If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
How to Export Digital Signature from e-mail
I am using Outlook 2003 and I can't receive a message because of a digital
signed message. However, I can get it on my other computer using outlook express. It will ask me and then let me open the message. I saw an error message when getting the message from outlook express, but I was also able to see the certificate which I assume I need to receive the message in Outlook 2003. How can I export that certificate or digital signed ID? |
#2
|
|||
|
|||
How to Export Digital Signature from e-mail
"klafert" wrote in message
... I am using Outlook 2003 and I can't receive a message because of a digital signed message. Do you get some kind of error message? If so, exactly what does it say? However, I can get it on my other computer using outlook express. It will ask me and then let me open the message. I saw an error message when getting the message from outlook express, but I was also able to see the certificate which I assume I need to receive the message in Outlook 2003. How can I export that certificate or digital signed ID? A digital signature on a message should not interfere with your ability to receive it. The digital signature will simply be an attachment on the otherwise ordinary message. It contains the sender's public key, which proves that the message came from the person claiming to have sent it. You can store the public key on your PC and then use to send the person an encrypted message that only the recipient can read (although Outlook is peculiar in that it requires the sender to have a digital signature in order to send an encrypted message, which just isn't necessary). Describe your issue in greater detail so we can understand what the problem is. -- Brian Tillman [MVP-Outlook] |
#3
|
|||
|
|||
How to Export Digital Signature from e-mail
klafert wrote:
I am using Outlook 2003 and I can't receive a message because of a digital signed message. However, I can get it on my other computer using outlook express. It will ask me and then let me open the message. I saw an error message when getting the message from outlook express, but I was also able to see the certificate which I assume I need to receive the message in Outlook 2003. How can I export that certificate or digital signed ID? The default in Outlook is to not open/preview an e-mail if the digital certificate used to sign the e-mail cannot be looked up. Outlook will attempt to connect to the CA (certificate authority) to check if the cert is active, expired, or revoked (actually it just checks the CRL [cert revocation list] looking for negative results). If Outlook cannot contact the CA server then it cannot verify the cert is still valid. Sometimes users will get an e-mail cert from their own internal (corporate) cert server but outsiders to that company obviously will have no access to it. If the e-mail has been altered during transmission (i.e., after the source e-mail client has calculated a hash for the message as it existed when composed), your e-mail client may warn that the e-mail has been altered. Alteration can be caused by anti-virus programs, especially when boobs configure it to append a "This e-mail is okay. Trust me." message onto outgoing e-mails (yeah, like anyone is going to believe an e-mail is okay because it says so). Another cause is using a freebie e-mail provider, like Yahoo, that appends their spam promotional signature onto all outbound e-mails that go through their free service. Something got altered in the content of the e-mail so the hash doesn't match anymore when recomputed upon delivery into the recipient's e-mail client. Outlook WILL receive the digitally signed e-mail. It may not show it to you if it cannot verify its cert or the message has been corrupted. That doesn't stop the e-mail getting *received* by Outlook. It also doesn't prevent you from viewing the message despite Outlook's warning. Just double-click on the message to open in its own window and answer the prompt to ignore the warning and open the message anyway. That prompt should have a Details button that will tell you what is wrong with the cert or the message. You save the sender's public key half of their e-mail cert by saving them as a contact. The cert is recorded in the contact data. When you want to encrypt an e-mail back to that person, you use their contact record that you saved so to use their public key to encrypt your e-mail. They then use their private key that only they have to decrypt your message. Anyone with their public key can encrypt an e-mail to them. Only they can use their private key to decrypt that message. You don't need their cert if you aren't encrypting an e-mail to them and just using your own cert to digitally sign your outbound e-mails. Outlook Express may not be showing the warning about an invalid cert because it is configured not to go to the CA to check for revoked certs (Tools - Options - Security - Advanced). I don't see an equivalent option in Outlook but then it is a corporate e-mail client where digital signatures are considered sacrosanct. OE is a personal e-mail client where its users often don't use or even have certs or bother handling them. To OE users, and by default, a digitally signed e-mail is no more secure than a non-signed e-mail because they never validate the certs. Outlook gets some of its security settings from IE. Internet Options - Advanced tab - Security section - Check for publisher's certificate revocation. If you disable that option, I believe Outlook isn't going to validate the cert used in a digitally signed e-mail. Basically you are telling Outlook that you don't care about digitally signed e-mails because you won't check if they are still valid. In that case, perhaps you should simply ask the sender to stop digitally signing their e-mails that they send to you because you don't care if their e-mails identify the sender (through the cert) or if their e-mails have been altered before you got them. |
#4
|
|||
|
|||
How to Export Digital Signature from e-mail
The contact was originally typed in so there was no certificate. However, I
since saved the contact and saw the certificate. I received the e-mail but I had to search to find it and read it. Should I export the Certificate from the contact. The problem is I received the e-mail but cannot view them unless I do a search for they contact name and then I can read it. I tells me I received 1 of 1 message but I can't read the message unless I look for it. I don't receive any error message. "Brian Tillman [MVP-Outlook]" wrote: "klafert" wrote in message ... I am using Outlook 2003 and I can't receive a message because of a digital signed message. Do you get some kind of error message? If so, exactly what does it say? However, I can get it on my other computer using outlook express. It will ask me and then let me open the message. I saw an error message when getting the message from outlook express, but I was also able to see the certificate which I assume I need to receive the message in Outlook 2003. How can I export that certificate or digital signed ID? A digital signature on a message should not interfere with your ability to receive it. The digital signature will simply be an attachment on the otherwise ordinary message. It contains the sender's public key, which proves that the message came from the person claiming to have sent it. You can store the public key on your PC and then use to send the person an encrypted message that only the recipient can read (although Outlook is peculiar in that it requires the sender to have a digital signature in order to send an encrypted message, which just isn't necessary). Describe your issue in greater detail so we can understand what the problem is. -- Brian Tillman [MVP-Outlook] . |
#5
|
|||
|
|||
How to Export Digital Signature from e-mail
"klafert" wrote in message
... The contact was originally typed in so there was no certificate. However, I since saved the contact and saw the certificate. I received the e-mail but I had to search to find it and read it. Should I export the Certificate from the contact. The problem is I received the e-mail but cannot view them unless I do a search for they contact name and then I can read it. I tells me I received 1 of 1 message but I can't read the message unless I look for it. I don't receive any error message. Are you saying that when the message arrives, you cannot see it in your Inbox? Does it appear in Unread Mail? -- Brian Tillman [MVP-Outlook] |
#6
|
|||
|
|||
How to Export Digital Signature from e-mail
I cant view it unless I search for the e-mail - just notice I not getting
read receipt from peeps- actually I am getting them just can't view them unless I search for them using the "find" feature. "Brian Tillman [MVP-Outlook]" wrote: "klafert" wrote in message ... The contact was originally typed in so there was no certificate. However, I since saved the contact and saw the certificate. I received the e-mail but I had to search to find it and read it. Should I export the Certificate from the contact. The problem is I received the e-mail but cannot view them unless I do a search for they contact name and then I can read it. I tells me I received 1 of 1 message but I can't read the message unless I look for it. I don't receive any error message. Are you saying that when the message arrives, you cannot see it in your Inbox? Does it appear in Unread Mail? -- Brian Tillman [MVP-Outlook] . |
#7
|
|||
|
|||
How to Export Digital Signature from e-mail
"klafert" wrote in message
... I cant view it unless I search for the e-mail - just notice I not getting read receipt from peeps- actually I am getting them just can't view them unless I search for them using the "find" feature. If you find them when you search, in what folder does your search indicate they are? -- Brian Tillman [MVP-Outlook] |
Thread Tools | |
Display Modes | |
|
|