Re: using certificates in Outlook for encryption

From: Andrew Sciberras (
Date: 04/15/05

  • Next message: Adrian Floarea: "RE: using certificates in Outlook for encryption"
    Date: Fri, 15 Apr 2005 08:12:48 +1000
    To: "Stegman, William" <>


    Encrypting an email is (in very simple terms) the act of you encrypting
    the message with someone else's public key, thus ensuring that the only
    person that can read it is the owner of the private key. This should
    only correspond to 1 entity, your recipient.

    Generally, outlook will obtain public keys of other people from their
    certificate. So, once you store another's persons certificate within
    your store (generally from an email that they've sent you) you will then
    possess all of the technical pieces of information to send them an
    encrypted message.

    What might be failing is policy related checking... Possibly:
     * Does the recipient's certificate contain an email address that
    matches (exactly) the email address that you are using in your email to
     * Does the recipient's certificate contain a keyUsage or
    extendedKeyUsage field? And if so, does this usage include the digital
    signature choice?
     * Does your system trust the CA certificate that issued the
    Certificate? (Im assuming it does)

    I would really be looking out for the matches in email addresses first.

    Andrew Sciberras

    Stegman, William wrote:

    >I have an enterprise PKI setup in our win2k active dir domain, and have been issuing user certificates for authentication, efs, and email encryption. I've got wireless working fine with the certs, and signing messages from outlook works ok too, but when trying to encrypt the messages for others to view, I'm missing something. Everything I keep reading only brushes over the fact that you can send your public key in an email message to your intended recipient so he/she can later read your encrypted messages, but once I receive that public key through a singed email, there's nothing I can really do with it as far as I can tell. The messages are being sent to users who have obtained private keys from the same source, the AD enterprise CA. I've posted some notes on MS's community newsgroups, but no bites. The outlook clients range from 2000 to 2003, I've got the certificates configured in outlook's security tab, I think I'm just missing the public key part......
    >Thank you,
    >William Stegman - Network Administrator
    >TransCore - Hummelstown
    >Phone: 717-561-5931
    >Fax: 717-564-8439


  • Next message: Adrian Floarea: "RE: using certificates in Outlook for encryption"

    Relevant Pages

    • RE: using certificates in Outlook for encryption
      ... they don't know what a public key is from a head gasket. ... > - Go to contacts and open the contact, go to the certificate ... > Encrypting an email is the act of you ... outlook will obtain public keys of other people ...
    • Re: EFS - encrypt data on a remote server
      ... public key, but this file is blocked by this network ... >encrypting via a share are quite different. ... profile's certificate to ... >That different fingerprint that you're seeing is the FEK ...
    • Re: TLS-certificates and interoperability-issues sendmail / Exchange / postfix ..
      ... > to assert that certificate validation doesn't happen, ... this trusted public key store contains public keys of that the ... signed by the CA. this digital certificate is returned to the "key ...
    • Re: What is a Certificate?
      ... what exactly is a certificate? ... > I've read that it is a private key / public key pair. ... register public keys of something called "certification authorities" ... An example is the SSL domain name digital certificate scenario. ...
    • Re: Public Encryption Key
      ... encrypt the message with the recipient's public key (or ... the two can be combined by: first do a digital signature of the ... certificate, certifying the validity of the assertion (ex: ...