21 Known problems and help
21.1 GpgOL menus and dialogs no longer found in Outlook
It may happen that the menus and dialogs added to Outlook by GpgOL can no longer be found. This may be due to a technical problem that caused Outlook to deactivate the GpgOL component.
Reactivate GpgOL via the Outlook menu:
Outlook2007: ?!Deactivated components
Outlook2003: ?!Info!Deactivated components
To (de)activate GpgOL manually, use Outlook’s add-in manager:
Outlook2003: Extras!Options!Other!Advanced options... ! Add-In manager...
Outlook2007: Extras!Trust relations Center!Add-Ins – then select Exchange - Client extensions under Manage and click on [ Go to... ].
21.2 GpgOL buttons are not on the Outlook 2003 toolbar
If there are already a lot of buttons on the toolbar of the message window, Outlook 2003 will not necessarily display GpgOL’s signature/encryption icons.
You can display these buttons by clicking on the small icon with the arrow pointing dowwards on the tool bar (Options for toolbar): You will see an overview of all non-displayed buttons. Clicking on an entry will move it into the visible area of the toolbar.
21.3 GpgOL button are listed unter “Add-Ins” (Outlook 2007)
Outlook 2007 introduced the so-called “ribbon” interface. This multi-functional bar in the Outlook message window has different tabs. The GpgOL buttons (for encryption, signatures etc.) are organised under the “Add-Ins” tab; Outlook saves all buttons of extensions in that location. It is not possible to integrate the GpgOL buttons under “Messages”, for example.
You can adjust your tool bar for quick access and add the toolbar commands of the Add-Ins tab.
21.4 Errors when starting GpgOL
If you have first installed Gpg4win (and hence the GpgOL program component) on a drive, then uninstalled it and re-installed it on another drive? If yes, it is possible that Outlook will continue to search for the GpgOL path on the first (old) drive.
127
The Gpg4win Compendium 3.0.0-beta1
Chapter 21. Known problems and help
This means that the GpgOL program extension is no longer started when Outlook starts, and the following error message appears:
The extension ’<old path to gpgol.dll>’ could not be installed or loaded. The problem can be solved by using ’Detect and repair’ in Help, among other things.
You can solve this problem by resetting the internal Outlook (cached) program extension path. To do this, please delete the following file:
%APPDATA%\Lokale Einstellungen\Application data\Microsoft\
Outlook\extend.dat
Outlook should not be running during this process. Then restart Outlook, and it should work fine with GpgOL.
21.5 Installation of Gpg4win on a virtual drive
Please note that it is not possible to install Gpg4win on a virtual drive simulated with the command subst. These virtual drives can only be used locally by the current user. System services, such as DirMngr, do not see these drives. Therefore the installation path is not valid – the installation will stop with error type error:StartService: ec=3. Please install Gpg4win on a drive that is available across the system.
21.6 GpgOL does not check “CryptoEx” InlinePGP e-mails
To check or decrypt signed or encrypted InlinePGP e-mail(s) sent by the Outlook program extension “CryptoEx”, S/MIME support must be activated in the GpgOL options.
Make sure that the following option is active in Outlook under Extras!Options!GpgOL:
Activate S/MIME support.
128
The Gpg4win Compendium 3.0.0-beta1
Chapter 21. Known problems and help
21.7 Does not allow S/MIME operations (system service “DirMngr” not running)
The “Directory Manager” (DirMngr) is a service installed by Gpg4win, which manages access to certificate servers. One task of the DirMngr is to load certificate revocation lists (CRLs) for S/MIME certificates.
It is possible that S/MIME operations (signature creation and check, encryption and decryption) cannot be performed because DirMngr is not available. Therefore Gpg4win default settings must ensure that DirMngr checks the revocation lists – if this is not done, the operation cannot be performed, since it means the potential use of a compromised certificate.
To address this problem, the system administrator restarts DirMngr. This is done via System control!Administration!Services. You will see DirMngr in the list – and the service can be restarted via the context menu.
21.8 S/MIME operations not allowed (CRLs not available)
It is possible that S/MIME operations (signature creation and check, encryption and decryption) cannot be performed because the CRLs are not available. Therefore Gpg4win default settings must ensure that revocation lists are checked – if this is not done, the operation cannot be performed, since it means the potential use of a compromised certificate.
Help is provided by setting up an acting service (“proxies”)for picking up revocation lists (see Section 22.5).
In an emergency (or for testing purposes, CRL checks can also be turned off. To do this, open the Kleopatra menu Settings!Set up Kleopatra and then the group S/MIME check. Activate the option
Never consult recovation lists.
Attention: Be aware that this also means that you run a higher risk of using a compromised certificate. Turning off the revocation list check is never a substitute for setting up a proxy.
129
The Gpg4win Compendium 3.0.0-beta1
Chapter 21. Known problems and help
21.9S/MIME operations not allowed (root certificate is not trustworthy)
The respective root certificate must be trusted for a full review of X.509 certificate chains. Otherwise it is not possible to perform S/MIME operations (signature creation and check, encryption and decryption).
To express your trust in a root certificate, you have two options.
Write the fingerprint of the corresponding root certificate in a system-wide configuration file. Now the root is trustworthy for all users. To do this, you must have Windows administrator rights. For a detailed description, see Section 22.6.
Root certificate set by user (no system-wide adjustment required). To do this, you must mark the option Allow marking of root certificates as trustworthy in Kleopatra’s settings. After that, every time you import a new root certificate, you will be asked whether you trust it. For more details, see Section 22.7.
130