Android Native Mail Unable To Display E-mail With Digital Signature


I have a Samsung Galaxy S3 (I know very legacy, but I am waiting for the S7) and when I receive e-mails that have a Digital Signature, I do not see the contents of the e-mail.  When I open the e-mail, the body of the e-mail states "Encrypted email" and button that states "Decrypt message."  When I click on the Decrypt message button, I receive "Unable to display encrypted message.  Certificate not installed.

Any assistance would be most helpful and appreciated.

What are your thoughts?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jackie ManIT ManagerCommented:
rmessing171ConsultantAuthor Commented:
Thank you for this info.  I had imported the certificate.

Where can I buy or download the PKCS#12 file?
Jackie ManIT ManagerCommented:
Do you host your mail server?

If yes, you should have the PKCS#12 file.
OWASP: Threats Fundamentals

Learn the top ten threats that are present in modern web-application development and how to protect your business from them.

rmessing171ConsultantAuthor Commented:
Our Exchange Mail server is hosted externally by Sungard, but I have access to the Exchange 2010 servers.  What are the steps on obtaining the PKCS#12 file from the Exchange Mail Server?

Thank you for all of your assistance with this!
Jackie ManIT ManagerCommented:
The info below might be useful for you to extract the PKCS#12 file from the windows server where the exchange 2010 is hosted.

"1. Click start > run
2. Type MMC and click OK
3. Click on File > Add/Remove Snap-in…
4. Select Certificates and click Add
5. Select Computer Account, click Next
6. Leave Local Computer selected, click Finish
7. Click Ok / Close
8. You will be back at the MMC console and it will show the Certificates Snap-In
9. Expand Certificates, expand Personal, click Certificates
10. Right click your certificate > All Tasks > Export
11. Certificate Export Wizard will appear, click Next
12.  Select “Yes, export the private key” > Next
13. Select “Personal Information Exchange – PKCS #12 (.PFX)”
14. Leave the checkboxes below unchecked.
Note:  If you select “include all certificates…” then it will export the intermediate certificates as well, the problem is when you import them it will import the intermediate certificates into the personal store and not the intermediate store.  So it’s best to manually import your intermediate certs following the steps from your cert provider.
15. Make up a password to secure the exported .pfx certificate file
16.  Pick a location to save the exported .pfx certificate file > Save > Finish"

rmessing171ConsultantAuthor Commented:
Thank you again for all of you assistance!  I appreciate all of your help and guidance!

I exported our webmail.domain,com certificate to a pkcs#12.pfx file and successfully imported it onto my Samsung S3 - e-mail Security Options> Email encryption cert.  When I try to open the e-mail that contains Digital Signature (from a vendor outside my company), I open the email, click on Decrypt message, and I am still getting the message of "Unable to display encrypted message.  Certificate not installed."

Just curious - Do I need to obtain this certificate from the vendor?

What are your thoughts?
Jackie ManIT ManagerCommented:
I think that it should be the exchange activesync certificate, not the webmail SSL.

Exporting the exchange activesync certificate is using Export-ExchangeCertificate cmdlet.

Details procedure is listed in the link below.

Then, it comes to how to import the .p12 file into an android device.

According to another question in EE forum, it says:

"Solution was :
- rename the pfx files into .p12
- copy to the root of the devide (NOT "usbStorage")
- install ..."

rmessing171ConsultantAuthor Commented:
Jackie - Thank you again for all of your assistance with this!

I have imported the AutoSync certificate and when I click on the Decrypt message button on an e-mail with a Digital Signature, it will open the e-mail, but now it shows:

This is a multipart message in MIME format.

Content-Type: multipart/related;

Content-Type: multipart/alternative;

Content-Type: text/plain;
Content-Transfer-Encoding: 7bit

Just got it back..  her you go!  (This was the original message from the sender)

However, there was a PDF attachment sent and I can not see the file in the e-mail.

Any ideas?

Thank you again for all of your assistance!  I really appreciate it!
Jackie ManIT ManagerCommented:
Actually, from your above comment, my wild guess is that email message with digital sigature is handled by android stock mail in the following way.

attachments are not encrypted but only the message body is encrypted

So, on decryption, only the email messgae is decrypted correctly and the attachment is decypted wrongly as multipart message in MIME format.

To conclude, do not expect that android can handle the attachment from a digital signed email.

You can try other mail app like R2mail2, but I cannot test as we do not use digital signed email.

I have clients working in banking and finance industries and they always send digital email in plain text format and if there is any attachment, the attachment will not be attached with the email but there will be a https link inside the email and the instruction for downloading the attachment will be displayed when the recipient opens the https link.

A similar scenario is shown in the link below on how office 365 will send attachment in encrypted message.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.