Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: using certificates in Outlook for encryption

from [Andrew Sciberras] Network Security [Permanent Link]
Subject: Re: using certificates in Outlook for encryption
Date: Fri, 15 Apr 2005 08:12:48 +1000 
Hi,

Encrypting an email is (in very simple terms) the act of you encrypting the message with someone else's public key, thus ensuring that the only person that can read it is the owner of the private key. This should only correspond to 1 entity, your recipient.

Generally, outlook will obtain public keys of other people from their certificate. So, once you store another's persons certificate within your store (generally from an email that they've sent you) you will then possess all of the technical pieces of information to send them an encrypted message.

What might be failing is policy related checking... Possibly:
* Does the recipient's certificate contain an email address that matches (exactly) the email address that you are using in your email to them?
* Does the recipient's certificate contain a keyUsage or extendedKeyUsage field? And if so, does this usage include the digital signature choice?
* Does your system trust the CA certificate that issued the Certificate? (Im assuming it does)

I would really be looking out for the matches in email addresses first.


Andrew Sciberras
eB2Bcom

Stegman, William wrote:

I have an enterprise PKI setup in our win2k active dir domain, and have been 
issuing user certificates for authentication, efs, and email encryption.  I've 
got wireless working fine with the certs, and signing messages from outlook 
works ok too, but when trying to encrypt the messages for others to view, I'm 
missing something.  Everything I keep reading only brushes over the fact that 
you can send your public key in an email message to your intended recipient so 
he/she can later read your encrypted messages, but once I receive that public 
key through a singed email, there's nothing I can really do with it as far as I 
can tell.  The messages are being sent to users who have obtained private keys 
from the same source, the AD enterprise CA.  I've posted some notes on MS's 
community newsgroups, but no bites.  The outlook clients range from 2000 to 
2003, I've got the certificates configured in outlook's security tab, I think 
I'm just missing the public key part......

Thank you,

William Stegman - Network Administrator
TransCore - Hummelstown
Phone: 717-561-5931
Fax: 717-564-8439
william.stegman@transcore.com


---------------------------------------------------------------------------
---------------------------------------------------------------------------




---------------------------------------------------------------------------
---------------------------------------------------------------------------


[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  _Minimizing Windows Server 2003 network services_ paper, Jean-Baptiste Marchand
Next by Date:  RE: using certificates in Outlook for encryption, Adrian Floarea
Previous by Thread:  using certificates in Outlook for encryption, Stegman, William
Next by Thread:  RE: using certificates in Outlook for encryption, Matt Parkins
Indexes:  [Date] [Thread] [Top] [All Lists]