Contents
Background: Message conversion in GpgOL
Microsoft uses both in Exchange and in Outlook the MAPI data format. This is a specific format that saves things like the body or the subject as object properties.
A view of MAPI Properties in outlook with the tool OutlookSpy
When a message is sent over the internet through SMTP Outlook or Exchange (depending on weather the client is connected to an Exchange over the MAPI protocol or not) convert the message from MAPI to the RFC-822 MIME Format. As this modifies the mail it would break the structure of a PGP/MIME or S/MIME message. When the conversion occurs is documented in MSDN: Content conversion
More details about the conversion are documented as MS-OXCMAIL
GpgOL utilizes the special handling offered for S/MIME for both S/MIME and OpenPGP. This is documented as: MS-OXOSMIME.
Following is a description of what this concretely means:
OpenPGP Encrypted
Message class: IPM.Note.InfoPathForm.GpgOL.SMIME.MultipartSigned
Empty body (no or empty PR_BODY property)
One attachment which contains the MIME structure with the header:
MIME-Version: 1.0 Content-Type: multipart/encrypted; protocol="application/pgp-encrypted"; boundary="someboundary"
OpenPGP Signed
Message class: IPM.Note.InfoPathForm.GpgOLS.SMIME.MultipartSigned
Empty body (no or empty PR_BODY property)
One attachment which contains the MIME structure with the header:
MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=SHA-256; boundary="someboundary"
S/MIME Encrypted with Exchange 2016 and later
Message class: IPM.Note.InfoPathForm.GpgOL.SMIME.MultipartSigned
Empty body (no or empty PR_BODY property)
One attachment which contains only the S/MIME encrypted data. No header.
Additionally we set PR_PIDNameContentType_DASL to: "application/pkcs7-mime;smime-type=\"enveloped-data\";name=smime.p7m" to inject the proper header.
S/MIME Encrypted with Exchange 2013 and 2010
Message class: IPM.Note.InfoPathForm.GpgOL.SMIME.MultipartSigned
Empty body (no or empty PR_BODY property)
One attachment which contains the MIME structure with the header:
MIME-Version: 1.0 Content-Type: application/pkcs7-mime; smime-type=enveloped-data; name="smime.p7m" Content-Disposition: attachment; filename="smime.p7m" Content-Transfer-Encoding: base64
SMIME Signed
GpgOL only sends Multipart signed messages, never Opaque signed.
Message class: IPM.Note.InfoPathForm.GpgOLS.SMIME.MultipartSigned
One attachment with the Header:
MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=SHA-256; boundary="someboundary"
Interoperability issues
It has been noted that some clients do not handle our Mails well when the MAPI to MIME conversion does not happen. E.g. If mails are exchanged on the same Exchange Server with different client.
This happens for S/MIME Mails because most clients do not recognize the InfoPathForm type of the message class. Since GpgOL 2.3.x the message class is changed back to the original S/MIME message classes IPM.Note.SMIME and IPM.Note.SMIME.Multipart after the mail is handled by GpgOL. If you find interoperability issues please report them under https://dev.gnupg.org