Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Outlook 2007 No Encryption or Decryption - No Universal Server

Created: 15 Mar 2011 | 2 comments
ncr's picture

It appears that PGP Desktop can't work when Exchange to Outlook endpoint encryption is enabled (and mandated by corporate policy).  The sign and encrypt headers  ("x-pgp-sign-button: selected" and "x-pgp-encrypt-button: selected") are correctly added to the outgoing email, but no encryption or signing occurs. I suspect the email is encrypted when the mail proxy receives it from the client or server and without the ability to decrypt the email PGP Desktop is rendered useless for encryption and signing and cannot automatically decrypt incoming email. Can anyone confirm my assumptions?

Is it possible to intercept the email prior to Outlook's encryption (outgoing) and after Outlook's decryption (incoming) with PGP Desktop?

PGP Desktop 10.1.0 [Build 860] (PGP SDK 4.0.1)

Outlook 2007 (12.0.6423.1000) SP MSO (12.0.6425.1000) (32-bit)

Exchange 2007

Windows 7 Professional 64-bit
 

Comments 2 CommentsJump to latest comment

Tom Mc's picture

For the Outlook PGP buttons to work, it is necessary that PGP be able to proxy the email.  If the email is being encrypted by the email client (Outlook in this case), then the PGP email proxy will not be able to act on it.  If the desired email to server encryption is SSL/TLS, you can accomplish this by disabling this encryption in the email client, and letting the PGP proxy make this connection (which it will automatically attempt, and do if the server provides the option) after it lets PGP act on the email.

When you consider your issue resolved, please click Mark As Solution on the most helpful response.

Search the Knowledge Base &

ncr's picture

I have tried the following after disabling the Exchange-to-Outlook 2007 encryption.

  • Uninstalling 4 times, re-downloading the software 5 times (all SHA-1 hashes agree), installing 5 times
  • Running As Administrator
  • Running in Compatibility Mode
  • Running in Compatibility Mode as Adminstrator

None of the above has led to any encryption of decryption.  I enabled mail proxy debugging and receive log entries similar to the following whenever I attempt to send an encrypted email.

21:46:49 PGP Info Setting logging level to: 0xF3F

...

21:48:08 Email   Info   Processing outgoing message from XXXXXXXXXX<XXXXXX@XXXXX> with subject: Test Encryption
21:48:08 Email   Debug  MAPI Proxy: ..\shared\OCconnection.cpp : Line 231 : Echo::oc::OCconnection::SetServerInfoFromCache
21:48:08 Email   Debug          PGPOvidClientSetServerInfo returned with error code -13895(kPGPError_OCC_MailProcessingDisabled)
21:48:08 Email   Debug                  Received OCC error ecServiceDisabled PGPError: (PGPError #-13895)
21:48:13 Email   Verbose        Connection accepted
21:48:13 Email   Debug  Queueing socket 0x720 for worker
21:48:13 Email   Debug  Socket 0x720 dequeued by worker
21:48:13 Email   Debug  Received OIPCINIT
21:48:13 Email   Debug  >> PGPocInitIndirectSession
21:48:13 Email   Debug  Session-type: MAPI
21:48:13 Email   Debug  << PGPocInitIndirectSession
21:48:13 Email   Debug  PGPocInitIndirectSession succeeded
21:48:13 Email   Debug  Sending OIPCINITRESP
21:48:13 Email   Debug  MAPI Proxy: This message is not encoded and passed through without further processing.
 

I attempted to install the 32-bit version of PGP Desktop, but the installer aborts complaining about a 64-bit platform.  Note that I run the 32-bit version of Outlook 2007 and this is not a managed installation.

Any ideas?