• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 289
  • Last Modified:

Email Encryption

I'm having a problem working with digitally signed email messages.  I'm using the free cert from Comodo.

Instructions from Comodo indicate that I should save the signed address to my address book.  That seems to be the problem. I've tried this saving process from Windows Live email, and Outlook 2010.  I don't believe I'm saving the cert as it should be saved.  Anyone know what I'm skipping here?

So far, I can send signed email messages, but I'm still working on the requirements for sending an encrypted message.

I corrupted the contact in the Windows Live address book.

Then over in Outlook 2010 there's no indication that the contact is signed, although the original message is clearly signed.

The end user is on a POP3 account and wishes to send encrypted messages with encrypted attachements.

Please advise.
0
kengreg
Asked:
kengreg
  • 2
  • 2
1 Solution
 
Dave HoweCommented:
You can't send an encrypted message using your own key.

The way it works is this. With the PRIVATE key for a certificate, you can decrypt encrypted messages sent to that certificate, and send signed messages to other recipients (which usually will also include the certificate).

With someone else's CERTIFICATE (which contains the public key) you can encrypt messages to the person or persons named in the certificate, and verify signed messages from that person.  Again, usually the signed message will include the certificate, which means if you receive a signed message, you can store the certificate locally and use it to send encrypted messages to that person, and you don't already have to have a copy to verify with.

So, what you need is a correspondent who also has a certificate. you should send them a unencrypted, but signed message; they should reply to that signed message with an encrypted, signed message, and you can then reply to THAT with an encrypted, signed message to them.

Does that make sense?

You can also send them your certificate out of band or by attachment, but that doesn't matter - the idea is to get your certificate to them, so that they can reply to you with encryption turned on, and that is easiest if you send a signed message.
0
 
kengregAuthor Commented:
DaveHowe,
My question was about Comodo's instructions, specifically saving the signed address to Contacts.

You did provide an alternate solution with out of band sharing of the cert. What is the path and file extension?
0
 
Dave HoweCommented:
normally, receipt of a signed email will offer you the option of importing it to the local store - that assumes you are using local email rather than webmail of course.

For out of band sharing, you will want to send the dot-CER file to your intended correspondents - for many email clients, they can import that just by double clicking it in windows or linux; some other clients may need you to manually import it.

assuming you generated your certificate request to comodo in outlook or via internet explorer, the CER file you got back from comodo can be made active by simply double clicking it.  the secret file should ALREADY be in the keystore (this is also true of chrome, for technical reasons; with firefox, there is a different process).

What file do you have now, and what instructions in particular are you having problems with?
0
 
kengregAuthor Commented:
The end-user was too busy to follow-up.  This request for encrypted mail will go on the back burner until it's an emergency.

Thanks for the advice.  I was trying to use all of the Comodo default instructions, and I wanted to provide a checklist that non-technical people could follow.

Whe I looked at the cert store I alienated the end-user.

The end-user is perfectly happy to pay the Comodo fee, but the trial didn't work.

Clearly the problem is with Windows Live mail.  I suspect to current Outlook clients can trade signatures and certs and allow for automatic installation.
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now