Solved

Email Encryption

Posted on 2014-01-13
4
284 Views
Last Modified: 2014-02-03
I'm having a problem working with digitally signed email messages.  I'm using the free cert from Comodo.

Instructions from Comodo indicate that I should save the signed address to my address book.  That seems to be the problem. I've tried this saving process from Windows Live email, and Outlook 2010.  I don't believe I'm saving the cert as it should be saved.  Anyone know what I'm skipping here?

So far, I can send signed email messages, but I'm still working on the requirements for sending an encrypted message.

I corrupted the contact in the Windows Live address book.

Then over in Outlook 2010 there's no indication that the contact is signed, although the original message is clearly signed.

The end user is on a POP3 account and wishes to send encrypted messages with encrypted attachements.

Please advise.
0
Comment
Question by:kengreg
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 33

Expert Comment

by:Dave Howe
ID: 39777137
You can't send an encrypted message using your own key.

The way it works is this. With the PRIVATE key for a certificate, you can decrypt encrypted messages sent to that certificate, and send signed messages to other recipients (which usually will also include the certificate).

With someone else's CERTIFICATE (which contains the public key) you can encrypt messages to the person or persons named in the certificate, and verify signed messages from that person.  Again, usually the signed message will include the certificate, which means if you receive a signed message, you can store the certificate locally and use it to send encrypted messages to that person, and you don't already have to have a copy to verify with.

So, what you need is a correspondent who also has a certificate. you should send them a unencrypted, but signed message; they should reply to that signed message with an encrypted, signed message, and you can then reply to THAT with an encrypted, signed message to them.

Does that make sense?

You can also send them your certificate out of band or by attachment, but that doesn't matter - the idea is to get your certificate to them, so that they can reply to you with encryption turned on, and that is easiest if you send a signed message.
0
 

Author Comment

by:kengreg
ID: 39777180
DaveHowe,
My question was about Comodo's instructions, specifically saving the signed address to Contacts.

You did provide an alternate solution with out of band sharing of the cert. What is the path and file extension?
0
 
LVL 33

Accepted Solution

by:
Dave Howe earned 500 total points
ID: 39777298
normally, receipt of a signed email will offer you the option of importing it to the local store - that assumes you are using local email rather than webmail of course.

For out of band sharing, you will want to send the dot-CER file to your intended correspondents - for many email clients, they can import that just by double clicking it in windows or linux; some other clients may need you to manually import it.

assuming you generated your certificate request to comodo in outlook or via internet explorer, the CER file you got back from comodo can be made active by simply double clicking it.  the secret file should ALREADY be in the keystore (this is also true of chrome, for technical reasons; with firefox, there is a different process).

What file do you have now, and what instructions in particular are you having problems with?
0
 

Author Closing Comment

by:kengreg
ID: 39829942
The end-user was too busy to follow-up.  This request for encrypted mail will go on the back burner until it's an emergency.

Thanks for the advice.  I was trying to use all of the Comodo default instructions, and I wanted to provide a checklist that non-technical people could follow.

Whe I looked at the cert store I alienated the end-user.

The end-user is perfectly happy to pay the Comodo fee, but the trial didn't work.

Clearly the problem is with Windows Live mail.  I suspect to current Outlook clients can trade signatures and certs and allow for automatic installation.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Changing a few Outlook Options can help keep you organized!
This article will help to fix the below error for MS Exchange server 2010 I. Out Of office not working II. Certificate error "name on the security certificate is invalid or does not match the name of the site" III. Make Internal URLs and External…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question