From: Matt Parkins (mattthe-parkins.co.uk)
Date: Fri Apr 15 2005 - 10:43:45 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Easy:

 - Open the e-mail, right click on the user, select 'add to contacts'
(update the contact's details if the contact already exists)

 - Go to contacts and open the contact, go to the certificate tab the
contact's public key(s) should be listed right there.

Matt Parkins
Senior Programmer

-----Original Message-----
From: Andrew Sciberras [mailto:andrewsciberrasgmail.com]
Sent: 14 April 2005 23:13
To: Stegman, William
Cc: focus-mssecurityfocus.com
Subject: Re: using certificates in Outlook for encryption

Hi,

Encrypting an email is (in very simple terms) the act of you encrypting the
message with someone else's public key, thus ensuring that the only person
that can read it is the owner of the private key. This should only
correspond to 1 entity, your recipient.

Generally, outlook will obtain public keys of other people from their
certificate. So, once you store another's persons certificate within your
store (generally from an email that they've sent you) you will then possess
all of the technical pieces of information to send them an encrypted
message.

What might be failing is policy related checking... Possibly:
 * Does the recipient's certificate contain an email address that matches
(exactly) the email address that you are using in your email to them?
 * Does the recipient's certificate contain a keyUsage or extendedKeyUsage
field? And if so, does this usage include the digital signature choice?
 * Does your system trust the CA certificate that issued the Certificate?
(Im assuming it does)

I would really be looking out for the matches in email addresses first.

Andrew Sciberras
eB2Bcom

Stegman, William wrote:

>I have an enterprise PKI setup in our win2k active dir domain, and have
been issuing user certificates for authentication, efs, and email
encryption. I've got wireless working fine with the certs, and signing
messages from outlook works ok too, but when trying to encrypt the messages
for others to view, I'm missing something. Everything I keep reading only
brushes over the fact that you can send your public key in an email message
to your intended recipient so he/she can later read your encrypted messages,
but once I receive that public key through a singed email, there's nothing I
can really do with it as far as I can tell. The messages are being sent to
users who have obtained private keys from the same source, the AD enterprise
CA. I've posted some notes on MS's community newsgroups, but no bites. The
outlook clients range from 2000 to 2003, I've got the certificates
configured in outlook's security tab, I think I'm just missing the public
key part......
>
>Thank you,
>
>William Stegman - Network Administrator TransCore - Hummelstown
>Phone: 717-561-5931
>Fax: 717-564-8439
>william.stegmantranscore.com
>
>
>---------------------------------------------------------------------------
>---------------------------------------------------------------------------
>
>

---------------------------------------------------------------------------
---------------------------------------------------------------------------

• application/x-pkcs7-signature attachment: smime.p7s

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]