locked
Why does Outlook 2007 decrypt encrypted emails with a CSP three times? RRS feed

  • Question

  • Why does Outlook 2007 need to decrypt an encrypted email three times to display the plain text?

    Scenario

    I have an encrypted (but not signed) email in the INBOX. I select that email, and the following sequence of CSP API calls are made:

    CPAcquireContext, CPGetUserKey, CPImportKey, CPSetKeyParam, CPGetKeyParam, CPSetKeyParam, CPDestroyKey, CPGetKeyParam

    CPDecrypt

    CPDestroyKey, CPReleaseContext

    I see the message:

    "The encrypted e-mail cannot be displayed in the Reading pane. Open the message to read it."

    So I double click on the encrypted message and see another TWO repetitions of the commands above:

    CPAcquireContext, CPGetUserKey, CPImportKey, CPSetKeyParam, CPGetKeyParam, CPSetKeyParam, CPDestroyKey, CPGetKeyParam, CPDecrypt, CPDestroyKey, CPReleaseContext

    CPAcquireContext, CPGetUserKey, CPImportKey, CPSetKeyParam, CPGetKeyParam, CPSetKeyParam, CPDestroyKey, CPGetKeyParam, CPDecrypt, CPDestroyKey, CPReleaseContext

    And the message plain text is displayed in a new window.

    I can understand a duplication for the reading pane, but three times in total is too many. This is wasteful of CPU cycles, not too mention disruptive of the CSP's logic to authorize access to the private key.

    So my questions are: Has anyone seen this before? Will it get fixed in the next Office version?

     

    Additional information:

    -- This is using my own CSP implementation.

    -- I don't see the double decryption when the email is both signed and encrypted.

    -- I don't see the double decryption when using "Windows Live Email".

    -- Running on Windows XP, Outlook 2007 ( 12.0.6557.5001) SP2 MSO

    Tuesday, August 23, 2011 1:21 PM