How to Export Digital Signature from e-mail

K

klafert

I am using Outlook 2003 and I can't receive a message because of a digital
signed message. However, I can get it on my other computer using outlook
express. It will ask me and then let me open the message. I saw an error
message when getting the message from outlook express, but I was also able to
see the certificate which I assume I need to receive the message in Outlook
2003. How can I export that certificate or digital signed ID?
 
B

Brian Tillman [MVP-Outlook]

I am using Outlook 2003 and I can't receive a message because of a digital
signed message.

Do you get some kind of error message? If so, exactly what does it say?
However, I can get it on my other computer using outlook
express. It will ask me and then let me open the message. I saw an error
message when getting the message from outlook express, but I was also able
to
see the certificate which I assume I need to receive the message in Outlook
2003. How can I export that certificate or digital signed ID?

A digital signature on a message should not interfere with your ability to
receive it. The digital signature will simply be an attachment on the
otherwise ordinary message. It contains the sender's public key, which proves
that the message came from the person claiming to have sent it. You can store
the public key on your PC and then use to send the person an encrypted message
that only the recipient can read (although Outlook is peculiar in that it
requires the sender to have a digital signature in order to send an encrypted
message, which just isn't necessary).

Describe your issue in greater detail so we can understand what the problem
is.
 
V

VanguardLH

klafert said:
I am using Outlook 2003 and I can't receive a message because of a digital
signed message. However, I can get it on my other computer using outlook
express. It will ask me and then let me open the message. I saw an error
message when getting the message from outlook express, but I was also able to
see the certificate which I assume I need to receive the message in Outlook
2003. How can I export that certificate or digital signed ID?

The default in Outlook is to not open/preview an e-mail if the digital
certificate used to sign the e-mail cannot be looked up. Outlook will
attempt to connect to the CA (certificate authority) to check if the cert is
active, expired, or revoked (actually it just checks the CRL [cert
revocation list] looking for negative results). If Outlook cannot contact
the CA server then it cannot verify the cert is still valid. Sometimes
users will get an e-mail cert from their own internal (corporate) cert
server but outsiders to that company obviously will have no access to it.

If the e-mail has been altered during transmission (i.e., after the source
e-mail client has calculated a hash for the message as it existed when
composed), your e-mail client may warn that the e-mail has been altered.
Alteration can be caused by anti-virus programs, especially when boobs
configure it to append a "This e-mail is okay. Trust me." message onto
outgoing e-mails (yeah, like anyone is going to believe an e-mail is okay
because it says so). Another cause is using a freebie e-mail provider, like
Yahoo, that appends their spam promotional signature onto all outbound
e-mails that go through their free service. Something got altered in the
content of the e-mail so the hash doesn't match anymore when recomputed upon
delivery into the recipient's e-mail client.

Outlook WILL receive the digitally signed e-mail. It may not show it to you
if it cannot verify its cert or the message has been corrupted. That
doesn't stop the e-mail getting *received* by Outlook. It also doesn't
prevent you from viewing the message despite Outlook's warning. Just
double-click on the message to open in its own window and answer the prompt
to ignore the warning and open the message anyway. That prompt should have
a Details button that will tell you what is wrong with the cert or the
message.

You save the sender's public key half of their e-mail cert by saving them as
a contact. The cert is recorded in the contact data. When you want to
encrypt an e-mail back to that person, you use their contact record that you
saved so to use their public key to encrypt your e-mail. They then use
their private key that only they have to decrypt your message. Anyone with
their public key can encrypt an e-mail to them. Only they can use their
private key to decrypt that message. You don't need their cert if you
aren't encrypting an e-mail to them and just using your own cert to
digitally sign your outbound e-mails.

Outlook Express may not be showing the warning about an invalid cert because
it is configured not to go to the CA to check for revoked certs (Tools ->
Options -> Security -> Advanced). I don't see an equivalent option in
Outlook but then it is a corporate e-mail client where digital signatures
are considered sacrosanct. OE is a personal e-mail client where its users
often don't use or even have certs or bother handling them. To OE users,
and by default, a digitally signed e-mail is no more secure than a
non-signed e-mail because they never validate the certs.

Outlook gets some of its security settings from IE. Internet Options ->
Advanced tab -> Security section -> Check for publisher's certificate
revocation. If you disable that option, I believe Outlook isn't going to
validate the cert used in a digitally signed e-mail. Basically you are
telling Outlook that you don't care about digitally signed e-mails because
you won't check if they are still valid. In that case, perhaps you should
simply ask the sender to stop digitally signing their e-mails that they send
to you because you don't care if their e-mails identify the sender (through
the cert) or if their e-mails have been altered before you got them.
 
K

klafert

The contact was originally typed in so there was no certificate. However, I
since saved the contact and saw the certificate. I received the e-mail but I
had to search to find it and read it. Should I export the Certificate from
the contact. The problem is I received the e-mail but cannot view them
unless I do a search for they contact name and then I can read it. I tells
me I received 1 of 1 message but I can't read the message unless I look for
it. I don't receive any error message.
 
B

Brian Tillman [MVP-Outlook]

The contact was originally typed in so there was no certificate. However, I
since saved the contact and saw the certificate. I received the e-mail but
I
had to search to find it and read it. Should I export the Certificate from
the contact. The problem is I received the e-mail but cannot view them
unless I do a search for they contact name and then I can read it. I tells
me I received 1 of 1 message but I can't read the message unless I look for
it. I don't receive any error message.

Are you saying that when the message arrives, you cannot see it in your Inbox?
Does it appear in Unread Mail?
 
K

klafert

I cant view it unless I search for the e-mail - just notice I not getting
read receipt from peeps- actually I am getting them just can't view them
unless I search for them using the "find" feature.
 
B

Brian Tillman [MVP-Outlook]

I cant view it unless I search for the e-mail - just notice I not getting
read receipt from peeps- actually I am getting them just can't view them
unless I search for them using the "find" feature.

If you find them when you search, in what folder does your search indicate
they are?
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top