MIME Support in GpgOL
It focuses on GpgOL for Outlook 2010 and later. The old code for Outlook 2007 and previous versions worked in a similar way but the API was different and the Problems using that API differed.
Note: MIME Support is still under development and some aspects of this handling are due to change. But we wanted to release a Version which can basically handle MIME messages before we start Releasing versions that can also send MIME messages to ensure interoperability between different Versions of GpgOL.
Now the problem is that Outlook internally uses MAPI to store mails. MAPI is a Microsoft API / Datastore that is not really compatible to MIME in that it does not really allow you to access the Original MIME structure the way it was sent to you after a MIME Mail has been parsed into Outlook.
Outlook offers an event based system where Addins can jump in and modify the data Outlook works with. Each time a Mail is loaded into Outlooks Data Model GpgOL Registers itself on the Mailitem and catches the BeforeRead event in this event we can gain Access to the underlying MIME Message.
How GpgOL modifies Mails
When an MIME crypto mail is encountered GpgOL takes the Original MIME Message and stores it as a hidden attachment. You won't see this attachment in Outlook but in other clients you might see this the filename is the same as the original MIME part. E.g. msg.asc for a PGP/MIME mail sent with KMail.
It also changes the Message Class (you can see that by the icon in the messagelist) to trigger some special behavior of Outlook.
GpgOL then decrypts the mail and verifies it if it is signed. Currently the status of this operation is shown in a popup from Kleopatra.
The results of the decryption are then also attached as hidden attachments so that we can reuse them in this Outlook session without having to decrypt a message again. The body is stored as gpgol000.txt and attachments as gpgolXXX.dat where XXX is an increasing number. Again you won't see those attachments in Outlook but you might see them with another client.
The plaintext and decrypted attachments are then handed to Outlook to be shown as the contents of the mail. You should be able to normally work with this mail / reply / forward as usual.
How GpgOL protects your Data
As soon as we hand Outlook the plaintext we have to ensure that the plaintext is not synchronized to a remote server (Exchange or an IMAP Server).
To archive this GpgOL hooks into the write event. The write event is called by Outlook when a mail is serialized for transfer or storage. In this event GpgOL removes the plaintext of a Mail and replaces it by a generic "This Message is Encrypted" text. It also encrypts all attachments to the mail and the body part attachment.
When GpgOL is deactivated it also removes the plaintext from messages as described above.
The disadvantage of this is that other Mail clients like Thunderbird or KMail will not be able to handle mails correctly once GpgOL touches them. We are hoping that we can improve that in the next version.
The write events from Outlook are not 100% predictable. So it might happen that you see the "This message is encrypted" text when you actually want to see the plaintext. You can workaround this by opening the message again / switching to another mail in the message list and back to your original mail.