Remove confusing / outdated information about GpgOL 1.3.0
|Deletions are marked like this.||Additions are marked like this.|
|Line 1:||Line 1:|
|= MIME Support in GpgOL
This page gives an overview how GpgOL 1.3.0 and later implements MIME Support.
It focuses on GpgOL for Outlook 2010 and later. The old code for Outlook 2007 and previous versions
worked in a similar way but the API was different and the Problems using that API differed.
MIME Support is still under development and some aspects of this handling are due to change. But we
wanted to release a Version which can basically handle MIME messages before we start Releasing
versions that can also send MIME messages to ensure interoperability between different Versions of
Now the problem is that Outlook internally uses MAPI to store mails. MAPI is a Microsoft API /
Datastore that is not really compatible to MIME in that it does not really allow you to access the
Original MIME structure the way it was sent to you after a MIME Mail has been parsed into Outlook.
Outlook offers an event based system where Addins can jump in and modify the data Outlook works with.
Each time a Mail is loaded into Outlooks Data Model GpgOL Registers itself on the Mailitem and
catches the BeforeRead event in this event we can gain Access to the underlying MIME Message.
== How GpgOL modifies Mails
When an MIME crypto mail is encountered GpgOL takes the Original MIME Message and stores it as
a hidden attachment. You won't see this attachment in Outlook but in other clients you
might see this the filename is the same as the original MIME part. E.g. msg.asc for a PGP/MIME
mail sent with KMail.
It also changes the Message Class (you can see that by the icon in the messagelist) to
trigger some special behavior of Outlook.
GpgOL then decrypts the mail and verifies it if it is signed. Currently
the status of this operation is shown in a popup from Kleopatra.
The results of the decryption are then also attached as hidden attachments
so that we can reuse them in this Outlook session without having to decrypt
a message again. The body is stored as gpgol000.txt and attachments as
gpgolXXX.dat where XXX is an increasing number. Again you won't see those
attachments in Outlook but you might see them with another client.
The plaintext and decrypted attachments are then handed to Outlook to
be shown as the contents of the mail. You should be able to normally
work with this mail / reply / forward as usual.
== How GpgOL protects your Data
As soon as we hand Outlook the plaintext we have to ensure that the
plaintext is not synchronized to a remote server (Exchange or an IMAP Server).
To archive this GpgOL hooks into the write event. The write event is called
by Outlook when a mail is serialized for transfer or storage. In this event
GpgOL removes the plaintext of a Mail and replaces it by a generic
"This Message is Encrypted" text. It also encrypts all attachments to the
mail and the body part attachment.
When GpgOL is deactivated it also removes the plaintext from messages
as described above.
The disadvantage of this is that other Mail clients like Thunderbird or
KMail will not be able to handle mails correctly once GpgOL touches them.
We are hoping that we can improve that in the next version.
The write events from Outlook are not 100% predictable. So it might
happen that you see the "This message is encrypted" text when you
actually want to see the plaintext. You can workaround this by opening
the message again / switching to another mail in the message list
and back to your original mail.