S/MIME

[Russ]

I am trying to use S/MIME with Outlook 2003. i can send out an encrypted
message to an outside account that is using Outrlook Express, but how does
the OE client reply to the encrypted message? The error states that I need a
a digital certificate. If I reply to the message that came from the secure
email address, can't I just use the key that came from the other person?

 

[Brian Tillman]

I am trying to use S/MIME with Outlook 2003. i can send out an
encrypted message to an outside account that is using Outrlook
Express, but how does the OE client reply to the encrypted message?
The error states that I need a a digital certificate. If I reply to
the message that came from the secure email address, can't I just use
the key that came from the other person?

In order to reply to an encrypted message, the replier must have a copy of
your public key if they want the response encrypted as well. In other
words, you must have sent them a digitally-signed message first before
sending them the encrypted message. Did you do that?

 

[David H. Lipman]

From: "Brian Tillman" <[email protected]>

|
| In order to reply to an encrypted message, the replier must have a copy of
| your public key if they want the response encrypted as well. In other
| words, you must have sent them a digitally-signed message first before
| sending them the encrypted message. Did you do that?

Or... pull the certificate from a LDAP server.

 

[Brian Tillman]

Or... pull the certificate from a LDAP server.

Well, yeah. It's what I do.

 

[David H. Lipman]

From: "Brian Tillman" <[email protected]>


|
| Well, yeah. It's what I do.

Ditto. I'm on some

 

[Russ]

Hey everyone! Well, I did a brief test. I sent an encrypted message from my
Outlook 2003 client at work to my personal email account at home which uses
OE (latest version). At home, I do not have any encryption keys. However, I
thought that I would be able to reply from OE to my Outlook 2003 account
with the key that was attached to my work account. Does that make sense?

 

[Brian Tillman]

Hey everyone! Well, I did a brief test. I sent an encrypted message
from my Outlook 2003 client at work to my personal email account at
home which uses OE (latest version). At home, I do not have any
encryption keys. However, I thought that I would be able to reply
from OE to my Outlook 2003 account with the key that was attached to
my work account. Does that make sense?

If the email address you have at home does not have a certificate, Outlook
should refuse to send an encrypted message. You can't send someone any
encrypted message unless they have a public key, you have access to that
public key (either because they sent it to you in a signed message or
because you reference a certificate server that knows it), and that public
key is trusted. Likewise, you can't decrypt an encrypted message unless it
has been encrypted with your public key and you have a private key that
matches.

If you receive a digitally signed message using Outlook Express from
someone, you should be abke to add that someone to your Contacts, which
should store their public key in your crypto store and from then on you
should be able to send them an encrypted message. They just won't be able
to respond to you with an encrypted message unless you also have a
certificate and have sent them your public key.

 

[Russ]

Brian, I got it now. Thanks for your help...

If the email address you have at home does not have a certificate, Outlook
should refuse to send an encrypted message. You can't send someone any
encrypted message unless they have a public key, you have access to that
public key (either because they sent it to you in a signed message or
because you reference a certificate server that knows it), and that public
key is trusted. Likewise, you can't decrypt an encrypted message unless
it has been encrypted with your public key and you have a private key that
matches.

If you receive a digitally signed message using Outlook Express from
someone, you should be abke to add that someone to your Contacts, which
should store their public key in your crypto store and from then on you
should be able to send them an encrypted message. They just won't be able
to respond to you with an encrypted message unless you also have a
certificate and have sent them your public key.