Outlook Express and multipart/encrypted - PGP

This is a discussion on Outlook Express and multipart/encrypted - PGP ; Hi all, I'm writing a mail list manager extension that supports PGP re-encrytion on send, ie any incoming message is decrypted (it must be encrypted to a list key) and then reencrypted to all the recipients on the list. Unfortunately ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Outlook Express and multipart/encrypted

  1. Outlook Express and multipart/encrypted

    Hi all,

    I'm writing a mail list manager extension that supports PGP re-encrytion
    on send, ie any incoming message is decrypted (it must be encrypted to a
    list key) and then reencrypted to all the recipients on the list.

    Unfortunately I'm running into problems with users of Outlook Express
    and its complete inability to understand multipart/encrypted. I would
    really like to just say 'get a real mail client', but unfortunately I've
    been told to find an answer

    After a little experimentation I've found that OE only understands it if
    each part is individually encrypted (and has a .pgp extension for the
    plugin I suppose). I'd really like to not conform to this 'format' as it
    has some major problems - munging on the journey (and invalidating the
    signatures - MTA's might respect multipart/encrypted or
    multipart/signed, but why would they treat multipart/mixed in a special
    way?), lack of message integrity (you won't know if an attachment has
    been removed during the sending process) etc.

    Has anyone found a useful way around this sort of thing? I'd prefer
    something that can be done to OE or the PGP plugin for it, but if that's
    out then something that both good, wholesome email clients _and_ OE can
    understand.

    MB


  2. Re: Outlook Express and multipart/encrypted

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    > Hi all,
    >
    > I'm writing a mail list manager extension that supports PGP re-encrytion
    > on send, ie any incoming message is decrypted (it must be encrypted to a
    > list key) and then reencrypted to all the recipients on the list.
    >
    > Unfortunately I'm running into problems with users of Outlook Express
    > and its complete inability to understand multipart/encrypted. I would
    > really like to just say 'get a real mail client', but unfortunately I've
    > been told to find an answer
    >
    > After a little experimentation I've found that OE only understands it if
    > each part is individually encrypted (and has a .pgp extension for the
    > plugin I suppose). I'd really like to not conform to this 'format' as it
    > has some major problems - munging on the journey (and invalidating the
    > signatures - MTA's might respect multipart/encrypted or
    > multipart/signed, but why would they treat multipart/mixed in a special
    > way?), lack of message integrity (you won't know if an attachment has
    > been removed during the sending process) etc.
    >
    > Has anyone found a useful way around this sort of thing? I'd prefer
    > something that can be done to OE or the PGP plugin for it, but if that's
    > out then something that both good, wholesome email clients _and_ OE can
    > understand.
    >

    What about using cleartext/ascii armour text rather than mime?



    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.3 (GNU/Linux)

    iD8DBQFAM5gpseVxKm0DPWERArEGAKDpfpOxgGll0763l22rZO OXRMgikQCgwiMC
    wNH5768aPBXdjDpqLWZf+ok=
    =sNDZ
    -----END PGP SIGNATURE-----

+ Reply to Thread