Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.

Symantec Encryption Desktop decrypts ".gpg" files as text files

Created: 18 Feb 2014 | 23 comments

In my organization we use both Symantec Encryption Desktop and Gpg4win (the Windows implementation of the GNU Privacy Guard). When I encrypt a file using Gpg4win (version 2.2.1) and my co-worker decrypts the file with Symantec’s software (version 10.3.1) it ends up as a text file. The encrypted file’s name has the format “FILENAME.xls.gpg” and the decrypted file’s name is “FILENAMExls.txt” (the file itself seems uncorrupted because if we manually change the name to “FILENAME.xls” it opens as expected in Excel). I have tried changing the encrypted file’s extension to “.pgp” prior to sending it and the same thing happens. I’ve also tried sending other file types as well but am getting the same results. Is there anything I can do to resolve this issue?

Operating Systems:

Comments 23 CommentsJump to latest comment

dcats's picture

Hi Justin-H,

What's the name embedded in the packets?

External reference:
http://superuser.com/questions/523631/pgp-gnupg-wh...

Rgs,
dcats

Justin-H's picture

The encrypted file ends up with the same name as the original file. For example, "Notes.docx" is encrypted by Gpg4win as "Notes.docx.gpg" and is later decrypted by Symantec Encryption as "Notesdocx.txt."

dcats's picture

Hi Justin-H,

You need to check what is the file name embedded inside the resulting file. You can check the link above as a reference for gpg.

Rgs,
dcats

dcats's picture

Hi Justin-H,

I did a couple of tests encrypting different files (.exe, .bmp, xlsx) with Gpgwin 2.2.1 using Kleopatra 2.2.0 (KDE Dev 4.10.3).
Then I decrypted with Symantec Encryption Desktop (SED) versions 10.3.0 and also with 10.3.2 (the lastest one).
The result was that the extension was kept, like in the original file.

With gpg it seems this command will give some packet information:
C:\Program Files\GNU\GnuPG>gpg --list-packets c:\filename.gpg

In my case, among other details, I had:
--- snip ---
:literal data packet:
        mode b (62), created 1392809406, name="",
--- snip ---

Rgs,
dcats

Justin-H's picture

Hi dcats,

Where do I enter this command? I've tried entering it in the "gpg2" and "gpgv2" executable files in the GnuPG folder but no results came up. I even tried entering it into a Windows command prompt but that did not work either.

Regards,

Justin-H

dcats's picture

Hi Justin-H,

Copy the file to the root of C.
Open a command prompt (cmd).
Then CD to the installation directory. In my case it was "C:\Program Files\GNU\GnuPG".
There I ran the command:
gpg --list-packets c:\filename.gpg

Rgs,
dcats

Justin-H's picture

Hi dcats,

Those instructions were very helpful, thank you. A portion of the results is as follows:

literal data packet:
mode b (62), created 1392904994, name="".

Regards,
Justin-H

dcats's picture

Hi Justin-H,

Is it possible to update the product and check if this still happens with the latest version?

Rgs,
dcats
 

Justin-H's picture

Hi dcats,

I'll do that and let you know the results.

Regards,
Justin

Justin-H's picture

Hi dcats,

My co-worker has been upgraded to the latest version of Symantec Encryption Desktop, and the files I send are still being decrypted as text files.

Regards,
Justin-H

dcats's picture

Hi Justin-H,

And GnuPG, did you also upgrade Gpgwin?
Do you also use Kleopatra? Just asking because I'm not sure if it's mandatory or not.

Rgs,
dcats

dcats's picture

Hi Justin-H,

And GnuPG, did you also upgrade Gpgwin?
Do you also use Kleopatra? Just asking because I'm not sure if it's mandatory or not.

Rgs,
dcats

Justin-H's picture

Hi dcats,

I'm using the latest version of Gpg4win (v2.2.1), and yes I'm using Kleopatra (v2.2).

Regards,
Justin-H

dcats's picture

Hi Justin-H,

This is a long shot, but I have the feeling that this might be some remnants on an incorrect file association in the registry. If so, this may be a quite complex subject. Could you attempt the following?
- Uninstall the application
- Search for .pgp and .gpg occurrences in the registry and check if they could be affecting this behaviour.
- Create a new user profile
- Install and check again

I found references of PGPmnApp.exe in the following registry locations (in a x64 machine):
HKEY_CLASSES_ROOT\.pgp\PGP Encrypted File\ShellNew
HKEY_CURRENT_USER\Software\Classes\.pgp\PGP Encrypted File\ShellNew
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\22D88BAAF9D5E0C4DB494A59921A4236
HKEY_USERS\S-1-5-21-3537055830-3038013349-2692064939-500\Software\Classes\.pgp\PGP Encrypted File\ShellNew
HKEY_USERS\S-1-5-21-3537055830-3038013349-2692064939-500_Classes\.pgp\PGP Encrypted File\ShellNew

Similarly, you can see if you have the extensions .pgp and .gpg associated to some text editor.

Rgs,
dcats

JP-C's picture

I'm running into the same issue.  A colleague is sending me encrypted files from GPG and Symantec is decrypting them with the .txt extension.  I'm able to determine the file type because the original extension remains in the filename except that it removes the "." 

For example:

  "example.ppt.gpg" gets decrypted to "example ppt.txt"

I checked other forums in GPG and it looks like there a couple others who are in this situation.  

I did do a quick search of the registry but everything appears normal.

 

 

 

JP-C's picture

One more point of clarification - this only happens when I am double clicking on a PGP attachment in outlook and the Symantec Ecryption Desktop application is used to decrypt the PGP file.  If I save the GPG attachments to the desktop and decrypt (via right click or the SED app) it decrypts the file correctly with the proper extension.

 

dcats's picture

Hi JP-C,

Thanks for the feedback.
This seems a different situation of the one described by Justin-H. What you are facing appears to be an issue related with the mail encapsulation.
Open the email with PGP Viewer and then Extract the file. Do you still see the same behavior?

I'm curious if enabling PGP Messaging will be able to decrypt the attached file (which does with the .pgp attachments) with the proper extension.

In Outlook, open the message (double-click on it) and go to File > Info > Properties and check the Internet headers. Can you post them?
(if you wish you can remove email address / path information)

If not, for now, I would be particularly interested in these headers:
Examples:

 MIME-Version: 1.0
 Content-Type: text/plain; // multipart/mixed; // Multipart/related; // Text/HTML; charset=US-ASCII // application/ms-tnef; name="winmail.dat"
 Content-Transfer-Encoding: "BASE64" // "QUOTED-PRINTABLE" // "8BIT" // "7BIT" // "BINARY" / x-token
 Content-<other_type_that_might_appear>:
 X-MS-Has-Attach: yes

 
 
@Justin-H,

Is this also your scenario?

 

Rgs,
dcats

JP-C's picture

Thanks for the reply dcats,

To give you some more background info, the email sent to me was not encrypted.  Only the attachments.

Open the email with PGP Viewer and then Extract the file. Do you still see the same behavior?

The PGP viewer was able to open the email without a problem (it was not encrypted), however, when I extract the file, it would save the file with the correct file name but still encrypted:

   "example.gpg"  is extracted as "example.gpg"

 

I'm curious if enabling PGP Messaging will be able to decrypt the attached file (which does with the .pgp attachments) with the proper extension.

It is not able to decrypt the attached file via the viewer, it only gives me the option to save the encrypted file.  I still need to manually decrypt.

 

Messsage Header below with mail path info removed:

Mon, 24 Mar 2014 13:48:24 -0500
Content-Type: application/ms-tnef; name="winmail.dat"
Content-Transfer-Encoding: binary
Thread-Index: Ac9HkJI6khEmBNkFSq2Iw7WTbCMr+A==
Date: Mon, 24 Mar 2014 13:48:22 -0500
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
MIME-Version: 1.0
X-MS-Exchange-Organization-AuthAs: Internal
X-MS-Exchange-Organization-AuthMechanism: 04
X-MS-Exchange-Organization-AVStamp-Mailbox: MSFTFF;1;0;0 0 0

 

Justin-H's picture

dcats,

What JP-C is describing seems to be the exact same issue that I am facing (I've also only been encrypting the attachments rather than the entire emails).

JP-C

Thank you for mentioning the distinction between decrypting the file within Outlook and decrypting it when saved on the desktop. This is something I had not thought to try before, and when my co-worker saved the encrypted files to her desktop they all decrypted correctly.

Justin-H

JP-C's picture

No problem Justin-H.  I'm glad you posted the question, otherwise I wouldn't have found this forum.

dcats: 

I also just tried copying the encrypted GPG file on my dekstop over to the PGP viewer.  When the PGP viewer is docked (see below)

PGP Docked

The PGP viewer looked like it decrypted, but when I clicked on the attachment it had nothing save.

pgperror.jpg

However, if the PGP viewer is a standalone window, it decrypts the file properly and has a file to save.  

Not a big issue with me since I prefer not to open another application to decrypt files, but thought I would share in case it helped you to troubleshoot.

 

 

dcats's picture

Hi JP-C and Justin-H,

I haven't tested yet, but this can be related with this email header:
Content-Type: application/ms-tnef; name="winmail.dat"

Perhaps this .dat breaks something...

Can you check the results after removing it according to the steps below?

Please check these external articles:
http://email.about.com/od/outlooktips/qt/Prevent_W...
How e-mail message formats affect Internet e-mail messages in Outlook :: http://support.microsoft.com/kb/290809

Thanks,
dcats

JP-C's picture

That didn't work, but I am OK with the workaround.  I think it's a bug on Symantec's side that should be reviewed.

 

 

dcats's picture

Hi JP-C,

For what I've seen, this could have two root causes:

One of them is that PGP Viewer has limited functionality as decribed in this article: Unable to Decrypt Files and Emails using Drag & Drop from Microsoft Outlook to PGP Viewer - TECH200975.

The other is that TNEF is *not* a standard. Please see this external article:
Content Conversion : http://technet.microsoft.com/en-us/library/bb23217...

I would suggest you to post one (or multiple) Idea(s) here: https://www-secure.symantec.com/connect/security/i...
If you have the possibility to open a Technical Support case, please do it and file a Feature Request, this would bring traction to this request.

 

Thanks,
dcats