Hi all,
Before doing the whole “un-install” I try to attach two log files with error, in case anyone could provide a clue.
Thanks in advance, IJC
gpgol.log (39.6 KB)
Hi,
GpgOL takes a messed up E-Mail address from Outlook and hands it to kleopatra:
chan_00000170 ← SENDER --info – /o=EUOSHA/ou=Exchange Administrative Group (FYDIBOchan_00000170 → ERR 218103853 Invalid argument - Argument is not a valid RFC-2822 mailboxHF23SPDLT)/cn=Recipients/cn=user2
This is looks like an ldap entry which should be resolved before handing it over to kleopatra. If you specify a reciever directly without the usage of an ldap addresbook it might work.
This is a bug. Sorry about this 
Thank you very much Andre; it was very clarifying your message.
It´s a pitty. The product is nice and could serve all our needs but we
will probably have to evaluate another one, easier and free.
Do you know if there is any update planned for this bug?
or … could you recommend me any other free products to evaluate
with our mixed environment: (XPs and Win8.1, Ol10 and Ol13,
Exchange 2007 and 2013)?
Thanks and keen regards, IJC
Hi,
I hope that I might have squashed this bug :-). Could you please take a look at my mail on gpg4win-users-en: http://lists.wald.intevation.org/pipermail/gpg4win-users-en/2014-July/000994.html
And check if this solved your Problem?
Regrads,
Andre
Hi Andre,
This afternoon I ´will be able to provide you with more feedback.
We will test it with a third user, a more standard one.
Right now, I can say you that we´been able to make the two tests users
work but they also had some particular features and I can not be sure 100% about it.
I will let you know, regards and thanks a lot, IJC
Hi Andre,
We have repeated the test with a third user, who has a Windows 8.1 PC.
We have tested the email body and also files encryption/decryption. Apparently is working fine.
The sign feature, on the other hand, is not working, neither for the email body or to attach. It doesn´t work, for none of them: the XP and the WIn8.1.
Is it possible that the dll is experiencing the same (or similar) problem for this
functionality? Do you need any log?
Thanks in advance, regards, IJC
Hi,
The sign feature, on the other hand, is not working, neither for the email body or to attach. It doesn´t work, for none of them: the XP and the WIn8.1.
Right this might be a related problem as signing looks up the sender’s identity address which might suffer from the same problem as the recipient lookup.
A gpgOL Debug log from:
a) The failed signing operation.
and
b) A successful encrypt operation.
Would be helpful for me. With b I could confirm if the fix is actually working or if it is just by chance that your current test setup works 
If you prefer you could also send them to me by mail: andre.heinecke@intevation.de
Hi Andre,
Thank you very much.
Yes I will try to generate the log and send it to you tomorrow. We have to close the lab now.
By the moment I can send you this one but I don´t know if it could serve you.
Apparently the encryption-decryption is working fine but if you have though about any especific test for this functionality or if you think that I´ve missed … even, if you need any addtional test or log, please let me know.
Thanks and best regards, IJC
gpgol.log (98 KB)
Thanks the log showed that my fix worked:
92921/3644/oomhelp.cpp:get_oom_recipients: Looking up smtp address for /O=EUOSHA/OU=FIRST ADMINISTRATIVE GROUP/CN=RECIPIENTS/CN=HELPDESK;
92921/3644/oomhelp.cpp:get_oom_object: looking for 0AFA65F0->`PropertyAccessor’
92921/3644/oomhelp.cpp:get_oom_object: got 0B2CB2D0
92921/3644/oomhelp.cpp:get_oom_recipients: Resolved address is helpdesk@osha.europa.eu;
The lookup is new. Previosly it would have tried to encrypt to " /O=EUOSHA/OU=FIRST ADMINISTRATIVE GROUP/CN=RECIPIENTS/CN=HELPDESK;" and would fail because that is not an E-Mail Address
I also see that there are sign errors in the log. I’ll take a look at those.
I’ve uploaded a new binary:
https://files.intevation.de/users/aheinecke/gpg4win/gpgol2.dll
Please replace the old gpgol.dll with this one and try the signing again. It should work. At the least there will be some more debug output around the signing operation.
Hi Andre,
Thanks a lot. Well, apparently, the “sign” process does something when sending a message; on the other side, the receiver´s one, if you click “verify”, the gpgol does nothing.
I´ve also tried to encrypt a body email message and some files to be attached, encrypted and signed, besides the sign, in the same message.
Apparently decryption of the email body and working with the attached files is Ok but if I click “verify” the sign, nothing is done.
I attached you one log file now, the user1, and I will upload, in another post, the user2 log file.
If you need any additional file or test o … let me know. I´ll be willing to listen from you.
Thanks in advance, IJC
gpgol.log (112 KB)
Thanks, you are helping me a lot.
With the last log I can see that the signing lookup works now (And I’ve commited this) but as for verify there is something still fishy.
14031/3988/ERROR/ribbon-callbacks.cpp:do_reader_action: engine verify start failed: Invalid argument
14031/3988/ribbon-callbacks.cpp:do_reader_action: failed rc=218103853 (Invalid argument)
I’ve missed an Address lookup there where gpgOL tries to obtain the Sender Address from Outlook. (So that it can verify that the signature is made with the same key that belongs to the E-Mail Address claiming to have sent this mail)
This lookup is a bit different then the others (different objects involved) and I need to take a look at how to resolve the Address there first.
I’ll probably come up with an updated fix this evening. Have to do some other work first
I’ve uploaded a new version that has a fallback in case the Address is not already an SMTP Address.
https://files.intevation.de/users/aheinecke/gpg4win/gpgol3.dll
It might work but this is slightly different then the other Address lookups so I’m not sure.
Hi,
Andre, thank you very much for your efforts,
I´m afraid that some details have been missed or so. I will try to describe it.
I have two tests users and firstly I replaced the “dll” just, stopping the OL10, going to the binaries directoryreplacing the second dll you have generated, “gpgol2.dll”, and restarting the OL10. It´didn´t work and one of the users rejected to start the OL10 when trying to load the gpgol plugin.
Monday in the morning, I did a full removal of both installation in order to do a clean test and again repeat the tests.
One of the users, user2, I upload its “Kleo-log” file, experiences problems to generate its certificate and then when I try to generate a sign message with encrypted contents it looks like being “hang”.
The other user1, apparently generates OK the certificate but it also sends some errors, forces the restart of the product when trying to send something encrypted or signed to user2. When receiving test messages from user2 it also says that it does not recognise one of the certificates and just de-encrypt. I will upload its gpgol-log.
After all, from 11:09 I´ve replaced the dll with the second one, just in case you see something in the logs.
If you could have some more info or any dll updates, that would be very appreciated, but anyway, thank you very much,
Regards, IJC
gpgol.log (198 KB)
Hi,
One of the users, user2, I upload its “Kleo-log” file, experiences problems to generate > its certificate and then when I try to generate a sign message with encrypted contents > it looks like being “hang”.
A known issue is that pinentry (the passphrase dialog) sometimes opens in the background.
In the log i see: 02468/3940/ERROR/AllowSetForegroundWindow(3236) failed: Access is denied. (5)
Which could be the cause for this.
Wrt to encrypting I see:
37484/3940/ERROR/ribbon-callbacks.cpp:do_composer_action: engine encrypt prepare failed : Operation cancelled
at one point. Which could also mean that the passphrase enter dialog hit a timeout.
The other user1, apparently generates OK the certificate but it also sends some errors, > forces the restart of the product when trying to send something encrypted or signed to > user2.
It should not crash Could you send me a log of that user leading up to the crash.
When receiving test messages from user2 it also says that it does not recognise one of > the certificates and just de-encrypt. I will upload its gpgol-log.
After all, from 11:09 I´ve replaced the dll with the second one, just in case you see
something in the logs.
If you could have some more info or any dll updates, that would be very appreciated,
but anyway, thank you very much,
You write that you’ve used the second DLL and from the logs it also looks like you’ve used this. For verify you need the third one:
https://files.intevation.de/users/aheinecke/gpg4win/gpgol3.dll
Sorry for the confusion.
And now for something different. The very last test you did. What did you Do? It looks to me like you either tried to sign or encrypt a message. But (and this should be impossible) GpgOL failed to access the Message Editor:
73968/2108/oomhelp.cpp:get_oom_object: looking for 0DED8370->`WordEditor’
74156/2108/oomhelp.cpp:get_oom_object: error: no object
Are you using some message composer Plugin or have Outlook configured to use an External Editor or MS-Word or something you can thing of that is “nonstandard” with regards to the message composer?
Hi Andre,
Thanks a lot. We have double - checked the dlls we are (and were) using; It´s the gpgol3.dll. We have done a lot of work.
I´ve repeated the full removal and re-installation process with the tests.
I upload kleo-log file in this thread and the gpgol in the other one.
Encryption/decryption functionality apparently works fine but sign/verify functionality is about 50% working, I mean:
“User1”(which in the logs is ictexternal …) can “sign” a message and when “user2” try to “verify”, the message we get is:
" (email subject)… Not enough information to check signature validity. (I click on the details box and I can see the following comment …
signed on (date and time) 2014-07-29 10:48 by ictexternal@osha.europa.eu (KeyID: 0X19768F7B)
The validity of the signature can not be verified"
The same message appears when you “encrypt and sign” a file and when you try to “verify-decrypt” the files (.sig and .pgp).
Please, let me know, when you can, if you have we can fix this issue or if anything is badly though from my side or … anything from your side will be
welcomed.
Best regards, IJC
kleo-log (511 KB)
I’m not sure if you are seeing a bug or if you just do not have the public key of user 1 available in the gnupg installation of user2.
If you do not have that key “signed on (date and time) 2014-07-29 10:48 by ictexternal@osha.europa.eu (KeyID: 0X19768F7B)
The validity of the signature can not be verified”
Means just that.
Can you sign a file with User1 and verify it with User2 directly in kleopatra or from the Windows explorer?(I mean just test the sign / verify without gpgol involvement)
Hi,
Thank you Andre, yes I´ve alredy done this test and the message
is exactly the same.
I ´m not sure if I understand you, I thought the public key this product uses is
“the same” for both functionalities: encrypt/decrypt and sign/verify.
So, if the public keys run well for encryption/decryption …
Anyway, thank you very much,
Best regards, Itziar Jorge
Yes User A encrypts to the Public Key of User B and signs with his private key.
Now to verify that the signature of User A is really correct User B needs to have the Public key of User A and a trustpath to that key. (E.g. he trusts this key directly or someone he trusts has signed this key)
But congratiulations you are now out of the World of Bugs and reached the level of plain Crypto problems / Questions This is the point where documentation and web searches can help you.
Muchas eskerrik asko, Andre.
I mean, thank you very much.
Best regards, IJ C