA3wGoahJiT
zbmeDQpqylI++DvZcHfaCYCnp+lUsszT21H6rKfg0l5CinH7nx6yQCJs96nm
F5NUhh9EdvJr/QNZ60/qsLYa2Qb1TtOF08nO5BMnkYoGjRhXuDBaMYTCqNYH
Ay2lEp5DpHA6nKZBnJVA1567IFxLIinyD4hn6/lzOLkmgqovID3rKy0ZZsgj
eXe230Jajx7iTwfazqSTTsbZ+VXrab7YyzUzaFSPTbMI6T39xC2wtwOKxT7r
N56PjaVtoypwNJ38arKzosHYQo8/XKtg5Z/g1UiFtrxDaQf519HjwcDMA1u6
pUzmz/CIAQwAgIUVqIRy5f/hYEVPg5RTlUjMVeb/bxGe7ApaM72fQf01ea/N
3tjyNeQ2NJg6wZ5K2Wl3W+0uUcJZqz3GOHRknGCFGKFxoDh0ZGHovLfhhw4g
2BoLwIdYDFkktVcY/561AllBp8mMfoZA7u48xW8pdaXVDRqTCNERUrY/zHsx
6rOvNYV6wr29C19UG2rSF7sygTIyZUW6QW1+NIvwEUFfzTwOEL9CBSkUfP5j
nFfIqqJ9KFBkZzz7FE7jj5uKbW0IO9xwpcvgS5KgvcdkLg7Pb1pCyiD4ZXsS
gxxh77e6RhhJRcYtL4tVQM2jtQ071ioZjw4Ltw+Lrz3SnsK8aupHNIHcgGyR
x2zvwgWUa5dI2xq6WnTDYWpRNL+0+ZvBj1uh5ua2mPwhbc+0KLccBV43hhnY
qPTv3lsCUnMWTiI4JJlF9UbOSRo6RZtEDSpU9CKeCFh4hUgIjiOjWuGhGhiM
fU+VmD4cKfe29aHGALHggsDe41Ku2owCmKsmBsvj1eFR0sGMAY4qPsYFZVxo
rD0qHyEnva5S/dwcIX6lg2SiJ30axMz+C3W6i7WWqs9rIh9jEvZNzc8y/miw
+kWdfpv/4FOJwVRqrnNSnKirG+xtWwKWX7jnRQMrFxfwdY87Wj/Tiky5hZiZ
OsCVC8ztXsISMSTcAqWboObEBHSHLCbt7zToKywocMyy156EQI12geXMsmK8
c+o97899Szy0yQLJKV18jskV7kk83j5ubdbvmtggY7lxYI33+k2JmmIJR+fa
AkQtvzBbJ1Ca0UPjU+cUqBkoxDzAiLZyZ01XSPVslbSfr3HeKM7ljBrRGcDP
TBZHE8HT/dhwvy0ww4ZaXFV8A3J6796nUYpaqa3/cVgaljA1T+QcKOkppdp9
ruJVhHp07iBXhWbpkJhGUIRnwkwoBjxQ5qZXiALCoaBjY+LqPpNbY47mupNl
6bJb27r/DtwfHj8tOoKFwuYlvgKTwwMSZC8R1X/nmtTKqXWRvT9WACwtkoiA
keq72uh/QpA/VmasDLpECghVDtUEXof4gj9fsEYbnyi3HsLR0IO7daN+XURg
y7GCPCK9ht7hqm9LbsVMie4qFCerXS3aE3338JdpJGZCA02ytC3akLbXuh6n
IgudVAF9qxYbQZKAB3kBaAES1+/YyBiYUSfFzPzyDsw64Bqj19GybaBX2gY7
0FCIwm4sdVaUpQF7G101D4TdOl8CDJMwqSB8+bp46/0QP9nYwv1aJqG5SRmG
dU6QfnrY5LNHQchpYZDHlCY+dzzKqeXMEH6yRDbhM2gBg9dMUW7T
=/D44
-----END PGP MESSAGE-----

So it looks like a standard text-only email with the PGP MESSAGE data in the body, no indication that it is an encrypted email.

Like I mentioned, some other clients (Thunderbird and obviously Gmail + Flowcrypt) recognize the content and decode it.

chrissv · April 9, 2025, 12:10pm

I am using gpg4win version 4.4.0.20250221. The email was created by Gmail using the FlowCrypt extension.

eebb · April 11, 2025, 2:58pm

We have never tested with FlowCrypt, it was not a known issue. We’ll have to test the compatibility, which will take a while.

The structure looks ok on first glance. Could you check if it decrypts when you paste this into the notepad of Kleopatra?

chrissv · April 11, 2025, 7:58pm

Could you check if it decrypts when you paste this into the notepad of Kleopatra?

I took the message body (which Outlook + Kleopatra isn’t interpreting as a PGP message) and put it in Kleopatra’s Notepad and verified the message decrypts:

eebb · April 14, 2025, 7:14am

ok, so it’s purely a GpgOL issue. I’ll make a ticket at dev.gnupg.org

dd9jn · April 15, 2025, 8:22am

Hi!

I can’t replicate the problem. GpgOL correctly shows me that it has been encrypted to two keys and that I don’t have the private key. For testing I took the message, put it into a file x.eml and opened it with Outlook (i.e. right click in the explorer). I also checked that the missing traling LF does not matter. Granted that is with gpgol 2.6.0 but I doubt that we changed anything relevant. since 2.5.14 or earlier

Werner

dd9jn · April 15, 2025, 8:23am

But of course: YMMV if you have other active Outlook Add-Ins.

chrissv · April 16, 2025, 6:38pm

I’d be happy to send an email with FlowCrypt to help someone diagnose the problem (since I reported the problem in the first place).

Alexander · April 22, 2025, 10:10am

We made a test with my Outlook account. I could decrypt it without problems.

@chrissv Are you using any Outlook add-ins that might interfere with your mail? Maybe an extra virus scanner or something?

chrissv · April 22, 2025, 7:36pm

I’m not using any add-ins, but I did notice that there is a banner imposed by my company I.T. department (it’s not anything I have control over on the client side):

Maybe this banner is confusing GpgOL?

eebb · April 23, 2025, 8:10am

This is very likely. The Addin “TITUS Message Classification”, which does insert such a banner into the mail structure, is listed among the incompatible Addins: https://wiki.gnupg.org/GpgOL/IncompatibleAddons .

I have heard that there are configurations of that software which make it somewhat workable with GpgOL, but nobody shared their config AFAIK.

What I’d like to know is: Are you only getting flowcrypt encrypted messages on your work account? How about other PGP/inline messages, are those decrypted? (PGP/inline is not state of the art securitywise, btw.)
I assume GpgOL encrypted messages are decrypted on your work account? (Those use PGP/MIME)

chrissv · April 23, 2025, 10:39pm

I did some Googling, and found a picture of the banner and it looks like something from Proofpoint, not TITUS Message Classification:

Would the same incompatibility exist with this?

eebb · April 24, 2025, 7:08am

Looks like it, at least for PGP/inline and our Addin for Outlook classic.
Any software which inserts a banner or otherwise changes the mail structure will cause problems with GpgOL and has a high probability of making parallel usage impossible.

bernhard · April 24, 2025, 7:17am

@chrissv

As it depends on how the email was changed by the the product or how it hooks into Outlook. It is not clear from the PDF that you have linked how Proofpoint works.