We occasionally get a call from a user who cannot open an encrypted email. Often times the message the user gets is, "Your digital ID name could not be found by the underlying security system." I know that this message can have several causes. In troubleshooting this issue I came across the following article:
http://support.microsoft.com/kb/258527
That article states, "Verify that the sender has the correct Public Key for the recipient. You may have to examine the properties of the Certificate from the sender's computer, and then compare it with the recipient's current Digital ID properties." However, the article does not say *how* to go about verifying that the sender has the correct Public Key for the recipient.
In trying to verify the keys used I came across another thing that puzzles me. It is my understanding that Outlook would use the public key of the recipient to encrypt the message, which would then be decrypted by the recipient's private key. We publish certificates to AD, so I have been working under the assumption that Outlook gets the public key from AD. I sent an encrypted email to another user as a test, figuring that Outlook would grab the recipient's public key from AD and use it to encrypt the message. However, when I went into my Sent Items and opened the message, clicked the padlock, and checked the certificate details, the Public key listed there is *my* public key and not that of the recipient, yet the recipient was able to view the message.
Clearly, there are some things that I am not understanding. So I have two questions:
- How to I verify the key that was used to encrypt a message?
- Why would an encrypted message that I sent show my Public key instead of the recipient's Public key?
Thanks in advance for any help that you can offer!
--Tom
Other recent topics
