Re: using certificates in Outlook for encryption

From: Rod Dickerson (rod_at_dickersonbiz.com)
Date: 04/15/05

  • Next message: Tod Beardsley: "Re: Windows XP SP2 update"
    Date: Fri, 15 Apr 2005 14:16:31 -0400
    To: focus-ms@securityfocus.com
    
    

    It seems there are a few things being misunderstood in this thread. Of
    course, I may be one of those misunderstanding, so let me try to
    clarify. You have 2 ways to use certificates with email, including
    Outlook. One is to encrypt, the other is to sign. You (and for
    encryption, the recipient) must have a certificate which includes a
    private and a public key. To encrypt mail to someone else, you must
    have their public key. The message can only be decrypted by using the
    recipient's private key. While this does provide privacy (encryption),
    it does not provide non-repudiation. To achieve non-repudiation, you
    would then digitally sign the encrypted message with your private key.
    The digital signature is a hash (md5, sha1, etc) of the message, and
    the hash is then encrypted using your private key. The message will
    also contain your public key, which can be used to decrypt the hash
    once it is received. The recipient software will then hash the message
    and compare the 2 hashes. If they match, the message has not changed
    and it had to come from you (provided you protect your private key).

    So, to get someone your public key you can send them a signed message.
    Then they can save your public key in their outlook contact list and in
    turn send you an encrypted message. I have found that Outlook doesn't
    always lookup the recipient's public key, but having it in the contact
    list always works. This may be a specific issue with my site, others
    may have had better luck. The is an option is Outlook to publish your
    public key to the GAL, but again I have not had predictable results.
    This is the correct way to do it, so like I said there may be problems
    with my config. Anyway, this is how PKI mail encryption and signatures
    work, if you were interested. Hope this helps. --Rod

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------


  • Next message: Tod Beardsley: "Re: Windows XP SP2 update"

    Relevant Pages

    • RE: PGP scripting...
      ... In addition to being confused about arbitrary asymmetry in RSA cryptography ... Microsoft .NET, for example, defines a private key as inclusive of its ... .NET Framework includes the public key. ... As for encryption speed, encryption transformations with a public key ...
      (SecProg)
    • Re: Separating public and private keys
      ... exchange - identifying yourself to the other party, ... a secure key for symmetric encryption for the session. ... public key, but it's slow, and you have to split messages into short chunks. ... >>Also, if you have the private key, you implicitly (if not ...
      (microsoft.public.platformsdk.security)
    • Re: Encrypted network communication
      ... Bob) communicate over an insecure channel. ... This type of encryption uses a single shared, ... Secret-key encryption algorithms use a single secret key to encrypt and ... unauthorized users and a public key that can be made public to anyone. ...
      (microsoft.public.dotnet.languages.csharp)
    • Re: Code Signing And Hacking
      ... signing is signing and not ... > encryption. ... When you strong name an assembly, a SHA1 hash is created of your ... hash and public key) is refered to as a digital signature of your assembly. ...
      (microsoft.public.dotnet.security)
    • RE: PGP scripting...
      ... cryptosystems, ... In these systems divulging your private key compromises the public ... Here is a quick over view of the public key encryption routines (the ...
      (SecProg)