Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: using certificates in Outlook for encryption

from [Ted LeSueur] Network Security [Permanent Link]
Subject: RE: using certificates in Outlook for encryption
Date: Fri, 15 Apr 2005 14:49:29 -0700 
The answer to your question is most definitely yes.  The complication factor is 
added when you utilize Organizational or "Unknown keys".  CA's like Verisign, 
Entrust, Comodo, etc... their public keys are distributed as part of an OEM 
solution which means that Grandma living in Idaho has to do one thing only and 
that is click the button that says send!!!!, the certificates are automatically 
recognized.  The complication is that Grandson living in Phoenix, doesn't want 
to pay for a certificate from these CA's he wants to use a free one, or one 
that was generated for him at work.  Well these kind of certificates are not 
inherently recognized and trusted.  Therein lies the complication.  Hope the 
helps.  

-----Original Message-----
From: Steve Bostedor [mailto:Steveb@tshore.com]
Sent: Friday, April 15, 2005 1:22 PM
To: Matt Parkins; focus-ms@securityfocus.com
Subject: RE: using certificates in Outlook for encryption


Is it just me or is this all overly complicated for the target audience.
I deal with CEO's and upper management personell all of the time and
they don't know what a public key is from a head gasket.  How is this
technology ever supposed to get out of the gate if it's so complicated?
(to them, not to me! *cough*)

Are there any third party solutions that set this all up for companies
and make it very point and click?  It should also be compatable so that
if someone wanted your public key, it would be easily obtainable by a 75
year old grandma from Idaho.

Steve Bostedor
http://www.vncscan.com
VNCScan Enterprise Console
No added fat!  No preservatives!
 



-----Original Message-----
From: Matt Parkins [mailto:matt@the-parkins.co.uk] 
Sent: Friday, April 15, 2005 11:44 AM
To: focus-ms@securityfocus.com
Subject: RE: using certificates in Outlook for encryption


Easy:

 - Open the e-mail, right click on the user, select 'add to 
contacts' (update the contact's details if the contact 
already exists) 

 - Go to contacts and open the contact, go to the certificate 
tab the contact's public key(s) should be listed right there.

Matt Parkins
Senior Programmer

-----Original Message-----
From: Andrew Sciberras [mailto:andrewsciberras@gmail.com] 
Sent: 14 April 2005 23:13
To: Stegman, William
Cc: focus-ms@securityfocus.com
Subject: Re: using certificates in Outlook for encryption

Hi,

Encrypting an email is (in very simple terms) the act of you 
encrypting the message with someone else's public key, thus 
ensuring that the only person that can read it is the owner 
of the private key. This should only correspond to 1 entity, 
your recipient.

Generally, outlook will obtain public keys of other people 
from their certificate. So, once you store another's persons 
certificate within your store (generally from an email that 
they've sent you) you will then possess all of the technical 
pieces of information to send them an encrypted message.

What might be failing is policy related checking... Possibly:
 * Does the recipient's certificate contain an email address 
that matches
(exactly) the email address that you are using in your email to them?
 * Does the recipient's certificate contain a keyUsage or 
extendedKeyUsage field? And if so, does this usage include 
the digital signature choice?
 * Does your system trust the CA certificate that issued the 
Certificate? (Im assuming it does)

I would really be looking out for the matches in email 
addresses first.


Andrew Sciberras
eB2Bcom

Stegman, William wrote:


I have an enterprise PKI setup in our win2k active dir 

domain, and have
been issuing user certificates for authentication, efs, and 
email encryption.  I've got wireless working fine with the 
certs, and signing messages from outlook works ok too, but 
when trying to encrypt the messages for others to view, I'm 
missing something.  Everything I keep reading only brushes 
over the fact that you can send your public key in an email 
message to your intended recipient so he/she can later read 
your encrypted messages, but once I receive that public key 
through a singed email, there's nothing I can really do with 
it as far as I can tell.  The messages are being sent to 
users who have obtained private keys from the same source, 
the AD enterprise CA.  I've posted some notes on MS's 
community newsgroups, but no bites.  The outlook clients 
range from 2000 to 2003, I've got the certificates configured 
in outlook's security tab, I think I'm just missing the 
public key part......


Thank you,

William Stegman - Network Administrator TransCore - Hummelstown
Phone: 717-561-5931
Fax: 717-564-8439
william.stegman@transcore.com


-------------------------------------------------------------

----------

----
-------------------------------------------------------------

--------------

 




--------------------------------------------------------------
-------------
--------------------------------------------------------------
-------------




---------------------------------------------------------------------------
---------------------------------------------------------------------------


---------------------------------------------------------------------------
---------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: using certificates in Outlook for encryption, Steve Bostedor
Next by Date:  Fw: Re: using certificates in Outlook for encryption, Justin Roysdon
Previous by Thread:  Re: using certificates in Outlook for encryption, mitm
Next by Thread:  RE: Re: using certificates in Outlook for encryption, Zack Schiel
Indexes:  [Date] [Thread] [Top] [All Lists]