Unable to open digitally-signed messages

[Rich]

I've had to reinstall Vista (long story) and have just reinstalled Office
2003 as a part of that effort. I have my first email account set up and
receiving mail and I've also added the security program to help define the
various attachments Outlook will let me see (currently set to all). When I
send digitally-signed emails to my home account from work, Outlook won't
(can't?) open them.

My preview pane is set up on the right half of the screen and it says "This
item cannot be displayed in the Reading Pane. Open the item to read its
contents." When I double click on the message header to open it, I get a
message "Can't open this item. An error occurred in the underlying security
system." I've sent my security certificate from my computer at work to the
home computer and installed it and still nothing works. I sort of remember
going through this before when I first installed Vista and I stumbled across
"the" fix but I'll be danged if I can find it again. I'm being more careful
this time and writing down everything I'm doing as I go along.

HELP! Thanks...

 

[Brian Tillman [MVP - Outlook]]

I've had to reinstall Vista (long story) and have just reinstalled Office
2003 as a part of that effort. I have my first email account set up and
receiving mail and I've also added the security program to help define the
various attachments Outlook will let me see (currently set to all). When
I
send digitally-signed emails to my home account from work, Outlook won't
(can't?) open them.

In order to decrypt something someone sends you, you need installed on the
receiving system a digital certificate whose private key matches the public
key with which the message was encrypted. If you reinstalled your operating
system, you destroyed that certificate and unless you reinstall the
certificate you have no hope of decrypting that message. Did you make a
backup of the certificate before performing the reinstall?

I've sent my security certificate from my computer at work to the
home computer and installed it and still nothing works.

Not surprising. The certificate is specific to the mail address to which
the certificate was issued. The mail address where you work is different
than the mail address at your home and the certificate issued to the one
cannot work for the other.

If you no longer have a certificate for your home address, you'll need to
contact the Certification Authority that issued the original certificate,
have them revoke it, and issue you a new one. You can then install that new
one and send signed messages to anyone with whom you wish to exchange
encrypted mail.

 

[Rich]

The message hasn't been encrypted; it only has a digital signature attached
which, as I understand it, is different from the additional measures of
actual encryption.

And, like I mentioned, all of this was NOT necessary when I first installed
Vista/Outlook. I have never had, nor used, a certificate for home. Methinks
there is something else going on. Hopefully we can get to the bottom of this
pretty quick. Thanks for your reply.
--
Rich Turner
Dual Athlon Processor,
Vista-64, Office 2003

 

[Rich]

Just as an FYI -

Our IT person at work suggested using our certificate from work to load on
my home computer. I did this yesterday and it worked. Today, it doesn't
work. I'm back to square one.
--
Rich Turner
Dual Athlon Processor,
Vista-64, Office 2003

 

[Rich]

Anybody have any ideas? I'm totally SOL until I can get the issue resolved.
I know there is something that has to be done to Outlook but it's not easy
to find. I also know it can be done because it's been done before. Thanks,
--
Rich Turner
Dual Athlon Processor,
Vista-64, Office 2003

 

[Brian Tillman [MVP - Outlook]]

Anybody have any ideas? I'm totally SOL until I can get the issue
resolved.
I know there is something that has to be done to Outlook but it's not easy
to find. I also know it can be done because it's been done before.
Thanks,

I gave you the answer. There's nothing to be "done in Outlook" if you don't
have the original sert to reinstall.

 

[Brian Tillman [MVP - Outlook]]

I gave you the answer. There's nothing to be "done in Outlook" if you
don't have the original sert to reinstall.

"Cert", not "sert", of course.

 

[Rich]

No disrespect but you gave me *AN* answer, not *THE* answer.

1) Why did I NOT have to do what you suggest the first time I installed
Vista and Office 2003?
2) Why did the certificate I installed from work (at the suggestion of our
IT folks) work one day and not since?
3) Why did Outlook work today when I opened an email I sent from work in
plain text (with NO digital signature)?
4) Why did Outlook work today when I opened the same exact message sent as
plain text WITH digital signature?

I understand that trying to figure out the various vagaries behind security
implementation schemes can be quite difficult and time consuming; it's always
easier to give a "pat" answer that "always" works because some people have
neither the time or the incentive to help others get to the bottom of the
issue. That's OK; that's life. Just say so and we'll part friends. Giving
an answer of "I already told you" with no other explanations smaks of an
egotistic attitude and does nothing other than insults your customers and
drives them away from your products.

Rich
--
Rich Turner
Dual Athlon Processor,
Vista-64, Office 2003

 

[Brian Tillman [MVP - Outlook]]

No disrespect but you gave me *AN* answer, not *THE* answer.

1) Why did I NOT have to do what you suggest the first time I installed
Vista and Office 2003?

In order to read an encrypted message you MUST have a cerificate installed
that contains the private key matching the public key with which it was
encrypted. There's simply no way around that. You must have installed a
certificate when you installed the first time.

2) Why did the certificate I installed from work (at the suggestion of our
IT folks) work one day and not since?

Since I don't know exactly what you installed (I wasn't there to watch).

3) Why did Outlook work today when I opened an email I sent from work in
plain text (with NO digital signature)?

Naturally if it wasn't encrypted, you could open it. So what? It's
irrelevant.

4) Why did Outlook work today when I opened the same exact message sent as
plain text WITH digital signature?

Having a digital signature attached to a message also has nothing to do with
decrypting. A digital signature guarantees that the mesage came from the
person claiming to have sent it and also provides the public key of the
sender so that you can send that person an encrypted message.

I understand that trying to figure out the various vagaries behind
security
implementation schemes can be quite difficult and time consuming; it's
always
easier to give a "pat" answer that "always" works because some people have
neither the time or the incentive to help others get to the bottom of the
issue.

Clearly you don't have a clue as to how public key encryption works. Since
you don't, you're foolish to disregard the statements of those of us who do.
We're done. I'll bow out.

 

[Rich]

Let me say this one more time:

I AM NOT SENDING MYSELF AN ENCRYPTED EMAIL from work! How much more plain
can I make it? NO ENCRYPTION. DIGITAL SIGNATURES are NOT ENCRYPTED
EMAILS.

If I send myself a DIGITALLY SIGNED email (note I did NOT say ENCRYPTED), I
get the original error mentioned and am still unable to open the message.

If I send myself a PLAIN TEXT email with NO DIGITAL SIGNATURE (again, I did
NOT say ENCRYPTED), I am now getting something like:

======================
Received: from exanpcn27.arinc.com ([144.243.3.28])
by isp.att.net (frfwmxc10) with ESMTP
id <20081118140414M10008906ge>; Tue, 18 Nov 2008 14:04:14 +0000
X-Originating-IP: [144.243.3.28]
X-AuditID: 90f3031b-ad381bb0000006a5-b0-4922cb5d8255
Received: from anpcn3.arinc.com (unknown [144.243.79.40])
by exanpcn27.arinc.com (Symantec Mail Security - Out) with ESMTP id
926984DC002;
Tue, 18 Nov 2008 09:04:13 -0500 (EST)
Received: from pfnmb1.arinc.com ([144.243.75.13]) by anpcn3.arinc.com with
Microsoft SMTPSVC(6.0.3790.3959);
Tue, 18 Nov 2008 09:03:28 -0500
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----_=_NextPart_001_01C94986.6D483807"

=============================

Everything else in the message is bounded by this type of mime-encoded
header and any binary attachments or inline pictures are all hex-coded
numbers.

There must be some setting inside Outlook or it's properties that will allow
it to decode mime-type messages. I just don't know what that is. Like I
said - it worked once when I first installed Vista and Office, now it does
not work when I had to reinstall Vista.

You said "Clearly you don't have a clue as to how public key encryption
works. Since
you don't, you're foolish to disregard the statements of those of us who
do.
We're done. I'll bow out. " Fortunately (or unfortunately as the case
may be) I do have a clue. I was around when the mechanics of public-key
encryption was detailed and discussed openly in a Byte magazine article 25
or so years ago and which also included basic program code to show how it
all worked.

My problem is how to get Outlook to display mime-formatted messages
properly. You do know what the mime format is, don't you? It is NOT
ENCRYPTION. So get off that dead horse. What I don't know are the
intricacies and obtuse control mechanisms Microsoft has used to drive the
Outlook engine. I need to know the switch to make Outlook display
mime-formatted messages properly.

Since you don't seem to be smart enough to read the question (not read into
the question) and understand the issue involved to form a coherent answer,
maybe (hopefully) someone else here can.

 

[Brian Tillman [MVP - Outlook]]

If I send myself a PLAIN TEXT email with NO DIGITAL SIGNATURE (again, I
did NOT say ENCRYPTED), I am now getting something like:

If you are getting the headers and MIME encoding in the body of the message,
then something in the transmission is altering the headers in such a way
that Outlook cannot decode the data properly. I personally would suspect:

Received: from anpcn3.arinc.com (unknown [144.243.79.40])
by exanpcn27.arinc.com (Symantec Mail Security - Out) with ESMTP id
926984DC002

Symantec products do not play well with email.

 

[Mack]

Hi, I didnt see this topic before and openned another one.
I´m having pretty much the situation, when I receive a digitally signed
email some of my users cannot open them, it´s the same error of yours Rich.
I tought it was a security update, But I unistalled almost all of them =)
and no succes.
And I dont know why this problem is spreading to more users here.

Regards.

================

If I send myself a PLAIN TEXT email with NO DIGITAL SIGNATURE (again, I
did NOT say ENCRYPTED), I am now getting something like:

If you are getting the headers and MIME encoding in the body of the message,
then something in the transmission is altering the headers in such a way
that Outlook cannot decode the data properly. I personally would suspect:

Received: from anpcn3.arinc.com (unknown [144.243.79.40])
by exanpcn27.arinc.com (Symantec Mail Security - Out) with ESMTP id
926984DC002

Symantec products do not play well with email.

 

[Brian Tillman [MVP - Outlook]]

Hi, I didnt see this topic before and openned another one.

Let's keep your thread separate.

 

[Rich]

Brian (and Mack) -

I'm back from working too much overtime today and I tried emailing home
address from work. A couple of days ago I removed my digital certificate I
got from my work computer and installed here at home. Also some additional
google searching (a lot as it turns out) turned up a discussion where
someone was ranting about Microsoft's alleged consipiracy regarding
compatible email formats (I thought I saved the link but I can't find it
right now; when I do run across it again I'll post it here if anyone is
interested). However, the most important point from this rant was to
suggest that sending emails with all addressees in the BCC field only (good
email etiquette to protect the security of your recipients on general or
"joke" emails you send) will have this problem. And, that is how I send my
email out from work to my "general" list is completely through the BCC
address field.

The suggestion was to have some email address in the normal TO field in
addition to the BCC fields. Well, I tried that today and everything is
working properly. Whether I send a plain text email or a digitally-signed
email to my home address, it all works as advertised.

So - Brian: this is a "free" solution you can pass along to others who
might have the same problem as I have had. Hopefully those people will be
few and far between. And Mack - I haven't read through your thread yet to
see exactly what your problem is but hopefully this will work for you as
well.

Here's wishing everyone a HAPPY Thanksgiving!

Rich

If I send myself a PLAIN TEXT email with NO DIGITAL SIGNATURE (again, I
did NOT say ENCRYPTED), I am now getting something like:

If you are getting the headers and MIME encoding in the body of the
message, then something in the transmission is altering the headers in
such a way that Outlook cannot decode the data properly. I personally
would suspect:

Received: from anpcn3.arinc.com (unknown [144.243.79.40])
by exanpcn27.arinc.com (Symantec Mail Security - Out) with ESMTP id
926984DC002

Symantec products do not play well with email.