Outlook fails to verify key

anon60701638 · July 20, 2016, 5:49am

Hello,

as I receive the email I created in python, the signature is a separated file, but as I try to decrypt or verify the signature, the decryptor says “no data” although encrypted attachements are correctly decryptable

as the signature is “detached” and added to the mail as an attacement, it appears outlook plugin does not automaticaly take the email source as data, it really looks like a bug

can someone enlight me on this ?

thanks

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAABAgAGBQJXhP4dAA*************************************

*************************************************************ammnUKk/I
=dQk4
-----END PGP SIGNATURE-----

for information, here is the code I use to generate the email:

def encrypt(self,text):
gpg = gnupg.GPG()
encrypted_data = gpg.encrypt(text, ‘myemail@…’)
encrypted_string = str(encrypted_data)
if encrypted_data.ok:
return encrypted_string
else:
print 'status: ', encrypted_data.status
print 'stderr: ', encrypted_data.stderr
return None

def createSignature(self,msg):
text = re.sub(r’\r?\n’, ‘\r\n’, msg.as_string())
gpg = gnupg.GPG()
signature = gpg.sign(text,detach=True,passphrase=“***************”)
sig = MIMEText(‘’)
sig.set_type(‘application/pgp-signature’)
sig.set_charset(None)
sig.set_param(‘name’, ‘signature.asc’)
sig.add_header(‘Content-Description’, ‘OpenPGP digital signature’)
sig.add_header(‘Content-Disposition’,‘attachment’, filename=‘signature.asc’)

sig.set_payload(str(signature))
return sig

def send(self,destinations=):
payload = MIMEMultipart()

payload.set_param('protocol', 'application/pgp-signature')
payload.set_param('micalg', 'pgp-sha256')   ####!!! GET THIS FROM KEY!
payload.preamble = 'This is an OpenPGP/MIME signed message.'
       
payload['From'] = "from@email"
payload['To'] = COMMASPACE.join(destinations)
payload['Date'] = formatdate(localtime = True)
payload['Subject'] = Header(self.subject, "utf-8")

mail_text=MIMEText(mail_text+"\n", 'html', "utf-8")
payload.attach(mail_text)

# signature
signature = self.createSignature(payload)
payload.attach(signature)

encrypted_mail=payload.as_string()

# send mail
smtp = smtplib.SMTP("localhost", 25)
smtp.set_debuglevel(True)
smtp.sendmail(payload['From'], destinations, encrypted_mail)
smtp.quit()

aheinecke · July 20, 2016, 9:25am

Hi,

With a detached signature you need “MIME” Support which will be new by default in Gpg4win-3.0.0

You can switch to this if you have at least gpg4win 2.3.1 (better 2.3.2) if you open the options (the small arrow in the bottom right corner of gpgol) and set “Enable minimized interface (experimental)” and restart outlook.

Afterwards when you open the mail again it should be automatically verified and the Kleo popup will show up.

We want to make this a bit nicer still before we make this default. (See our Roadmap in the gpg4win wiki)

Please let us know if it still does not try to verify the mail even if you have that setting enabled.

anon60701638 · July 20, 2016, 12:23pm

well I tried, so now:

instead of decryt and save, I only have decrypt
all GpgOL buttons have disapeared from outlook so no way to reverse that setting
no popups show up as I open the mail

anon60701638 · July 20, 2016, 12:30pm

I could reverse it back , as I found a GpgOL registry entry and put back 0 in mimeUI

aheinecke · July 20, 2016, 1:20pm

The option menu would have been available when you select “New Mail” as there will be the sign & encrypt buttons now which also have the corner thingy.

Would it be possible to send me such a signed mail to
aheinecke@intevation.de ? So that I can take a look at the structure?

anon60701638 · July 20, 2016, 1:41pm

well new mail is not what I need to do

I created a test script that should send you a mail (only the attached picture is missing) but for the rest it is the equivalent of what I send to myself

anon60701638 · July 25, 2016, 8:05am

so, did you receive my test mail ?

bernhard · August 2, 2016, 8:47am

Hi p f,
another hint:
To access gnupg from python, the recommendation is to use
a module that utilises gpgme, e.g. pyme for python3, see
https://wiki.gnupg.org/APIs

Best,
Bernhard

anon60701638 · August 2, 2016, 9:13am

nice but I cant find any tutorial to use pyme

this lib seems not to be very used

bernhard · August 3, 2016, 8:32am

Hi,

pyme is a python binding of gpgme. For gpgme there is a documentation
coming with it. (One version of the gpgme documentation can be found here:
https://gnupg.org/documentation/manuals/gpgme/ )

The upcoming binding based on pyme for gnupg 2.11 is the future solution,
I know of a number of applications using pyme (e.g. Roundup has support for it, I am not sure if this is support for creating MIME emails, though). I suggest you write an email to
gnupg-devel@ and ask for example code for creating OpenPGP/MIME emails.
There used to be example code coming with pyme.

Best,
Bernhard

anon60701638 · August 3, 2016, 8:57am

I found this but I need to dig further
it kinda pisses me to redo everything I achieved with gnupg library

https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=blob;f=lang/python/examples/encrypt-to-all.py;h=5e1267604661c1aecd727e7ce30430e90e900ca3;hb=refs/heads/master

thanks for the infos