Re: using certificates in Outlook for encryption

From: mitm (list_at_mitm.nl)
Date: 04/18/05

  • Next message: Zack Schiel: "RE: Re: using certificates in Outlook for encryption" 
    To: "Steve Bostedor" <Steveb@tshore.com>, <focus-ms@securityfocus.com>
Date: Mon, 18 Apr 2005 21:26:18 +0200

    Hi,

    There are a few products out there which make it relatively easy to send and
    receive your e-mail securely.

    - Izemail (http://www.izecom.com). Really easy to use. s/mime based
    so compatible with most clients

    - Voltage (http://www.voltage.com). Uses a proprietary protocol
    (haven't tried it myself)

    - Securedemail (https://www.securedemail.org). Uses a proprietary
    protocol

    Regards

    MITM

    ----- Original Message -----
    From: "Steve Bostedor" <Steveb@tshore.com>
    To: "Matt Parkins" <matt@the-parkins.co.uk>; <focus-ms@securityfocus.com>
    Sent: Friday, April 15, 2005 22:22
    Subject: RE: using certificates in Outlook for encryption

    > Is it just me or is this all overly complicated for the target audience.
    > I deal with CEO's and upper management personell all of the time and
    > they don't know what a public key is from a head gasket. How is this
    > technology ever supposed to get out of the gate if it's so complicated?
    > (to them, not to me! *cough*)
    >
    > Are there any third party solutions that set this all up for companies
    > and make it very point and click? It should also be compatable so that
    > if someone wanted your public key, it would be easily obtainable by a 75
    > year old grandma from Idaho.
    >
    > Steve Bostedor
    > http://www.vncscan.com
    > VNCScan Enterprise Console
    > No added fat! No preservatives!
    >
    >
    >
    >> -----Original Message-----
    >> From: Matt Parkins [mailto:matt@the-parkins.co.uk]
    >> Sent: Friday, April 15, 2005 11:44 AM
    >> To: focus-ms@securityfocus.com
    >> Subject: RE: using certificates in Outlook for encryption
    >>
    >>
    >> Easy:
    >>
    >> - Open the e-mail, right click on the user, select 'add to
    >> contacts' (update the contact's details if the contact
    >> already exists)
    >>
    >> - Go to contacts and open the contact, go to the certificate
    >> tab the contact's public key(s) should be listed right there.
    >>
    >> Matt Parkins
    >> Senior Programmer
    >>
    >> -----Original Message-----
    >> From: Andrew Sciberras [mailto:andrewsciberras@gmail.com]
    >> Sent: 14 April 2005 23:13
    >> To: Stegman, William
    >> Cc: focus-ms@securityfocus.com
    >> Subject: Re: using certificates in Outlook for encryption
    >>
    >> Hi,
    >>
    >> Encrypting an email is (in very simple terms) the act of you
    >> encrypting the message with someone else's public key, thus
    >> ensuring that the only person that can read it is the owner
    >> of the private key. This should only correspond to 1 entity,
    >> your recipient.
    >>
    >> Generally, outlook will obtain public keys of other people
    >> from their certificate. So, once you store another's persons
    >> certificate within your store (generally from an email that
    >> they've sent you) you will then possess all of the technical
    >> pieces of information to send them an encrypted message.
    >>
    >> What might be failing is policy related checking... Possibly:
    >> * Does the recipient's certificate contain an email address
    >> that matches
    >> (exactly) the email address that you are using in your email to them?
    >> * Does the recipient's certificate contain a keyUsage or
    >> extendedKeyUsage field? And if so, does this usage include
    >> the digital signature choice?
    >> * Does your system trust the CA certificate that issued the
    >> Certificate? (Im assuming it does)
    >>
    >> I would really be looking out for the matches in email
    >> addresses first.
    >>
    >>
    >> Andrew Sciberras
    >> eB2Bcom
    >>
    >> Stegman, William wrote:
    >>
    >> >I have an enterprise PKI setup in our win2k active dir
    >> domain, and have
    >> been issuing user certificates for authentication, efs, and
    >> email encryption. I've got wireless working fine with the
    >> certs, and signing messages from outlook works ok too, but
    >> when trying to encrypt the messages for others to view, I'm
    >> missing something. Everything I keep reading only brushes
    >> over the fact that you can send your public key in an email
    >> message to your intended recipient so he/she can later read
    >> your encrypted messages, but once I receive that public key
    >> through a singed email, there's nothing I can really do with
    >> it as far as I can tell. The messages are being sent to
    >> users who have obtained private keys from the same source,
    >> the AD enterprise CA. I've posted some notes on MS's
    >> community newsgroups, but no bites. The outlook clients
    >> range from 2000 to 2003, I've got the certificates configured
    >> in outlook's security tab, I think I'm just missing the
    >> public key part......
    >> >
    >> >Thank you,
    >> >
    >> >William Stegman - Network Administrator TransCore - Hummelstown
    >> >Phone: 717-561-5931
    >> >Fax: 717-564-8439
    >> >william.stegman@transcore.com
    >> >
    >> >
    >> >-------------------------------------------------------------
    >> ----------
    >> >----
    >> >-------------------------------------------------------------
    >> --------------
    >> >
    >> >
    >>
    >>
    >> --------------------------------------------------------------
    >> -------------
    >> --------------------------------------------------------------
    >> -------------
    >>
    >>
    >
    > ---------------------------------------------------------------------------
    > ---------------------------------------------------------------------------
    >
    >

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------

  • Next message: Zack Schiel: "RE: Re: using certificates in Outlook for encryption"

    Relevant Pages

    • Re: Digital Signatures
      ... using a certificate for each recipient. ... certificate (public key) and the validation chain. ... Encryption and digital signing are most often used by corporations ...
      (microsoft.public.mac.office.entourage)
    • [NT] Flaw in Outlook 2002s Way of Handling V1 Exchange Server Security Certificates Leads To Informa
      ... Beyond Security would like to welcome Tiscali World Online ... Encryption is used to prevent parties other ... Outlook uses public key certificates to facilitate the exchange of the ... there are other certificate options including V1 Exchange Server Security ...
      (Securiteam)
    • RE: using certificates in Outlook for encryption
      ... public key from your certificate. ... In AD schema Outlook knows to take this from there. ... using certificates in Outlook for encryption ...
      (Focus-Microsoft)
    • Re: Encrypted files -- would this work to get them back?
      ... I'm guessing it's there because you use the public key to encrypt your ... it is not very useful in cracking the encryption. ... I still might be able to recover it if it's still there. ... I was able to restore my old certificate and key but I'm stuck ...
      (microsoft.public.windowsxp.security_admin)
    • RE: using certificates in Outlook for encryption
      ... using certificates in Outlook for encryption ... they don't know what a public key is from a head gasket. ... > - Go to contacts and open the contact, go to the certificate ...
      (Focus-Microsoft)