[Gpg4win-users-en] GPGol fails to sign/encrypt outgoing messages!

Bo Berglund bo.berglund at telia.com
Sat Sep 12 17:24:25 CEST 2009


I have a hard time understanding how this encryption/signing system works...

Today I have encountered the same pronblem *twice*:

1A) I sent a message to a recipient from whom I have received his public key
in order to verify his ability to decrypt the message. So I typed my message,
then clicked the "Encrypt" button in Outlook and then adjusted some text and
finally sent the message.
==> It was *NOT* encrypted!!!

1B) I opened the sent message and found that it was unencrypted, so I used the
function in outlook to resend the message and this time I clicked the button
*immediately* before clicking the send button.
==> This time it was encrypted

2) I posted a message on this list just a few minutes ago and decided to test
the signing function. So I clicked the sign button and then adjusted the text
and sent it off.
==> It was sent unsigned!!!!!!

I belive that this is a very serious bug in GPGol, since if one is sending
sensitive information and need the encryption and it is not done then the 
result may be catastrophic!!!!

It seems like the buttons in Outlook that GPGol uses have to be clicked exactly 
*before* the Outlook Send button to have any impact at all on the message being 
sent.
This is very easy to overlook. In my case I clicked the button and then made 
some last adjustment to the text before sending. The button was still marked 
as active, but it clearly did not work.

Am I using Outlook/GPGol erroneously or is this a known bug?

I am running gpg4win 1.4.1 and Outlook 2003.

Now I am going again to try signing this list message by clicking the sign button 
right before the send button. Please check if there is a signature attached.

--
Bo Berglund




More information about the Gpg4win-users-en mailing list