A long time ago, I used PGP for signing my email, but I stopped using it. Probably because I didn't quite get the concept yet, but that has changed now.

Today I switched to GPG for signing my mail and files, with all the required files running from my memory stick.

One thing bothered me however, no Outlook 2007 support at all. There are some plugins around for older Outlook versions, but that didn't quite work out.

So I decided to develop my own! And after a few weeks of development and testing, it's done and ready to be set free upon the world.

Let's have a look at the functionality and how to set it up and use it.

Prerequisites

First of all, a working copy of GPG is required, so visit the GnuPG download page, scroll down and download the command line Windows version.

Install this somewhere on your machine and remember the path where you installed it.

If everything has gone correctly, you can now open a command prompt and type gpg --version and gpg --list-keys to see the version and your keys (which would be empty if you're using it for the first time).

Visit the Getting Started section of the GnuPG handbook to generate your own key if this is your first encounter.

Command Line Interface

OutlookGnuPG

There are two main areas in the plugin, functionality for sending a mail (sign/encrypt) and for retrieving a mail (verify/decrypt).

At the moment only plain text emails are supported. No HTML mail or attachments, that's for a future version :)

To install the addin, start by adding www.cumps.be to your Trusted Sites (you can do this in Internet Explorer - Tools - Internet Options - Security - Trusted Sites - Sites).

Trusted Sites

Download the OutlookGnuPG ClickOnce installer and execute it. (See Update 1 and 2 below)

This will give you a prompt asking you if everything is fine. Go ahead and install it. You might have to close Outlook before installing.

ClickOnce Installer

When the addin is installed, you can open Outlook and a Settings dialog will show up. Click Browse... and select the directory where your the gpg.exe you previously installed is located.

On the second tab you can select the default key you want to use to sign your mails. You will still have a choice to change your key upon sending the actual mail.

GnuPg Location

Default Key

Click Ok when done. At this point you can use your Outlook as before, since we haven't checked any auto-sign/encrypt functionality.

Sending Mail

When you compose a new mail, you will notice the Message ribbon has a new group on it, called OutlookGnuPG, with a Sign and Encrypt toggle button.

Compose Ribbon

Sending out a signed mail is as simply as turning on the Sign button, typing your mail and pressing Send. It will prompt you to select the private key you want to use to sign the mail, and your passphrase.

Passphrase Window

Creating an encrypted mail follows the same logic, toggle the Encrypt button and send your mail. You will have to select the intended recipients (multiple are possible) and it will encrypt the mail so only these people will be able to decrypt it.

Recipient Window

To be absolutely safe, you can toggle both Sign and Encrypt button to send out an encrypted signed message.

Retrieving Mail

Reading mail can be done in two ways in Outlook, either by opening the mail item, or by using the preview pane. It only makes sense there are two ways to verify/decrypt a mail as well then.

The first is very identical to the send functionality. When you open an existing mail, you will notice a new ribbon group, OutlookGnuPG, with a Verify and Decrypt button.

Read Ribbon

Simply click Verify to check if a signed mail is valid or not. A messagebox will inform you of the status.

Valid Signature

Likewise, click Decrypt to decrypt an encrypted email. This will ask you for your private key to decrypt the message with. The message will be decrypted, and the decrypted content will be placed in the message. If the message was also signed, a messagebox will inform you of the status.

The second way is through the preview window. A new commandbar will have appeared on the preview window, with a Verify and Decrypt button, which work exactly the same as the previous buttons.

CommandBar

Credits

OutlookGnuPG is free, only supported by a donate button, so it's only fair to give the used resources some credits.

Silk Icon Set by Mark James OpenPGP wrapper by Starksoft Clipboard Wrapper by Alessio Deiana

AboutBox

Feedback

Got questions? Remarks? Feel free to leave a comment :)

Update: Since I won't have the time to maintain this, I'm releasing the source: cc.outlookgnupg-1.0.8.0.zip

Update 2: Philippe Teuwen and Thierry Walrant have taken it upon themselves to improve the code I posted above and made it available on github, using GPLv3 as a license. Check it out at: github.com/twalrant/OutlookGnuPG

 
Reacties: 44
 
  • Very nice! I will definitely give it a whirl and see how it works. I don't personally use Outlook but a lot of my users do and this could really help us to get GPG deployed on all their machines.

    Does it also work in Outlook 2004 or is it 2007 only plugin? If it worked in both, that would be awesome!

     
     
  • jambarama

    Incredibly awesome - I found your post from here: http://www.terminally-incoherent.com/blog/2008/08/13/no-one-uses-gpg-with-outlook/

    I'll get right on installing it.

     
     
  • This is something I was looking for a long time (since Gpg4win only supports Outlook 2003). I have a problem that it cannot find my GnuPG installation (I will send you an e-mail with the screenshot and further details).

     
     
  • @Luke Maciak, probably only 2007, since it uses the new Ribbon infrastructure.

     
     
  • phil

    Thanks a lot, very useful!

     
     
  • Looks promising...

    I tried to install it, but was told that I don't trust the certificate you signed the manifest with. (I added your domain to my Trusted Sites zone and even dropped the security down to LOW).

    Can you publish the public certificate that you use for code signing, so we can manually import that into our certificate store and trust it?

    I'm looking forward to seeing if this works for me! I'm actually making the switch FROM Thunderbird/Enigmail to Outlook and I have been discovering how awful the Outlook 2007 support is for PGP... :)

     
     
  • The installer doesn't install the Visual Studio Tools for Office Runtime. It just tries to install the service pack which doesn't work if the runtime isn't already installed.

     
     
  • It installed and isn't disabled, but the add-ins list doesn't show the add-in as active. Any idea how to make it active?

     
     
  • This also needs .Net Interoperability installed for Outlook. If it isn't, the tool never enables.

     
     
  • Brant, Kenneth, I'm assuming you guys are techies, so you'll find this comment useful:

    http://blog.cumps.be/crossroads-of-life-decisions-change/#comment-52787

    I'll publish the source soon, then you can just compile it, run it once and it'll be on your machines ;)

    I'll have a look at updating the ClickOnce installer too at that same time for the extra dependencies

     
     
  • James Byrne

    Thanks for doing this, it's just what I need. My only problem is that it works very well for decrypting messages, but trying to encrypt fails with an error like this:

    An error occurred while trying to Encrypt data using GnuPG. GPG.EXE command switches used: --passphrase-fd 0 --no-verbose --armor --encrypt --recipient test@example.com

    I've tried running GPG at the command line with these parameters and it works OK, except that it prompts as follows:

    gpg: 4C90310F: There is no assurance this key belongs to the named user

    [Details omitted]

    It is NOT certain that the key belongs to the person named in the user ID. If you *really* know what you are doing, you may answer the next question with yes.

    Use this key anyway? (y/N) y

    Is this what causes the error? If so, do you know how to fix this?

     
     
  • Awesome to hear you'll probably make it open source... hopefully before everything is unplugged. Yes, I'm a techie. I try to keep things balanced though. Avoiding computers is as bad as being sucked into them in my opinion.

    I hope you find your balance.

     
     
  • @Brant,
    I'm not avoiding them, I'm still spending over 40hours/week on them doing what I love ;) Just had to cut back a bit, since I was doing well over 100/week.

    That being said, I can't find "Visual Studio Tools for Office Runtime" and ".Net Interoperability installed for Outlook" in the Prerequisites list of Visual Studio (in the Publish tab) :s

    I'm currently packaging the source and will upload it soon, won't be on googlecode though, just a zip :)

     
     
  • Source has been uploaded too now, see bottom of post for link :)

     
     
  • @James,
    No idea right away, the plugin doesn't like interactive session (e.g.: waiting for the Y input), might be the reason.

    You can download the source and step through if you want ;)

     
     
  • I should add, near the end, I lost motivation, and as the goal was "it works for me", the code isn't the prettiest as I usually do for production code :p

     
     
  • Great plugin! Thanks so much, this is exactly what I needed!

     
     
  • Great initiative!

    Decrypting and verifying signature works well.
    Signing works too.
    But for encrypting, the plugin doesn't manage to show me the recipients list, only an empty list.
    Any clue?

    Note that I'm techie but not for Windows/Outlook/.Net

    Little hint maybe useful for others: initially I was using gpg from cygwin but I had additional problems with the plugin so I installed the standalone version of gpg (also 1.4.9) which works fine.

    If you don't plan to maintain the code, may I suggest to put it on a collaborative platform such as GitHub (http://github.com)?
    You can sign for free and upload your code, then other developers simply fork your project and collaborate, it does not require any extra management effort from you.

    Phil

     
     
  • Hi, another glitch:
    From time to time it fails with the message
    "Unable to find GPG.EXE. The path 'C:\Program Files\GnuPG\gpg.exe' does not contain the GPG.EXE executable program."
    So obviously gpg.exe was somehow appended to the saved path. If then I open settings, path seems ok, I open the browse again, select again the same path, Ok, and then it works again for a while until next glitch.

    Phil

     
     
  • Fabulous work David,
    I got it going very easily. I was happily signing and encrypting between my thunderbird and outlook accounts. YET when I went back to it a while later to show some associates the Outlook tool ribbon had mysteriously disappeared. Re-installing says it is already there and I cannot see it in the toolbar options...
    Any clues?

     
     
  • Greg, you can go to Tools - Trust Center - Add-ins to remove it there I belief.

    Or use the Add and Remove Programs in Control Panel to remove it.

     
     
  • zenetko

    Good job David ! A nice handy plugin. Hoping it supports HTML and Attachments soon. :)

     
     
  • I hope you change your mind and get the HTML and Attachments up and running also.

    It would be quite handy.

    Thanks.

     
     
  • Ronan

    Nice tool, I'm not a Windows techie. I'm having a problem when trying to decrypt emails (encryption working fine). I can decrypt on the command line using GPG. The error I get is ...

    gpg: public key decryption failed: bad passphrase
    gpg: decryption failed: secret key not available

    :)

     
     
  • Mike

    Beautiful! Thanks for a useful application.

     
     
  • Arfonzo

    This is great, thanks David. Works in Outlook 2010 TP.

    Any update on attachments & HTML support?

    Kind regards.

     
     
  • t0m

    Superb!! for a very long time, i must migrate my emails from Tbird because it cannot be sync to my HTC.


    Thx for this very useful application ^^

     
     
  • Peter

    It is nog working for me. No errors, no messages. The add-in don't load.

    Trusted the website, Macro security down, etc.

    I'm using XP en office 2007.

     
     
  • Peter

    Second message. I have downloaded all te files. Now i have a little bit more information. The error i get is: "Not Loaded. A runtime error occurred during the loading of the COM Add-in"

    This message is on the COM Add-ins configuration dialog.

     
     
  • This is great. I just have one problem though. Unlike in Enigmail with Thunderbird, with this addon after decrypting the message and you go to another message or even if you close Outlook itself, the message stays decrypted. In Enigmail, you have to enter your passphrase again. This may pose some privacy issues.

    I don't know but I haven't restarted yet, maybe after a restart it'll be encrypted once again. That I still have to find out.

     
     
  • Aaron

    I'm having the same problem as James above, where the add-in is not prompting for a passphrase upon signing or encryption.

    I have un-installed everything and re-installed everthing 2X, but no resolution... any insights on how to get the passphrase prompt to re-appear? It worked for me for a few weeks, but then it just went dead on me!

    I love this thing... would appreciate any insight so that I can get it working again.

     
     
  • Alex

    I wanted to open the source code with Visual Studio 2008 Standard, but the CC.Outlook.GnuPG Project could not be opened.

    Opening the project file revealed, that some of the XML elements seem to be unsupported like among others. Does someone have an idea how to solve this?

     
     
  • Art

    Works perfectly (XP SP3, Oulook 2007) - Thanks, David! Just one thing that I personally think is not very good:

    - Once you have decrypted an E-Mail it stays decrypted even after closing and restarting outlook. Thats not really what I call secure.

    Im looking forward to the enhanced functionality (HTML, Attachments).

    Greets from Munich/Germany
    Art

     
     
  • Florian

    Just great...i've been waiting for this since i started to use gpg. GPGOl never worked for me. thanks for sharing the source...

     
     
  • Laks

    This is great. I installed the tool and it works without any issues. Had some trouble installing the tool. Followed instructions from http://msdn.microsoft.com/en-us/library/bb772070.aspx and finally it worked!

     
     
  • Jeremy

    Thanks for the code. I'm trying to run it to add the support for an attachment and html pages. I can't get it to compile. I'm getting the error "unable to get MD5 checksum fro the key file clumpsConsulting.pfx. Any ideas?

     
     
  • Philippe Teuwen and Thierry Walrant have taken it upon themselves to improve the code I posted above and made it available on github, using GPLv3 as a license.

    Thanks for that!

    Check it out at: http://github.com/twalrant/OutlookGnuPG

     
     
  • asdhasjld

    nice work even if i cannot get it running as of the moment
    @Arfonzo: i get an error when installing this "office pia for 2007". how did u get it to work with 2010???

     
     
  • Mathias

    This is great, I search almost a year for a working solution.

     
     
  • Marco

    I have an issue with the installation and the only thing that I can think of is that we use TLS with a self-signed certificate. I am not sure if I am right but the multiple mentions of trust in the log is what lead me to that theory. Thanks for any and all help


    The plugin fails with the following;

    Name: CC.OutlookGnuPG
    From: http://www.cumps.be/apps/outlook-gnupg/CC.OutlookGnuPG.vsto

    Customized functionality in this application will not work because the certificate used to sign the deployment manifest for CC.OutlookGnuPG is not trusted. Contact your administrator for further assistance.

    ************** Exception Text **************
    System.Security.SecurityException: Customized functionality in this application will not work because the certificate used to sign the deployment manifest for CC.OutlookGnuPG is not trusted. Contact your administrator for further assistance.
    at Microsoft.VisualStudio.Tools.Applications.Deployment.ClickOnceAddInTrustEvaluator.VerifyTrustPromptKeyInternal(ClickOnceTrustPromptKeyValue promptKeyValue, DeploymentSignatureInformation signatureInformation, String productName)
    at Microsoft.VisualStudio.Tools.Applications.Deployment.ClickOnceAddInTrustEvaluator.VerifyTrustUsingPromptKey(Uri manifest, DeploymentSignatureInformation signatureInformation, String productName)
    at Microsoft.VisualStudio.Tools.Applications.Deployment.ClickOnceAddInDeploymentManager.VerifySecurity(ActivationContext context, Uri manifest, AddInInstallationStatus installState)
    at Microsoft.VisualStudio.Tools.Applications.Deployment.ClickOnceAddInDeploymentManager.InstallAddIn()
    The Zone of the assembly that failed was:
    MyComputer

     
     
  • Marco

    Well....for anyone who has ever dealt with this issue, this is a good lesson of following directions. Be sure to add www.crumps.be to the trusted sites...This actually adds to my microsoft frustrations because I wouldn't download anything if I didn't trust it but I guess we have to hand-hold people...

     
     
  • Andor

    The GitHub version (1.2.x) could not be installed on Windows 7. The installer gives a 2869 error.
    This version (1.0.x) also gives an error when using an untrusted key for encryption. Adding a "trust-model always" string to the gpg.conf resolves the problem, because this way gpg won't confirm if the key could be trusted or not.

     
     
  • ksa

    I am not able to add the plugin in outlook. please let me know
    It say cannot be loaded when you load manually

     
     
  • peter

    Hi David,

    Thanks for this plugin. Signing works just fine. But encrypting doesn't work. It is not working to users in my keyring as well. Any idea?

    Best regards,
    Peter

     
     
  • Reageer
    Items aangeduid met * zijn verplicht. (Naam, Email, Commentaar)
    Enkele items ontbreken of zijn fout ingevuld.
     
     
     
    Om zeker te zijn dat je geen computer bent, typ de onderstaande tekst over.