D
Dariusz Lewicki
As a provider of smart card related middleware solutions we develop also CryptoAPI CSP modules for different smart cards.
We have noticed strange Outlook behavior related to encrypted messages. Especially for bigger messages (a few MB attachments for example) it is VERY noticeable.
Quite common believe is that encrypted messages "can not be viewed" in preview pane.
But we have noticed that Outlook2007 IS DECRYPTING message internally for message selected when preview pane is open !
Outlook 2007 (2003 version probably has the same design for that) conduct a lot of heavy processing on every encrypted message selected with preview pane visible and at the end of this heavy processing Outlook finally decrypts message if he has access to private key needed. If we are using smart card based CSP having "PIN cache option" turned on, after entering first time (via CSP GUI) PIN for the particular private key, next crypto operations using this key does not need entering the PIN.
As a results we have noticed that Outlook is silently calling CSP module and... IT IS DOING FULL DECRYPTION of message just selected (NOT OPENED!) on the mailbox list!
OK. So why it is so obvious for many experts that Outlook is not viewing encrypted emails in preview pane? If this is a "security feature" it should be configurable some way as many other "possibly danger functionalities" are.
For exmaple:
- Pentimum 4 2GHz, 1GB RAM (a lot of free RAM during Outlook job),
- 7MB (size) encrypted and signed email message,
- opening of that email takes about 20 sec for some HEAVY Outlook processing (95-100% processor load) + 1,5 sec decryption at the end of this "mysterious processing" (sic!)
We understand that some S/MIME+base64+BER/DER decoding is needed but 20 sec??? on 7MB message?
This processing time seams to be direct related to message size. 30MB messages (with some binary attachment) send takes "a years" to open
The worse issue is that just selecting encrypted message causes Outlook to do the whole processing up to final decryption but this whole job ends with... message in preview pane saying "it can not display encrypted message" !?
The question is - what for Outlook DECRYPTS the message if it intend "by design" NOT TO DISPLAY just selected message?
Any ideas/explanation?
Dariusz
EggHeadCafe - .NET Developer Portal of Choice
http://www.eggheadcafe.com
We have noticed strange Outlook behavior related to encrypted messages. Especially for bigger messages (a few MB attachments for example) it is VERY noticeable.
Quite common believe is that encrypted messages "can not be viewed" in preview pane.
But we have noticed that Outlook2007 IS DECRYPTING message internally for message selected when preview pane is open !
Outlook 2007 (2003 version probably has the same design for that) conduct a lot of heavy processing on every encrypted message selected with preview pane visible and at the end of this heavy processing Outlook finally decrypts message if he has access to private key needed. If we are using smart card based CSP having "PIN cache option" turned on, after entering first time (via CSP GUI) PIN for the particular private key, next crypto operations using this key does not need entering the PIN.
As a results we have noticed that Outlook is silently calling CSP module and... IT IS DOING FULL DECRYPTION of message just selected (NOT OPENED!) on the mailbox list!
OK. So why it is so obvious for many experts that Outlook is not viewing encrypted emails in preview pane? If this is a "security feature" it should be configurable some way as many other "possibly danger functionalities" are.
For exmaple:
- Pentimum 4 2GHz, 1GB RAM (a lot of free RAM during Outlook job),
- 7MB (size) encrypted and signed email message,
- opening of that email takes about 20 sec for some HEAVY Outlook processing (95-100% processor load) + 1,5 sec decryption at the end of this "mysterious processing" (sic!)
We understand that some S/MIME+base64+BER/DER decoding is needed but 20 sec??? on 7MB message?
This processing time seams to be direct related to message size. 30MB messages (with some binary attachment) send takes "a years" to open
The worse issue is that just selecting encrypted message causes Outlook to do the whole processing up to final decryption but this whole job ends with... message in preview pane saying "it can not display encrypted message" !?
The question is - what for Outlook DECRYPTS the message if it intend "by design" NOT TO DISPLAY just selected message?
Any ideas/explanation?
Dariusz
EggHeadCafe - .NET Developer Portal of Choice
http://www.eggheadcafe.com