Endpoint Encryption

Expand all | Collapse all

MAPI Proxy: Decryption aborted

Migration User07-05-2011 01:34 PM

Migration User09-21-2011 11:19 AM

Migration User11-18-2011 07:07 AM

  • 1.  MAPI Proxy: Decryption aborted

    Broadcom Employee
    Posted 07-04-2011 03:00 PM

     

    My PC is running PGP Desktop 10.1.1. The server uses the latest Microsoft Exchange.

     

    My private key and my public key are on the keyring. My public key has been correctly uploaded to the PGP Global Directory.

    The person with whom I want to exchange secure e-mails has given me his public key. I have imported it on the keyring, and signed. The other person has also imported my public key.

    I can send signed and encrypted e-mails to him. That means I have got my private key (since I can sign) and his public key (since I can encrypt to him). He receives encrypted e-mails from me and can decrypt them properly.

    He can send me encrypted e-mails (since he has got my public key).

    However, when I receive his encrypted e-mails, PGP does not decrypt it. According to PGP log: ”MAPI Proxy: Decryption aborted”.

    Now, I have gone through all the discussions in PGP forums. Whatever was available on the Internet. It is not the typical PGP/MIME problem. His key and my key are properly set to ”PGP/MIME” encoding. It must be something else. Can it be that he is NOT encrypting to my public key? Perhaps somebody from PGP could send me an encrypted e-mail using my public key from the PGP Global Directory, as a test? Just to check if the problem is at my end.

    When I try to open his message by PGP Viewer I get the following error message: "Error: missing one or more decryption keys"

    Any ideas what the problem is?

    Daimars Skutans



  • 2.  RE: MAPI Proxy: Decryption aborted

    Broadcom Employee
    Posted 07-04-2011 06:19 PM

    I'm not finding anything helpful for you with this.  However, be aware that Microsoft Exchange and Office software more recent than version 2007 is not yet supported, and your difficulty may be the result of this current incompatibility.



  • 3.  RE: MAPI Proxy: Decryption aborted

    Broadcom Employee
    Posted 07-05-2011 01:47 AM

    I'm running Microsoft Outlook 2003 on my PC, but the server uses Microsoft Exchange 2010. When I send signed and encrypted test e-mail messages to myself, the messages are read and decrypted properly. Is there no possibility to receive some encrypted e-mail message from PGP to see if there is the same problem with decryption? 

    Many thanks,

    Daimars Skutans

    daimars.skutans@spilbridge.com



  • 4.  RE: MAPI Proxy: Decryption aborted

    Broadcom Employee
    Posted 07-05-2011 01:34 PM

    I just sent an encrypted message.



  • 5.  RE: MAPI Proxy: Decryption aborted

    Broadcom Employee
    Posted 09-21-2011 11:19 AM

    Was it successful?



  • 6.  RE: MAPI Proxy: Decryption aborted

    Broadcom Employee
    Posted 11-18-2011 06:59 AM

    I am having the same problem.  We run MS Exchange 2010, Outlook 2007.

    I see the problem from multiple senders attempting to PGP encrypt emails to me.  They have all imported my public key into their local keyring.  The same key is on their organisation's keyserver - I uploaded it myself, and have checked it several times.   When they send me an email marked for PGP encryption, it only occasionally works.  Same public key available to all, same sending organisation, same recipient.  Several senders have the same problem.

    Assume for this example that someone has sent me one that is successfully decrypted in Outlook at my end.  They then send me another, sometimes 2-3 minutes later, it can't be decrypted.  The error in the log is as reported above - "MAPI Proxy: Decryption aborted".  When I try to open the pgp attachment from the email in the PGP Desktop Viewer, it reports that the email was encrypted to two unknown keys and that I have no private keys available to decrypt it.

    At other times, I receive an encrypted message, it is successfully decrypted in Outlook (using the MAPI plugins, presumably), I then reply to the sender.  It is successfully encrypted and they can read it.  But if they then reply to my email again, 9 times out of 10, I can't read it.  It can't be decrypted due to exactly the same error as that reported above.

    Additional data logged in the verbose PGP log during such decryption failures (the items in square brackets I have replaced for privacy reasons):

    17:45:59 Email      Verbose    Looking for account data for mail server EMAIL; Account ID /o=[my company]/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=[my name]; user [my username]; and address [my email address]

    17:45:59 Email      Verbose        Existing entry is [my email address]

     

    This problem is hugely frustrating as I use the tool all the time to communicate securely with an external organisation.

    Any ideas?



  • 7.  RE: MAPI Proxy: Decryption aborted

    Broadcom Employee
    Posted 11-18-2011 07:07 AM

    What PGP version are you using?



  • 8.  RE: MAPI Proxy: Decryption aborted

    Broadcom Employee
    Posted 11-18-2011 08:43 AM

    Sorry, I should have said.

    PGP Desktop 10.2.0 [Build 1672] (PGP SDK 4.2.0)



  • 9.  RE: MAPI Proxy: Decryption aborted

    Broadcom Employee
    Posted 11-18-2011 09:14 AM

    Does this Knowledge Base Article apply to your setting?



  • 10.  RE: MAPI Proxy: Decryption aborted

    Broadcom Employee
    Posted 11-18-2011 09:27 AM

    Please also right click on your key in PGP Desktop, select Key Properties, and make sure Encoding is set to PGP/MIME.  I'd also suggest making sure People Pane is disabled in Outlook.



  • 11.  RE: MAPI Proxy: Decryption aborted

    Broadcom Employee
    Posted 11-22-2011 08:55 AM

    I looked at the Knowledge Base Article that you pointed me to.  I don't yet see how this would fix my problem.

    The second point (about having MS Exchange components installed locally) is not true anyway.

    The first point will turn off my ability to use PST files, which I do extensively.

    I don't understand why turning off PST file use will fix this problem...plus it's intermittent.  So I am loath to install a hotfix or change registry settings unless it is clearly the solution.

    I don't have People Pane enabled either.

    What about other things like mixing Mail Sensitivity options (Normal/Confidential) on the Message Options page with the Encrypt button (MAPI dll?)?



  • 12.  RE: MAPI Proxy: Decryption aborted

    Broadcom Employee
    Posted 11-22-2011 09:46 AM

    Also, I now know that the remote PGP version in use is 9.12, if that helps at all.

    And I have my public key in both a corporate keyserver at the remote end and in the local keyring of the senders.  Perhaps a sync issue between the two, or some other difference?  The reported Key IDs are the same in both, however.

    And when I try to open the .pgp file in PGP Viewer, the error says the object was encrypted to two unknown keys.  Not sure why TWO keys are unknown and not ONE (i.e. mine), and also if there is a method to find out which Key IDs it thinks are "unknown" - these are not logged.



  • 13.  RE: MAPI Proxy: Decryption aborted

    Broadcom Employee
    Posted 11-22-2011 10:30 AM

    In some dialogs, you can click on the unknown keys message with the result of it then showing the key ID's - this might possibly work for you.  I'm also wondering about the need to synch the keys.  When in a PGP managed environment, it may be possible for the keys to be updated, such as with new encryption subkeys, that are not included in the key of the local desktop's keyring.  If this is a PGP Universal managed environment, you may want to consider starting a new topic for this in that forum.



  • 14.  RE: MAPI Proxy: Decryption aborted

    Broadcom Employee
    Posted 11-22-2011 11:45 AM

    At my end, it's certainly not a PGP Universal managed environment.  We were asked, as suppliers to the organisation, to upload our public keys to their keyserver.  This is so that any employee can encrypt emails to me if required, but most of the ones I engage with regularly have their own local keyring.

    I have asked them to delete my key from the keyserver to see if it works consistently using only local keyrings.

    If I double click the pop-up in PGP Viewer, it attempts to connect to the corporate keyserver and / or the PGP Global Directory. I noticed that this latter keyserver cannot be removed in the keyservers dialog box.  What is the function at work here?  Is it that if a local copy of one of the public keys cannot be found then it looks in the keyservers?  I don't quite get what it's trying to do.



  • 15.  RE: MAPI Proxy: Decryption aborted

    Broadcom Employee
    Posted 11-22-2011 12:21 PM

    I can think of two possible reasons for checking the servers.  The first is that PGP may be trying to identify what key it is encrypted to.  The second is that if the file is signed, it may be looking for the public key needed to verify the signature.  I suspect that on the Keys tab of PGP Options, that you have Automatically Look Up Keys When Verifying Signatures enabled.



  • 16.  RE: MAPI Proxy: Decryption aborted

    Broadcom Employee
    Posted 12-05-2011 09:02 AM

    We managed to fix this issue but it's not yet clear what was going wrong.

    At the remote end, the organisation I was communicating with had two different PGP public keys for me in two different Universal Servers.  Deleting one of them fixed the issue.  However, what hasn't been identified yet is why an email from the same person using the same method to classify and send the email to me would sometimes pick one key (that worked), sometimes pick the other key (that didn't) and sometimes pick both.



  • 17.  RE: MAPI Proxy: Decryption aborted

    Broadcom Employee
    Posted 12-05-2011 09:19 AM

    I can only guess what may be happening at the other end, but it sounds like a problem of them not having their servers synched, and that it is rather random as to which server the user first accesses in the search for your key.