Currently, I am looking for an S/MIME compatible plugin for Outlook Web. We are already using GpgOL on Outlook Desktop, integrated with our internal PKI infrastructure, and we want to extend this functionality to the web. I’ve explored Mailvelope, but it only supports GPG. My specific need is to use S/MIME with our existing PKI.
I have started developing a web add-in for Outlook that exports data to a local API hosted on my machine. Kleopatra is already installed on my PC. My API should import users’ public keys from LDAP, encrypt messages, and transmit them to the web add-in.
However, I am currently encountering a problem with gpgsm. I am unable to import public keys; it reports not finding the root Certificate Authority (CA root), even though I have imported it into the folders C:\Users\user_name\AppData\Roaming\gnupg and C:\Users\user_name\AppData\Local\gnupg. The error persists.
Furthermore, assuming this problem is resolved and I manage to encrypt and send the data, I am wondering if users of the desktop version of Outlook will be able to decrypt these messages.
Any advice or guidance that could help me would be greatly appreciated.
it is a bit complicated to configure the CMS root certificates in GnuPG.
For elder versions, pointers are here: X.509 - GnuPG wiki, but this does not cover the recent versions.
For once you must import that root certificate and then you have to manually set it to be trusted for gpgsm and for dirmngr. What can help you is the debugging output of both.
So in the abstract, I suggest:
Check the dirmngr and gpgsm documentation how to setup diagnostic output to a log file and how to restart dirmngr. (So that you can actually see the effect of your configuration changes.)
gpgsm --import the root ca, also put it into the dirmngr directory.
check the logs when trying to verify something signed with that certificate
(I’d be happy if we’d get a report that we can link from the above wiki page again.)
Hi @skuid, we are currently developing an AddIn for Outlook Web, see this thread: GpgOL and new Outlook - #7 by ognarb
This will definitively be compatible with the GpgOL AddIn for classic Outlook.
Oh great! But does this web add-in use S/MIME? I tried following the installation guide, but I couldn’t get it to work. Are there any prerequisites before installing GpgOL for the web? Also, does it work with native applications only, or is it compatible with both browser-based and native email clients?
yes, the new add-in will also support S/MIME, and it should be compatible with both, the new native and browser-based application.
installation and cofiguration is still a bit tricky, we’re working on enhancing the documentation and automation of the installation process. the current beta version of Gpg4Win is still missing some parts of the add-in, we’re working on that, too.