RE: using certificates in Outlook for encryption

From: Adrian Floarea (adrian.floarea_at_uti.ro)
Date: 04/15/05

  • Next message: Glenn Pearl: "RE: using certificates in Outlook for encryption"
    To: "'Stegman, William'" <Bill.Stegman@transcore.com>, <focus-ms@securityfocus.com>
    Date: Fri, 15 Apr 2005 12:12:45 +0300
    
    

    If you use an AD with PKI schema is not necessary to send an email with
    public key, if you have all the certificates in AD. Outlook knows to work
    with certificates from AD using GAL. Anyway, if a user receipt an encrypted
    email, he must also have certificate for encrypt email installed in his
    system and Outlook and the private key associated with this. A very
    important aspect is that the encryption certificate must installed
    correctly, in order to permit Outlook have a reference to private key.

    If you have the certificate in PKCS#12 file, it must be installed in
    Certificates/Current User/Personal. Also if the user has this certificate on
    a smart card, it must use one of tools for this card to install certificates
    in system in the same store. Generally, this work is done automatically by
    the soft of the smart card.

    And another important issue is that the certificate must have all the path
    (certificate of issuer, of root etc) valid installed in AD schema or on
    locall computer. Outlook generally don't use certificates which can't
    validate them.

    And finally is not necessary to send your public key to intended recipient.
    It is necessary only in the case if you want that recipient sometime want to
    send you an encrypted email.

    Regards,

    Adrian Floarea
    Information Security Department
    IT&C Division, UTI Systems SA
    Bucharest, Romania
    Email: adrian.floarea@uti.ro

    -----Original Message-----
    From: Stegman, William [mailto:Bill.Stegman@transcore.com]
    Sent: Thursday, April 14, 2005 5:53 PM
    To: focus-ms@securityfocus.com
    Subject: using certificates in Outlook for encryption

    I have an enterprise PKI setup in our win2k active dir domain, and have been
    issuing user certificates for authentication, efs, and email encryption. 
    I've got wireless working fine with the certs, and signing messages from
    outlook works ok too, but when trying to encrypt the messages for others to
    view, I'm missing something.  Everything I keep reading only brushes over
    the fact that you can send your public key in an email message to your
    intended recipient so he/she can later read your encrypted messages, but
    once I receive that public key through a singed email, there's nothing I can
    really do with it as far as I can tell.  The messages are being sent to
    users who have obtained private keys from the same source, the AD enterprise
    CA.  I've posted some notes on MS's community newsgroups, but no bites.  The
    outlook clients range from 2000 to 2003, I've got the certificates
    configured in outlook's security tab, I think I'm just missing the public
    key part......
     
    Thank you,
     
    William Stegman - Network Administrator
    TransCore - Hummelstown
    Phone: 717-561-5931
    Fax: 717-564-8439
    william.stegman@transcore.com
     

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------


  • Next message: Glenn Pearl: "RE: using certificates in Outlook for encryption"

    Relevant Pages

    • Re: PKI: the end
      ... The end of SSL, X.509 certificates, digital signature ... PKI is a business process that makes use of asymmetric key ... use of the "private key" are met, then a relying party may infer from ... use of the registered public key to verify a digital signature. ...
      (sci.crypt)
    • Re: General PKI Question
      ... > encrypt the message with the intended recipient's public key. ... digital signature authentication ... Certificates were somewhat the "letters of credit" analogy (from the ...
      (microsoft.public.security)
    • RE: using certificates in Outlook for encryption
      ... Outlook XP. ... go the Certificates tab and click Import. ... both encrypt with their pub key and sign with your private. ... > over the fact that you can send your public key in an email message to ...
      (Focus-Microsoft)
    • Re: Active Directory Questions
      ... Regarding the encryption question, you will need certificates. ... The obvious choice is MS's own CA and deployment stuff which I know ... > Windows encryption stuff but does plug into Outlook. ...
      (microsoft.public.platformsdk.security)
    • RE: using certificates in Outlook for encryption
      ... using certificates in Outlook for encryption ... And finally is not necessary to send your public key to intended recipient. ...
      (Focus-Microsoft)