3

We're trying to decrypt emails obtained via the Graph API. Since the Graph API only returns MIME messages and not MSGs, we can't decrypt the messages directly and are now looking for a method to decrypt the RPMSG attachment from the MIME message.

The documentation here says that the MIP SDK can unprotect RPMSG files.

However, when we try to do that with the Java wrapper using this code:

FileHandlerObserver observer = new FileHandlerObserver();
Future<IFileHandler> handlerFuture = fileEngine.createFileHandlerAsync(FILEPATH, FILEPATH, true, observer, null);

We get the following error:

java.util.concurrent.ExecutionException: com.microsoft.informationprotection.internal.gen.Error: ServiceDisabledError: RMS service is disabled for this tenant., CorrelationId=dd593faf-7b78-4aab-9ce5-0c0dc70a9744, CorrelationId.Description=FileEngine, HttpRequest.Id=374e9554-6a4e-4a3f-9487-9338c7093abc;20b1c623-dac9-4810-8a8a-50218028a111, ServiceDisabledError.Extent=Tenant
  at java.base/java.util.concurrent.CompletableFuture.reportGet(CompletableFuture.java:395)
  at java.base/java.util.concurrent.CompletableFuture.get(CompletableFuture.java:1999)
  ...
Caused by: com.microsoft.informationprotection.internal.gen.Error: ServiceDisabledError: RMS service is disabled for this tenant., CorrelationId=dd593faf-7b78-4aab-9ce5-0c0dc70a9744, CorrelationId.Description=FileEngine, HttpRequest.Id=374e9554-6a4e-4a3f-9487-9338c7093abc;20b1c623-dac9-4810-8a8a-50218028a111, ServiceDisabledError.Extent=Tenant
  at com.microsoft.informationprotection.internal.gen.SdkWrapperJNI.SwigDirector_FileHandler_Observer_OnCreateFileHandlerFailure(SdkWrapperJNI.java:1964)

We tried following the instructions to activate the service via Admin Center but this seems to be no longer supported.
Also, the instructions on activating the service via PowerShell result in a message saying that the service is already enabled.

What can we do to decrypt RPMSG files with the MIP SDK Java wrapper?

Adrian Diemer
  • 95
  • 9

1 Answers1

0

You'd have to verify that you own the item you're trying to decrypt. You won't be able to decrypt content owned by another tenant. That error makes me think that some other tenant might own it. The other possibility is a missing feature flag (see below).

It's worth noting that the SDK doesn't support decryption of message.rpmsg into a useful file format. It'll output only streams of data by using the IFileHandler.Inspect() APIs; the message body and attachments. If you require a usable file as an output, you'd need to convert the EML file to MSG, then remove protection.

The enable parsing of MSG and message.rpmsg files, you'll need to set a feature flag. Unfortunately, that override to enable the feature doesn't look to be supported in the 1.9 preview. It's in the 1.10 preview version, which I expect to release within the next week.

Tom Moser
  • 748
  • 3
  • 5
  • Thank you for your response. The tenant is definitely correct. We're even using the user that sent the mail. Could you tell me more about that flag you're adding in the next version? How is it called? How do we use it? Also, do you have a recommendation for a Java library to convert EML files to MSGs that supports MIP protected mails? Does it require special handling? – Adrian Diemer Aug 19 '21 at 08:38
  • There was a misunderstanding on my part with the change. The previous behavior of setting the flag to process MSG files is still there. https://github.com/MicrosoftDocs/Azure-RMSDocs/blob/master/mip/develop/quick-email-msg-csharp.md#set-enable_msg_file_type-and-use-file-sdk-for-protecting-msg-file I know that Aspose offers a library that can perform the EML to MSG conversion, and vice versa. I have only briefly tested it in .NET and it seemed to work well. – Tom Moser Aug 27 '21 at 16:37
  • Ok, thank you for the update! However, we've already been using this flag and have tried inspecting RPMSG files with and without setting it. But the problem still persists. Do you have any other pointers on what settings we might have to change? This would be a way simpler solution than having to convert an EML file to an MSG file before having the MIP SDK remove the protection and finally extracting the content from the MSG. – Adrian Diemer Sep 01 '21 at 11:59
  • Hi @TomMoser, do you have any updates on the RPMSG inspection? – Adrian Diemer Dec 22 '21 at 07:51