Outlook gives error ""Your digital ID name can not be found by theunderlying security system""

[neelam.gangwani]

I have used CDOSYS/CDOEx to send a digitally signed mail and used
CAPICOM for signing the content. In the outlook client of the
receipient, i have configured the digital certificate of the sender.
The outlook shows the "digitally signed" icon in the inbox to indicate
that the message is signed, but somehow it does not show the contenets
of the message and instead gives the error "Can't open the item.Your
digital ID name can not be found by the underlying security system"

Anyone ever came across this ?
PLease reply ASAP. I have been trying this for quite a while.

 

[Brian Tillman]

I have used CDOSYS/CDOEx to send a digitally signed mail and used
CAPICOM for signing the content. In the outlook client of the
receipient, i have configured the digital certificate of the sender.
The outlook shows the "digitally signed" icon in the inbox to indicate
that the message is signed, but somehow it does not show the contenets
of the message and instead gives the error "Can't open the item.Your
digital ID name can not be found by the underlying security system"

Sounds like it was more than signed; that it was encrypted as well. In
order to send an encrypted message, the recipient must have a digital
certificate and the sender must have used the public key of that certificate
to encrypt the message. If the message wasn't encrypted, where I work we've
found an issue with signed messages that can be mitigated by unchecking the
box labeled "Send clear test signed message when sending signed messages" on
Tools>Options>Security. Don't ask me why. It seems counterintuitive, but
it worked for us.

 

[neelam.gangwani]

Sounds like it was more than signed; that it was encrypted as well. In
order to send an encrypted message, the recipient must have a digital
certificate and the sender must have used the public key of that certificate
to encrypt the message. If the message wasn't encrypted, where I work we've
found an issue with signed messages that can be mitigated by unchecking the
box labeled "Send clear test signed message when sending signed messages" on
Tools>Options>Security. Don't ask me why. It seems counterintuitive, but
it worked for us.

Hi Brian,

I have used CAPICOM standard procedure for signing the content.
i have not encrypted the message. But, while looking at the code i
also found something that might be the reason for the error. when I
set the signing_time attribute of the signer (to the current time),
the sign method call throws a runtime error. If i dont set the time
attribute, i am able to sign and send the message successfully.

Following is the code snippet for setting the atribute and signing the
content.

CAPICOM::IAttributePtr IAttribPtr1 = NULL;
HRESULT hrtt = CoCreateInstance(clsidAttribClass, NULL,
CLSCTX_INPROC_SERVER, iidAttribClass, (LPVOID *)&IAttribPtr1 );

IAttribPtr1->PutName(CAPICOM::CAPICOM_ATTRIBUTE(0));

// setting the attribute to current time
_variant_t varTime1;
varTime1.vt = VT_DATE;
varTime1.date = time(0);
IAttribPtr1->PutValue(varTime1);

// adding attribute to authenticated attribute list
CAPICOM::IAttributesPtr IAttribsPtr1;
IAttribsPtr1 = ISignerPtr2->AuthenticatedAttributes;// = &IAttribsPtr;
IAttribsPtr1->Add(IAttribPtr1);

CLSID clsidSingnedDataClass = {0x94AFFFCC, 0x6C05, 0x4814, 0xB1, 0x23,
0xA9, 0x41, 0x10, 0x5A, 0xA7, 0x7F};
IID iidSignedDataInterface = {0xAE9C454B, 0xFC65, 0x4C10, 0xB1, 0x30,
0xCD, 0x9B, 0x45, 0xBA, 0x94, 0x8B};

// signing the content
CAPICOM::ISignedDataPtr pISignDataPtr = NULL;
HRESULT h15 = CoCreateInstance(clsidSingnedDataClass, NULL,
CLSCTX_INPROC_SERVER, iidSignedDataInterface, (LPVOID
*)&pISignDataPtr);

//pISignDataPtr->Content = bstrMsg ;
pISignDataPtr->Content = bstrMsgToSign ;

BSTR bstrSignedMsg;
bstrSignedMsg = pISignDataPtr->Sign(ISignerPtr2, false,
CAPICOM::CAPICOM_ENCODE_BASE64);

Am i setting the time in a proper format ?

 

[neelam.gangwani]

Hi Brian,

I have used CAPICOM standard procedure for signing the content.
i have not encrypted the message. But, while looking at the code i
also found something that might be the reason for the error. when I
set the signing_time attribute of the signer (to the current time),
the sign method call throws a runtime error. If i dont set the time
attribute, i am able to sign and send the message successfully.

Following is the code snippet for setting the atribute and signing the
content.

CAPICOM::IAttributePtr IAttribPtr1 = NULL;
HRESULT hrtt = CoCreateInstance(clsidAttribClass, NULL,
CLSCTX_INPROC_SERVER, iidAttribClass, (LPVOID *)&IAttribPtr1 );

IAttribPtr1->PutName(CAPICOM::CAPICOM_ATTRIBUTE(0));

// setting the attribute to current time
_variant_t varTime1;
varTime1.vt = VT_DATE;
varTime1.date = time(0);
IAttribPtr1->PutValue(varTime1);

// adding attribute to authenticated attribute list
CAPICOM::IAttributesPtr IAttribsPtr1;
IAttribsPtr1 = ISignerPtr2->AuthenticatedAttributes;// = &IAttribsPtr;
IAttribsPtr1->Add(IAttribPtr1);

CLSID clsidSingnedDataClass = {0x94AFFFCC, 0x6C05, 0x4814, 0xB1, 0x23,
0xA9, 0x41, 0x10, 0x5A, 0xA7, 0x7F};
IID iidSignedDataInterface = {0xAE9C454B, 0xFC65, 0x4C10, 0xB1, 0x30,
0xCD, 0x9B, 0x45, 0xBA, 0x94, 0x8B};

// signing the content
CAPICOM::ISignedDataPtr pISignDataPtr = NULL;
HRESULT h15 = CoCreateInstance(clsidSingnedDataClass, NULL,
CLSCTX_INPROC_SERVER, iidSignedDataInterface, (LPVOID
*)&pISignDataPtr);

//pISignDataPtr->Content = bstrMsg ;
pISignDataPtr->Content = bstrMsgToSign ;

BSTR bstrSignedMsg;
bstrSignedMsg = pISignDataPtr->Sign(ISignerPtr2, false,
CAPICOM::CAPICOM_ENCODE_BASE64);

Am i setting the time in a proper format ?- Hide quoted text -

- Show quoted text -

Hi Brian,

Now i am setting the format in a correct way.
So, seems that its not a format problem.

any other issue you think ?

 

[Brian Tillman]

Now i am setting the format in a correct way.
So, seems that its not a format problem.

any other issue you think ?

I have no knowledge of how CAPICOM works, so I'm afraid I can't help. Have
you spoken to the vendor?