Encrypting E-mails

[Scotty]

Archived from groups: microsoft.public.win2000.security (More info?)

I am setting up my CA's using Active Directory. Once I receive my
certificate I understand that I can use my e-mail program to use that
certificate to Sign the e-mail. I would also like to know how to encrypt
e-mails. When I select to Encrypt e-mails it tells me that I don't have the
digital ID for that user that I'm sending to. What is the process of
implement the recipient's Digital ID on my PC so that I can send Encrypted
e-mails.

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

Hi Scotty,

What you would need is public key of a user that you want to set encrypted
e-mail to.

Certificates have a pair of key. Public and private key. You use your
private key for digitally sign your e-mails that you send to others or use
them to decrypt encrypted e-mails send to you. For this to work the e-mail
would have to be encrypted with your's public key.

If I am not mistaken, you have Enterprise setup of your CA servers. This
setup publishes private keys in active directory for each user that you
issue certificates for Outlook should be able to find public keys there if
they were published (this will also depend on Outlook version and protocol
that it uses to connect to mail server -- e.g. MAPI).
Another option would (specially for users outside of your organization) to
create a contact in your Outlook client and manually import public key to
the contact.

--
Mike
Microsoft MVP - Windows Security

"Scotty" <Scotty@discussions.microsoft.com> wrote in message
news:386938F9-40D0-4744-8A05-BBB2B8E29F0A@microsoft.com...
>I am setting up my CA's using Active Directory. Once I receive my
> certificate I understand that I can use my e-mail program to use that
> certificate to Sign the e-mail. I would also like to know how to encrypt
> e-mails. When I select to Encrypt e-mails it tells me that I don't have
> the
> digital ID for that user that I'm sending to. What is the process of
> implement the recipient's Digital ID on my PC so that I can send Encrypted
> e-mails.

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

In article <#z#nJ$WBFHA.2032@tk2msftngp13.phx.gbl>, mihap-
news@atlantis.si says...
> Hi Scotty,
>
> What you would need is public key of a user that you want to set encrypted
> e-mail to.
>
> Certificates have a pair of key. Public and private key. You use your
> private key for digitally sign your e-mails that you send to others or use
> them to decrypt encrypted e-mails send to you. For this to work the e-mail
> would have to be encrypted with your's public key.
>
> If I am not mistaken, you have Enterprise setup of your CA servers. This
> setup publishes private keys in active directory for each user that you
> issue certificates for Outlook should be able to find public keys there if
> they were published (this will also depend on Outlook version and protocol
> that it uses to connect to mail server -- e.g. MAPI).
> Another option would (specially for users outside of your organization) to
> create a contact in your Outlook client and manually import public key to
> the contact.
>
>
Further to Miha's response. If youa re sending outside of the
organizatino, you can get the recipient to send you a signed email. This
will include the receipient's digital certificates.

You can then create a contact object that includes the certificate(s),
allowing you to send them encrypted email.

Brian