Solved

Email Encryption

Posted on 2014-01-13
4
282 Views
Last Modified: 2014-02-03
I'm having a problem working with digitally signed email messages.  I'm using the free cert from Comodo.

Instructions from Comodo indicate that I should save the signed address to my address book.  That seems to be the problem. I've tried this saving process from Windows Live email, and Outlook 2010.  I don't believe I'm saving the cert as it should be saved.  Anyone know what I'm skipping here?

So far, I can send signed email messages, but I'm still working on the requirements for sending an encrypted message.

I corrupted the contact in the Windows Live address book.

Then over in Outlook 2010 there's no indication that the contact is signed, although the original message is clearly signed.

The end user is on a POP3 account and wishes to send encrypted messages with encrypted attachements.

Please advise.
0
Comment
Question by:kengreg
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 33

Expert Comment

by:Dave Howe
ID: 39777137
You can't send an encrypted message using your own key.

The way it works is this. With the PRIVATE key for a certificate, you can decrypt encrypted messages sent to that certificate, and send signed messages to other recipients (which usually will also include the certificate).

With someone else's CERTIFICATE (which contains the public key) you can encrypt messages to the person or persons named in the certificate, and verify signed messages from that person.  Again, usually the signed message will include the certificate, which means if you receive a signed message, you can store the certificate locally and use it to send encrypted messages to that person, and you don't already have to have a copy to verify with.

So, what you need is a correspondent who also has a certificate. you should send them a unencrypted, but signed message; they should reply to that signed message with an encrypted, signed message, and you can then reply to THAT with an encrypted, signed message to them.

Does that make sense?

You can also send them your certificate out of band or by attachment, but that doesn't matter - the idea is to get your certificate to them, so that they can reply to you with encryption turned on, and that is easiest if you send a signed message.
0
 

Author Comment

by:kengreg
ID: 39777180
DaveHowe,
My question was about Comodo's instructions, specifically saving the signed address to Contacts.

You did provide an alternate solution with out of band sharing of the cert. What is the path and file extension?
0
 
LVL 33

Accepted Solution

by:
Dave Howe earned 500 total points
ID: 39777298
normally, receipt of a signed email will offer you the option of importing it to the local store - that assumes you are using local email rather than webmail of course.

For out of band sharing, you will want to send the dot-CER file to your intended correspondents - for many email clients, they can import that just by double clicking it in windows or linux; some other clients may need you to manually import it.

assuming you generated your certificate request to comodo in outlook or via internet explorer, the CER file you got back from comodo can be made active by simply double clicking it.  the secret file should ALREADY be in the keystore (this is also true of chrome, for technical reasons; with firefox, there is a different process).

What file do you have now, and what instructions in particular are you having problems with?
0
 

Author Closing Comment

by:kengreg
ID: 39829942
The end-user was too busy to follow-up.  This request for encrypted mail will go on the back burner until it's an emergency.

Thanks for the advice.  I was trying to use all of the Comodo default instructions, and I wanted to provide a checklist that non-technical people could follow.

Whe I looked at the cert store I alienated the end-user.

The end-user is perfectly happy to pay the Comodo fee, but the trial didn't work.

Clearly the problem is with Windows Live mail.  I suspect to current Outlook clients can trade signatures and certs and allow for automatic installation.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
When you have clients or friends from around the world, it becomes a challenge to arrange a meeting or effectively manage your time. This is where Outlook's capability to show 2 time zones in one calendar comes in handy.
Many of my clients call in with monstrous Gmail overloading issues with Outlook. A quick tip is to turn off the All Mail and Important folders from synching. Here is a quick video I made to show you how to turn off these and other folders in Gmail s…
CodeTwo Sync for iCloud (http://www.codetwo.com/sync-for-icloud?sts=6554) automatically synchronizes your Outlook 2016, 2013, 2010 or 2007 folders with iCloud folders available via iCloud Control Panel. This lets you automatically sync them with…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question