p≡p for Outlook Advanced Settings¶
p≡p for Outlook has a number of settings that can be changed. Most of these can be changed in the user interface as documented in p≡p for Outlook Options. All p≡p for Outlook options (including the ones that can be changed in the user interface), can be changed through the registry as well.
p≡p for Outlook saves options and configurations as strings in the registry located at HKEY_CURRENT_USER\Software\pEp\Outlook\
Note that during startup, p≡p for Outlook will not create any keys/values in the registry. It will however use whatever is existing in the registry, with the fallback being internal defaults. Registry keys/values are created when the application is closed or when the ‘OK’ button in p≡p options is clicked (saving changes). Do not change registry options while p≡p for Outlook is running (close Outlook before making changes).
The following configurations/options are available (arranged alphabetically):
All registry settings of p≡p are in:
Following options are available (Registry Name / Default value / Description):
- Default: N/A. Contains a list of all accounts known by p≡p with their corresponding account settings. The “AccountSettingsList” list is dividing into sub-keys, with the key name being the primary SMTP address of the account. Within these specific account keys are the account settings, which are described in the next section.
- Default: firstname.lastname@example.org. Crash reports are sent to the specified address.
- Default: empty. All outgoing messages are additionally encrypted with the keys defined in extra keys. All incoming messages are re-encrypted with the defined keys. Each key is identified by its 40-digit fingerprint. Multiple keys can be specified by entering multiple fingerprints delimited by commas ‘,’. Refer to Extra Keys for more details.
- Default: True. Whether to download and install updates automatically.
- Default: True. Whether to display the crash report to the user before sending. If this is set to False (crash report not visible) the report will automatically be sent every time.
- Default: False. Enables developer mode and associated UI.
- Default: False. If True, emails of all accounts will be stored encrypted on the server.
- Default: True. Shows if the p≡p for Outlook add-in has been successfully run previously. The data itself does not matter and only the existence of this value in the registry will determine if p≡p for Outlook has already run previously. This value is cleared at each installation automatically.
- Default: False. If True, p≡p will lookup keys on PGP key server - hkp://keys.gnupg.net.
- Default: False. Whether the ribbon button to send an email with the ‘Store Protected’ flag is visible.
- Default: False. If True, p≡p doesn’t attach a public key to a message unless it received a public key from the communication partner.
- Default: False. If True, the pEp.pst folder, which contains decrypted messages, will be shown in Outlook.
- Default: False. If True, the Privacy Status is also displayed on the bottom of the message.
- Default: True. Whether the reader splash screen will be shown each time p≡p for Outlook starts. This will only be used in reader mode and otherwise will be ignored.
- Default: False. Whether to display a warning message before sending an email if the message will be sent unsecurely although it was previously secure. This is primarily for forwarding/replying-to emails that are received secure but may no longer be secure because you changed recipients.
- Default: False. If True, the subject will not be encrypted for messages to OpenPGP recipients. If False, the subject is encrypted.
- Default: False. If True, p≡p will log more details. The support may ask you to enabled this, in case of problems.
- Default: en. The Trustwords language (as an ISO 639-1 two-letter code) for display in the UI. Trustwords language can still be overridden in the advanced handshake dialog on a per case basis.
The account settings list contains a list of accounts known by p≡p along with their settings. This list is located at CurrentUser -> Software -> pEp -> Outlook -> AccountSettingsList : HKEY_CURRENT_USER\Software\pEp\Outlook\AccountSettingsList\
The following configurations/options for accounts are available (arranged alphabetically):
- Default: 0 (No disclaimer). Whether to add a disclaimer to outgoing mails for this account. Value can be a string value of “0” (No disclaimer - default setting), “1” (add only to encrypted messages) and “2” (add to all messages). 0 = Disabled (More details about Disclaimers, see Disclaimer)
- The text of the disclaimer to add to outgoing mails for this account. Will only be applied if AddDisclaimer is set to “1” or “2”.
- Default: True. Possibility to turn on/off decryption by default. True = Yes
- Default: True. Whether p≡p processing is enabled for this account. When disabled, p≡p will not be visible or do any processing (including decrypting) in the background. True = Yes
- Default: False. Whether all data on the account will be stored securely (encrypted). This will never decrypt the data on the mail server. False = Yes
- Default: True. Whether p≡p data (private keys) should be automatically synchronized between your devices. True = Yes
- Default: empty. Stores the EntryID of the p≡p created sent folder. This is only used when Outlook cannot identify a default sent folder. <empty> = No
- Default: N/A. The primary SMTP address of the account. This along with type is used to identify an account. N/A = No
- Default: N/A. The outlook defined account type OlAccountType Enumeration MSDN. This along with SMTP address is used to identify an account. N/A = No
Disclaimers are often added by the mail server to the bottom of the message (e.g. https://technet.microsoft.com/en-us/library/dn600323(v=exchg.150).aspx in Office 365). For encrypted and signed emails this is causing issues, because the disclaimer cannot just be added to the encrypted & signed part of the message by the mail server.
There are the following three possibilities to add disclaimers to the messages in p≡p directly.
- feature switched off - no disclaimers are added to the end of emails.
- feature switched on for encrypted emails - add disclaimer only to the end of encrypted emails (unencrypted emails won’t contain disclaimer)
- feature switched on for all emails - disclaimer will be added to all emails (encrypted and also unencrypted)
These options are accessible only through registry and are fully optional.
Following registry values have to be set manually for each account that needs to have a disclaimer attached to its outgoing mails. Values are in HKCU\Software\pEp\Outlook\AccountSettingsList\[smtp_address]
AddDisclaimer: Whether to add a disclaimer to outgoing mails for this account. Value can be a string value of “0” (No disclaimer - default setting), “1” (add only to encrypted messages) and “2” (add to all messages). DisclaimerText: The text of the disclaimer to add to outgoing mails for this account. Will only be applied if AddDisclaimer is set to “1” or “2”.
Search on unstrusted server¶
Searching encrypted messages would be very slow (because each message in the search scope would have to be decrypted during the search). Therefore, p≡p stores an unencrypted copy of the message in the local pEp.pst.
In order to make Outlook search the additional pEp.pst, the search scope has to be adjusted to all mailboxes. Therefore, p≡p for Outlook sets the DefaultSearchScope to 1 (all mailboxes) during the installation and startup, if no previous value has been set. If there is already a value, p≡p will not make any changes.
- These are the available options of the DefaultSearchScope:
- 0 => Default behavior
- 1 => Search in all mailboxes
- 2 => Search in current folder
- 3 => Search in current mailbox
This value is stored in HKCU\SOFTWARE\Microsoft\Office[version_no]\Outlook\Search
There is a small caveat right after installation and during the first startup: the selection “Search in all mailboxes” isn’t reflected in the quick search field until the users switches to another folder (or restarts the app). From this point on, the selection is persistent.
p≡p for Outlook is currently packaged in an .msi (Microsoft/Windows Installer) using the WIX Toolset. In general, the installer will complete the following actions automatically:
- Extract all files to their folders (see Storage Locations)
- Register COM components
- Add registry entries for Outlook integration
- Register the program in Microsoft Add/Remove Program entries
In order to do this successfully, the installer needs local administrator privileges on the machine. This is automatically requested during the installation process.
During setup, the .msi takes some additional steps that may require advanced user interaction. This is primarily when determining when to overwrite an existing Gpg4win installation.
As p≡p for Outlook depends on Gpg4win, any existing Gpg4win installation will be detected and used by p≡p for Outlook as long as it isn’t out of date. If an older Gpg4win version is detected, p≡p for Outlook asks the user whether they wish to overwrite their current Gpg4win installation.
If they choose to do so, a backup of their current Gpg4win configuration will be stored in
C:\Users\<user_name>\AppData\Local\GNU\GnuPG\share. If the user declines, p≡p for Outlook will try to use the current Gpg4win installation.
This is not recommended and might result in incompatibilities.
If Gpg4win is not installed yet, p≡p for Outlook will install Gpg4win to the following path:
C:\Program Files (x86)\GNU\GnuPG
p≡p for Outlook can also be installed in silent mode. Simply run following command in the console with administration rights:
msiexec /qn /i C:\pEp_for_Outlook.msi /l C:\pEp_install.log
Import existing private key¶
You can use your existing private key. After the p≡p installation, but before you start Outlook, do the following:
Step 1: Open GPA by clicking Start -> Gpg4win -> GPA
Step 2: In GPA, select Windows -> Keyring Manager
Step 3: Select Keys -> Import Keys…
Step 4: Select your existing private key and click Open.
Step 5: Set the “Owner Trust” for the imported key to “Ultimate”
Repeat Steps 3 to 5 for each key you want to import. Once finished, close the Keyring Manager and GPA. That’s it. p≡p will now use the imported keys.
p≡p for Outlook has three main locations where files are stored after installation. These locations are:
C:\ProgramData\pEp : Currently, this location only stores the ‘system.db’ file. The system.db file is used by the engine and contains databases for localized phrases, trustword database, etc. This database does not change during program execution and is intended to be shared by all instances of the p≡p engine.
C:\Users\<user>\AppData\Local\pEp : This contains files that change during execution of the program. Files located here include:
log.txt : These files contain the logged text generated during the current or last run of p≡p for Outlook. This file is being archived to a file “log_yyyyMMddHHmmss.txt” in one of two circumstances: a) Outlook is shut down b) The log file reaches 20000 lines. Additionally, we only maintain max. 10 files of type “log_yyyyMMddHHmmss.txt”. Every time, an eleventh file is added, the oldest of those files is being deleted.
management.db : This file contains the database of all identities known by the p≡p engine, their corresponding keys, and user trust. It is unique for each instance/user of p≡p for Outlook.
pEp.db : SQLite database, which contains information about forcefully protected messages as well as p≡p ratings that have been calculated in p≡p for Outlook. Those ratings are used to be displayed provisionally in the UI until we get the actual calculated rating.
pEp.pst : This file is a personal Outlook storage file created by p≡p for Outlook and used to store unencrypted mail items. This is necessary for untrusted servers where the encrypted mail item is never decrypted to the default Outlook store.
C:\Program Files (x86)\pEp for Outlook This is the main installation directory for p≡p for Outlook and contains the executables and dependencies.
C:\Users\<user>\AppData\Roaming\gnupg : This directory is used by GNUpg to store all the public and private keys.
p≡p will install Gpg4Win or update it as required. The installation directory is
C:\Program Files (x86)\GNU\GnuPG. If an older version of Gpg4win is found, p≡p replaces the older version and stores a backup of the old config files to
C:\Users\<user_name>\AppData\Local\GNU\GnuPG\share. For more information please see Advanced Installation.
There are three major components of p≡p for Outlook.
- p≡p Engine
- COM Server Adapter
- p≡p for Outlook
The p≡p Engine is the main component that implements all the cryptographic and messaging functions that are used by all implementations of p≡p. It’s here that functions such as decrypt and encrypt exist. The COM Server Adapter connects p≡p for Outlook with p≡p Engine. p≡p for Outlook is the implementation of p≡p that integrates with Microsoft Outlook as an add-on. p≡p for Outlook currently uses the standard Outlook API for add-ons.