Solved

Email Encryption

Posted on 2014-01-13
4
283 Views
Last Modified: 2014-02-03
I'm having a problem working with digitally signed email messages.  I'm using the free cert from Comodo.

Instructions from Comodo indicate that I should save the signed address to my address book.  That seems to be the problem. I've tried this saving process from Windows Live email, and Outlook 2010.  I don't believe I'm saving the cert as it should be saved.  Anyone know what I'm skipping here?

So far, I can send signed email messages, but I'm still working on the requirements for sending an encrypted message.

I corrupted the contact in the Windows Live address book.

Then over in Outlook 2010 there's no indication that the contact is signed, although the original message is clearly signed.

The end user is on a POP3 account and wishes to send encrypted messages with encrypted attachements.

Please advise.
0
Comment
Question by:kengreg
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 33

Expert Comment

by:Dave Howe
ID: 39777137
You can't send an encrypted message using your own key.

The way it works is this. With the PRIVATE key for a certificate, you can decrypt encrypted messages sent to that certificate, and send signed messages to other recipients (which usually will also include the certificate).

With someone else's CERTIFICATE (which contains the public key) you can encrypt messages to the person or persons named in the certificate, and verify signed messages from that person.  Again, usually the signed message will include the certificate, which means if you receive a signed message, you can store the certificate locally and use it to send encrypted messages to that person, and you don't already have to have a copy to verify with.

So, what you need is a correspondent who also has a certificate. you should send them a unencrypted, but signed message; they should reply to that signed message with an encrypted, signed message, and you can then reply to THAT with an encrypted, signed message to them.

Does that make sense?

You can also send them your certificate out of band or by attachment, but that doesn't matter - the idea is to get your certificate to them, so that they can reply to you with encryption turned on, and that is easiest if you send a signed message.
0
 

Author Comment

by:kengreg
ID: 39777180
DaveHowe,
My question was about Comodo's instructions, specifically saving the signed address to Contacts.

You did provide an alternate solution with out of band sharing of the cert. What is the path and file extension?
0
 
LVL 33

Accepted Solution

by:
Dave Howe earned 500 total points
ID: 39777298
normally, receipt of a signed email will offer you the option of importing it to the local store - that assumes you are using local email rather than webmail of course.

For out of band sharing, you will want to send the dot-CER file to your intended correspondents - for many email clients, they can import that just by double clicking it in windows or linux; some other clients may need you to manually import it.

assuming you generated your certificate request to comodo in outlook or via internet explorer, the CER file you got back from comodo can be made active by simply double clicking it.  the secret file should ALREADY be in the keystore (this is also true of chrome, for technical reasons; with firefox, there is a different process).

What file do you have now, and what instructions in particular are you having problems with?
0
 

Author Closing Comment

by:kengreg
ID: 39829942
The end-user was too busy to follow-up.  This request for encrypted mail will go on the back burner until it's an emergency.

Thanks for the advice.  I was trying to use all of the Comodo default instructions, and I wanted to provide a checklist that non-technical people could follow.

Whe I looked at the cert store I alienated the end-user.

The end-user is perfectly happy to pay the Comodo fee, but the trial didn't work.

Clearly the problem is with Windows Live mail.  I suspect to current Outlook clients can trade signatures and certs and allow for automatic installation.
0

Featured Post

Creating Instructional Tutorials  

For Any Use & On Any Platform

Contextual Guidance at the moment of need helps your employees/users adopt software o& achieve even the most complex tasks instantly. Boost knowledge retention, software adoption & employee engagement with easy solution.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In this step by step procedure, you will come to know the details of creating an Outlook meeting in 2007, 2010, 2013 & 2016.
Changing a few Outlook Options can help keep you organized!
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question