Encrypting a message

[azlan]

Hi,
I got a error message " MS Office Outlook cannot sign or encrypt this
message because your certificate is not valid" when i try to encrypt email
using recipient certificate. I have already save the recipient contact and
later import her certificate into her contact. In the message option under
security setting i checked "encrypt ...." message box. May you help me?

Thanks

 

[VanguardLH]

in message

I got a error message " MS Office Outlook cannot sign or encrypt
this
message because your certificate is not valid" when i try to encrypt
email
using recipient certificate. I have already save the recipient
contact and
later import her certificate into her contact. In the message option
under
security setting i checked "encrypt ...." message box. May you help
me?

The recipient's e-mail certificate expired. They'll have to get a new
one. Or maybe it has been revoked (by the cert owner or by the cert
issuer). They'll have to get a new one. Or maybe it was corrupted
and that's what you saved so you'll have to get the recipient to send
you another signed e-mails with their current cert, save it, and try
that one.

 

[azlan]

Dear VanguardLH,
For your information, the sender's mail was not signed. Instead, i got her
certificate as attachment in her email. Then i tried to change the security
setting configuration from automatic to custom. In select certificate to
encrypt. however i couldn't find the sender certificate. Please help me as i
want to send confidential data. Thanks.

 

[VanguardLH]

Dear VanguardLH,
For your information, the sender's mail was not signed. Instead, i
got her
certificate as attachment in her email. Then i tried to change the
security
setting configuration from automatic to custom. In select
certificate to
encrypt. however i couldn't find the sender certificate. Please help
me as i
want to send confidential data. Thanks.

I've never sent anyone a cert as an attachment. Sounds like you got
the entire cert, tried to install it, and would end up using the
recipient's private key instead of their public key; however, the
recipient would be using their private key to decrypt yet it expects
the public key half to have been used to do the encryption. Have the
user send you a digitally signed e-mail, save that contact to your
address book (Contacts), and then use that contact record when you
want to specify the recipient to whom you want to send encrypted
e-mail.

You installing her cert means you do not have the e-mail address in
that cert that the recipient used to register that cert. That means
the e-mail in the recipient's cert will not match up with any of the
e-mail accounts that you have defined in Outlook. You need to use the
e-mail account that matches its e-mail address with the one recorded
inside the cert. You cannot install the recipient's cert. You
install your own (for someone else to use its public key). When you
configure S/MIME in the Security tab, you associate the cert
containing your e-mail address with the account that uses that e-mail
address. Your e-mail address is not the recipient's e-mail address.
You need their public key, not their private key. They need to use
their private key to decrypt what you encrypted using their public
key. I'm not sure their e-mail address is even associated (i.e.,
required) in the public key since only that recipient can decrypt with
their private (i.e., only the recipient should have their private
key). That they gave you their entire cert means they should revoke
that cert and create a new one and only give you the public key to it
by sending you a digitally signed e-mail.

I've pretty much followed the instructions given for how to install my
own e-mail cert and how to disperse the public key to others who would
then use it to send me back their encrypted e-mails. For going
outside the box in procedure, maybe you'll want to ask in a security
newsgroup.


http://en.wikipedia.org/wiki/Public_key_infrastructure