Endpoint Encryption

 View Only

  • 1.  Outlook 2007 No Encryption or Decryption - No Universal Server

    Posted Mar 16, 2011 01:13 AM

    It appears that PGP Desktop can't work when Exchange to Outlook endpoint encryption is enabled (and mandated by corporate policy).  The sign and encrypt headers  ("x-pgp-sign-button: selected" and "x-pgp-encrypt-button: selected") are correctly added to the outgoing email, but no encryption or signing occurs. I suspect the email is encrypted when the mail proxy receives it from the client or server and without the ability to decrypt the email PGP Desktop is rendered useless for encryption and signing and cannot automatically decrypt incoming email. Can anyone confirm my assumptions?

    Is it possible to intercept the email prior to Outlook's encryption (outgoing) and after Outlook's decryption (incoming) with PGP Desktop?

     

    PGP Desktop 10.1.0 [Build 860] (PGP SDK 4.0.1)

    Outlook 2007 (12.0.6423.1000) SP MSO (12.0.6425.1000) (32-bit)

    Exchange 2007

    Windows 7 Professional 64-bit
     



  • 2.  RE: Outlook 2007 No Encryption or Decryption - No Universal Server

    Posted Mar 16, 2011 01:34 PM

    For the Outlook PGP buttons to work, it is necessary that PGP be able to proxy the email.  If the email is being encrypted by the email client (Outlook in this case), then the PGP email proxy will not be able to act on it.  If the desired email to server encryption is SSL/TLS, you can accomplish this by disabling this encryption in the email client, and letting the PGP proxy make this connection (which it will automatically attempt, and do if the server provides the option) after it lets PGP act on the email.



  • 3.  RE: Outlook 2007 No Encryption or Decryption - No Universal Server

    Posted Mar 18, 2011 12:26 AM

    I have tried the following after disabling the Exchange-to-Outlook 2007 encryption.

    • Uninstalling 4 times, re-downloading the software 5 times (all SHA-1 hashes agree), installing 5 times
    • Running As Administrator
    • Running in Compatibility Mode
    • Running in Compatibility Mode as Adminstrator

    None of the above has led to any encryption of decryption.  I enabled mail proxy debugging and receive log entries similar to the following whenever I attempt to send an encrypted email.

    21:46:49 PGP Info Setting logging level to: 0xF3F

    ...

    21:48:08 Email   Info   Processing outgoing message from XXXXXXXXXX<XXXXXX@XXXXX> with subject: Test Encryption
    21:48:08 Email   Debug  MAPI Proxy: ..\shared\OCconnection.cpp : Line 231 : Echo::oc::OCconnection::SetServerInfoFromCache
    21:48:08 Email   Debug          PGPOvidClientSetServerInfo returned with error code -13895(kPGPError_OCC_MailProcessingDisabled)
    21:48:08 Email   Debug                  Received OCC error ecServiceDisabled PGPError: (PGPError #-13895)
    21:48:13 Email   Verbose        Connection accepted
    21:48:13 Email   Debug  Queueing socket 0x720 for worker
    21:48:13 Email   Debug  Socket 0x720 dequeued by worker
    21:48:13 Email   Debug  Received OIPCINIT
    21:48:13 Email   Debug  >> PGPocInitIndirectSession
    21:48:13 Email   Debug  Session-type: MAPI
    21:48:13 Email   Debug  << PGPocInitIndirectSession
    21:48:13 Email   Debug  PGPocInitIndirectSession succeeded
    21:48:13 Email   Debug  Sending OIPCINITRESP
    21:48:13 Email   Debug  MAPI Proxy: This message is not encoded and passed through without further processing.
     

    I attempted to install the 32-bit version of PGP Desktop, but the installer aborts complaining about a 64-bit platform.  Note that I run the 32-bit version of Outlook 2007 and this is not a managed installation.

    Any ideas?