Solved

email signing

Posted on 2012-03-22
14
652 Views
Last Modified: 2012-08-13
Can I ask in outlook 2003 what "email digital signing" is about and what it actually does to maintain the integrity of sent / received email? Is it a free feature within outlook? How can I digitally sign an email before sending it and what is the point in doing so?

Say I send email from myself to user X, and user X decides to edit the email after they receievd it, how will signing the email help there. Would prefer management type responses if poss, jargon freindly.
0
Comment
Question by:pma111
  • 8
  • 5
14 Comments
 
LVL 30

Accepted Solution

by:
IanTh earned 250 total points
ID: 37751688
0
 
LVL 3

Author Comment

by:pma111
ID: 37751692
I was hoping for some discussion really. I read a couple of links and havent quite grasped it.

Does the certificate prevent tampering of the email by the recipient, or if the user did tamper with the mail after receiving it, would it show up some how?

And who needs the certificate? I.e. both the sender and receiver? Or if you were using it internally can you buy like a corporate cert?
0
 
LVL 3

Author Comment

by:pma111
ID: 37751694
Do you  buy 1 certificate per user, 1 per email, or one per exchange server?
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 59

Assisted Solution

by:Chris Bottomley
Chris Bottomley earned 250 total points
ID: 37751719
The signing is an action taken on the email by the sender.  It basically identifies what the email looked like when it left their client.  If it is received without tampering then the signature and content match and all is well.

If someone picks up on the mail in the journey and makes a change to set for example transfer amount to 1000 from 1 then the content and signature mismatch and the recipient can see that.

This is different from encryption where the content is hidden and hopefully unreadable in any meaningful timeframe.  i.e. the data can be seen by everyone and can be trusted as presented if the sig is ok./

i.e. per http://office.microsoft.com/en-us/outlook-help/secure-messages-with-a-digital-signature-HP001230539.aspx

The key a sender gives to a recipient so that the recipient can verify the sender's signature and confirm that the message was not altered. Recipients also use the public key to encrypt (lock) e-mail messages to the sender.). This information proves to the recipient that you signed the contents of the message and not an imposter, and that the contents have not been altered in transit. For additional privacy, you can also encrypt messages.

Chris
0
 
LVL 3

Author Comment

by:pma111
ID: 37751723
However, what if... after a user receives the email. They open it in Outlook, right click, edit the message, save it. And then forward it on. How will the certificate help in that case? I.e. its arrived untampered. But the recipient themselves have then tampered with it and sent it on.
0
 
LVL 59

Expert Comment

by:Chris Bottomley
ID: 37751727
Signatures are client specific so unless everyone is using the same pc and outlook install then one per person.

For larger organisations you can have your own certificate server but in most cases I believe they will be hosted by providers.

I have my own for home and used to have a work hosted one for work.  THe work one was not so good as somehow the certificate could not be seen globally .... I had to send it out seperately whereas my provider based certificate simply works.

Chris
0
 
LVL 59

Expert Comment

by:Chris Bottomley
ID: 37751733
When a recipient sends the mail on it is no longer signed ... the act of sending it removes the 'received' signature.  Of course if the (re)sender has a certificate and elects to sign the message then the next recipient will see a signed email from you BUT no validation of the sender you received it from.

Chris
0
 
LVL 3

Author Comment

by:pma111
ID: 37751734
Whats the liklehood of an email being tampered in transmition in an internal LAN? Theoretical at best?

And also...

However, what if... after a user receives the email. They open it in Outlook, right click, edit the message, save it. And then forward it on. How will the certificate help in that case? I.e. its arrived untampered. But the recipient themselves have then tampered with it and sent it on.
0
 
LVL 3

Author Comment

by:pma111
ID: 37751741
So, am I right in thinking.

If an email is sat in a users inbox. The user decides to edit the message whilst in their inbox. If they dont send it on, does it flag up as "this user has edited the text of this email from the original".

Or would it only flag it up if "this email was tampered during transmission, it isnt the original".
0
 
LVL 3

Author Comment

by:pma111
ID: 37751761
I.e. does it provide accountability to email at rest (sat in the mailbox) as well as email in transit. The issue could be a user receives the email. Then decides to edit it, so in their inbox is appears as modfiied. I wasnt sure if a digital  cert "locks" the email when in the inbox so it cant be amended. Or whether if someone does amend it somewhere the hash then doesnt match thus it flags it up in outlook as "someones messed about with this since it was received, this isnt the original".
0
 
LVL 3

Author Comment

by:pma111
ID: 37751844
And does a dig signature consider attachments as well as message txt? i.e. if the attached word document was also edited in transit would that also show as a mismatch?
0
 
LVL 59

Expert Comment

by:Chris Bottomley
ID: 37751871
As soon as you modify a signed email from elsewhere the signature is invalid.  i.e. any change to the attachments is a change to the email so the attachments are marked as invalid by virtue of the edit to the email.

Capability wise it is probably high that someone within an intranet CAN hack a message as compared to finding a useful email outside but within an organisation there is little cause in my view for signing ... unless legal requirements apply.

Chris
0
 
LVL 3

Author Comment

by:pma111
ID: 37751888
Ok Chris,

But, say an email (digitally signed) appears in my inbox,

a) How does it visually appear as either "ok -not tampered" or "tampered"? Can you provide a screenshot? Of how they will visually appear in outlook.

And my core question is,

b) In outlook 2003, if I open an email (digitally signed), right click, edit message, change the text, and save it, does it then also visually appeared as tampered, or does it remain as ok?

My concern is more email at rest (sat in a team/shared inbox) as opposed to in transmission.

I can see dig certs affect in transmission, but I wasnt sure if it "stops there" and any amendement of the email whilst in the inbox will affect the dig sig "ok not tampered"
0
 
LVL 59

Expert Comment

by:Chris Bottomley
ID: 37751972
Exact appearance will vary with application version but there will be a bar on the email to show signed or an error with the signature.  The explorer does not in my experience show this status you need the preview or mail active.

I did already say that as soon as a mail is edited in any way the signature becomes invalid.  I.e at rest or in transit, a change renders the sig invalid hence from the moment an email is saved either for retention or as part of a send.

Chris
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many people use more than one email account and so it becomes difficult for them to manage them when they use separate accounts,  so, in this article, I have shared an easy way to add Other Mail Accounts in your Google Inbox. It helps to combine all…
In this step by step procedure, you will come to know the details of creating an Outlook meeting in 2007, 2010, 2013 & 2016.
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question