https://bugs.kde.org/show_bug.cgi?id=501820
Bug ID: 501820
Summary: Missing digital signature for GPGOL Outlook Add-in in
GPG4Win 4.4.0
Classification: Applications
Product: kleopatra
Version: gpg4win 4.4.0
Platform: Other
OS: Microsoft Windows
Status: REPORTED
Severity: normal
Priority: NOR
Component: general
Assignee: kloec...@kde.org
Reporter: jens.schm...@zhv.rwth-aachen.de
CC: aheine...@gnupg.org, kdepim-b...@kde.org, m...@kde.org
Target Milestone: ---
SUMMARY
We have upgraded approximately 80 clients with GPG4win from version 4.3.1 to
4.4.0, and the Outlook add-in doesn’t work anymore because the new version
4.4.0 uses an unsigned "gpgol.dll" for the Outlook add-in. In version 4.3.1,
the "gpgol.dll" is still signed. This issue impacts us because we need to
configure our Office 365 according to the BSI (GER: „Bundesamt für Sicherheit
in der IT“, EN: „Federal Office for IT Security”) standards for Office
products. The Federal Office for IT Security regulations state that no unsigned
add-ins or macros can be executed.
STEPS TO REPRODUCE
Addin File:
1. "C:\Program Files\Gpg4win\bin\gpgol.dll"
2. "Properties" > "Digitial Signatures" tab is missing.
Outlook Setup:
1. Open "Option" > "Trust Center" > "Trust Center Settings" > "Macro Settings"
2. Check Option "Notification for digitally signed macros, all other macros
disabled
3. Check Option "Apply macro security setting to installed add-ins"
Alternative Approach (Registry Editor) -> we use GPO's
HKEY_CURRENT_USER\Software\Policies\Microsoft\office\16.0\outlook\security
(DWORD) LEVEL = 3
(DWORD) donttrustinstalledfiles = 1
SOFTWARE/OS VERSIONS
Windows: Wondows 11 Version 2009(x86_64)
Software: GPG4Win 4.4.0
--
You are receiving this mail because:
You are watching all bug changes.
