GpgOL not decrypting sent emails

I’m using GpgOL with Outlook2019 to send and receive encrypted emails. I’m facing an issue where I can send encrypted emails successfully, but I’m unable to decrypt them in my “Sent Items” folder. Checked GpgOL settings, but found no explicit option to enable decryption for “Sent Items.” is it a way to configure GpgOL or gpgsm to decrypt mail in “Sent Items”? or any guidence that will help me to resolved the issues? i’m using gpg4win 4.4.0

The email cannot be decrypted because you sent it to other people and their keys were used to encrypt the email.

To decrypt the sent emails you would have to encrypt them with your own key. In other words you would have to add yourself to the recipients.

What you experienced is just the way asymmetric encryption works :slight_smile:

I don’t know if GpgOL has this feature but you could look into the settings to find out if it can automatically encrypt sent email additionally to you.

I understand that emails encrypted with S/MIME cannot be decrypted by the user without the corresponding private key. However, when I send an encrypted message, I expect to have a decrypted copy in my ‘Sent Items’ folder for reference. Instead, the copy in ‘Sent Items’ remains encrypted, and the system reports that it cannot find my private key for decryption. It also lists all the certificates used for encryption, including my own. Therefore, the issue clearly lies within the ‘Sent Items’ handling, not with my ability to decrypt messages in my inbox.

Could this behavior be related to my use of X.509/S/MIME with an on-premises PKI infrastructure? I don’t experience this problem when I generate key pairs in Kleopatra and use OpenPGP; in that case, I can view decrypted sent messages

Hello @dadaok, I just did a test-encryption with Gpg4win 4.4.0 with an S/MIME key, the encryption to self worked fine and I can decrypt the message in the Sent folder with my own S/MIME key.

What are your GpgOL settings?

I can’t imagine using your own PKI infrastructure has an influence, as you have to import certificates from there into your (Kleopatra) certificate list before you can use them with GpgOL. And if one of the keys the message is encrypted with is your own, it has to be available there.

Unless you maybe don’t have “Enable S/MIME support” checked and did the S/MIME encryption via Outlook itself?

Hello, thank you for your answer. But I don’t really understand what is happening. These are my gpgol config.


ok, S/MIME is enabled, so GpgOL is doing the encryption for S/MIME, too.

But this is not a screenshot of version 4.4.0, it’s the current 5.0-Beta, I believe. I’m not sure though if it makes a difference.

As you have the “always show security dialog” on, is your own S/MIME key selected for encryption? I assume it’s either Test15 or Test16?

Did you restart Outlook after enabling the S/MIME support?
I have once or twice seen that an S/MIME message was not decrypted after activating S/MIME support even though I restarted Outlook. In that case restart all gpg related background processes, too. Or log out and in again.

Regarding the Log settings: I would not check the “Include Mail contents” this is only helpful in special circumstances and dangerous, it should not be done on a productive installation. But it seems you are on a test system, in that case its ok. A higher log level than default would be more helpful AFAIK. Though reading GpgOL logs is in no way my area of expertise :wink: