S/MIME support in Mail (encryption and signing)

Similar Messages

• No indication whether the email is encrypted and signed with S/MIME

  I have been using OpenPGP/GPGMail V2.0b6 for email encryption for some time. Now I added S/MIME. What I noticed is that if I send an encrypted and signed email with GPGMail the header in the send mail will show that it was encrypted and signed. However, if I send an encrypted and signed email with S/MIME there is not notification in the mail header. Only be checking the send mail in the iPad was I able to confirm that the email was really encrypted and signed with S/MIME.
  Does anybody else have experienced this?
  Is there a solution to this problem?

  I have now further analysed the behaviour of S/MIME encryption and signitures on the iPad (iOS 7.0.2) and the iMac (OSX 10.8.5).
  I installed a Comodo free email certificate on my iMac and the same certificate on my iPad. Another Comodo free email certificate I installed on the iMac of a friend of mine.
  Sending back and forth encrypted, signed or both encrypted and signed messages between iMacs and iMac and iPad works with no problem. In the iPad email header it is indicated with symbols wether the email is encrypted, signed or both encrypted and signed. On the iMac on the other hand only when the email is signed is that indicated with a symbol in the email header (see figure below).
  When an email is encrypted or encrypted and signed is this not indicated with symbols in the email header. This is in contrast to OpenPGP. OpenPGP emails always indicate with symbols whether they are encrypted, signed or both encrypted and signed (see figure below).
  I hope that in OSX 10.9 email header symbols will indicate whether emails are S/MIME encrypted, S/MIME signed or S/MIME encrypted and signed.

• Help required on Encryption and Signing.

  Hello All,
  Client:
  Client is having his own Private key and the public key of the Server.
  Server:
  Server is having his own Private key and the public keys of all the clients.
  When a client wants to send a document to the server with both encryption and signed,
  then he will encrypt the document with the server's public key and then sign the encrypted document
  with his own Private key.
  And then sends it to the server.
  When the server receives the signed object from the client, he has to verify the signature with
  the public key of the client and he has to decrypt the document with the Pirvate key of the server.
  How can we verify the signature?
  By just saying,
  Signature sig = Signature.getInstance("SHA1withRSA");
  sig.initVerify(kp.getPublic());
  boolean verifies = sig.verify(realSig);
  where "realSig" is the signed object.
  In this case i am unable to verify the signature. Even if i succeeded here in verifying the signature,
  how do i decrypt the signed object.
  My question is,
  When the client sends signed object to server, does he sends anything else along with it?
  Say for example if he sends the encrypted document along with the signed object then if i say,
  Signature sig = Signature.getInstance("SHA1withRSA");
  sig.initVerify(kp.getPublic());
  sig.update(cipherText);
  boolean verifies = sig.verify(realSig);
  where "cipherText" is the encrypted document.
  In this case i am able to verify the document and since i will have the encrypted document
  along with the signed object i will decrypt this using the Private key of the server.
  So is it must and should that i need to send the encrypted document everytime along with the signed object to the server.
  Thanks and have a nice time.

  I have two suggestions for you
  First read a good book about cryptography. Even using secure cryptographic algorithms is no guarantee that your solution is secure. Without thorough understanding of cryptography and security someone might break in due to some implementation mistake in your security mechanism. My recommendations: "Applied Cryptography" written by Bruce Schneier and "An Introduction to Cryptography (IntrotoCrypto.pdf)" by Phil Zimmermann, Network Associates. This PDF document can be downloaded as part of the free PGP product from http://www.pgp.com, http://www.pgpi.com or http://www.nai.com
  Second take a serious look at S/MIME. S/MIME allows information to be wrapped in signed and/or encrypted data blocks in a secure way. The S/MIME standard is around for a few years and has been thoroughly reviewed. Bouncycastle (www.bouncycastle.org) contains an library for creating and handling S/MIME data. Never invent your own formats when a standard is available. More information about S/MIME can be found at RSA labs (www.rsa.com or www.rsalabs.com).

• Timestamp Error when calling Encrypt and Signed Web Service

  Hello,
  I maked one Web Service in the Oracle Service Bus 10gR3 that supports Encryption and Sign, basically inserting (manually) this on WSDL Contract:
  This two namespaces:
  xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
  xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
  This Declarations:
  <wsp:UsingPolicy Required="true"/>
  <input>
  <wsp:Policy>
  <wsp:PolicyReference URI="policy:Encrypt.xml"/>
  </wsp:Policy>
  <soap:body use="literal" />
  </input>
  <wsp:Policy>
  <wsp:PolicyReference URI="policy:Sign.xml"/>
  </wsp:Policy>
  The above declarations was inserted in the correct points inside the WSDL Contract and the Web Service is working correctly.
  The Problem is related to Sign.xml declaration, when i insert this declaration:
  <wsp:Policy>
  <wsp:PolicyReference URI="policy:Sign.xml"/>
  </wsp:Policy>
  Then, the Web Service shows an error. Following the Request and Resonse (That shows the error):
  Request:
  <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ger="http://www.abc.com.br/Service">
  <soapenv:Header/>
  <soapenv:Body>
  <ger:gerarHashSenha>
  <arg0>123456</arg0>
  </ger:gerarHashSenha>
  </soapenv:Body>
  </soapenv:Envelope>
  Response:
  <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
  <env:Header/>
  <env:Body>
  <env:Fault>
  <faultcode>env:Server</faultcode>
  *<faultstring>Can not retrieve header: {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp</faultstring>*
  </env:Fault>
  </env:Body>
  </env:Envelope>
  Observation: I was invoking the WebService using the soapUI Tool.
  I Tryed change the request to bellow code, but doesn't work:
  <soapenv:Envelope xmlns:ger="http://www.abc.com.br/Service" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
  <soapenv:Header>
  <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
  <wsu:Timestamp wsu:Id="Timestamp-447" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
  <wsu:Created>2010-05-27T21:40:55.667Z</wsu:Created>
  <wsu:Expires>2010-05-27T21:41:55.667Z</wsu:Expires>
  </wsu:Timestamp>
  </wsse:Security>
  </soapenv:Header>
  <soapenv:Body>
  <ger:gerarHashSenha>
  <arg0>123456</arg0>
  </ger:gerarHashSenha>
  </soapenv:Body>
  </soapenv:Envelope>
  Thanks.
  Victor Jabur.

  someone has any idea ?
  Thanks

• Biztalk PGP encryption and signing

  Hi,
  Currently i am working on a custom pipeline component to PGP encrypt and sign the outgoing message from Biztalk 2013 with public and private keys.
  I am referring the content mentioned in the below posts
  https://code.msdn.microsoft.com/windowsdesktop/BizTalk-Sample-PGP-ebcbc8b2
  http://bajwork.blogspot.co.nz/2007/08/pgp-pipeline-component.html
  But we have a requirement to use PGP version 6.5.8 and i could not find what PGP versions the above components supports.
  Any one has any idea about Biztalk and PGP version 6.5.8 for encryption and signing?
  Thanks
  JB

  PGP has different versions and 6.5.8 is older one. If just download the Bouncy castle pgp dll, it’s not going to use the 6.5.8 version of PGP.
  http://www.pgpi.org/products/pgp/versions/freeware/win32/6.5.8/
  With latest Bouncy castle pgp dll, there are few issues encountered by the user you tried to use PGP version 6.5.8, especially around signature validation. Following are the discussion on
  the issues faced..
  http://stackoverflow.com/questions/7193323/encrypt-with-bc-and-decrypt-with-pgp-6-5-8
  http://bouncy-castle.1462172.n4.nabble.com/ERROR-encrypted-session-key-is-bad-when-trying-to-decrypt-td1466221.html
  http://bouncy-castle.1462172.n4.nabble.com/Compatibility-Issue-with-PGP-6-5-8-td1467170.html
   People have manage to get it working with few changes to the PGP code (which you can get it here
  http://www.bouncycastle.org/csharp/index.html )
  This forum is not the right place to raise question about finding the Bouncy castle pgp dll version compactable with v6.5.8. try to post this question here
  http://bouncy-castle.1462172.n4.nabble.com/
  Once you have their dll compactable with v 6.5.8, then you can use it in BizTalk suggested by the links referenced by you.
  If this answers your question please mark it accordingly. If this post is helpful, please vote as helpful by clicking the upward arrow mark next to my reply.

• JDBC Thin Driver Support for Data Encryption and Integrity

  Hello JDev Team,
  I am trying to implement JDBC Thin Driver Support for Data Encryption and Integrity.
  It works fine with java.sql.Connection and java.util.Properties like in the following code:
  DriverManager.registerDriver(new oracle.jdbc.driver.OracleDriver());
  Properties props = new Properties();
  int level = AnoServices.REQUIRED;
  props.put("oracle.net.encryption_client", Service.getLevelString(level));
  props.put("oracle.net.encryption_types_client", "( RC4_40 )");
  props.put("oracle.net.crypto_checksum_client",Service.getLevelString(level));
  props.put("oracle.net.crypto_checksum_types_client", "( MD5 )");
  Connection conn = DriverManager.getConnection ("jdbc:oracle:thin:@localhost:1521:main", props);
  etc...
  But I am developing an application with InfoSwing components and it has a different way to connect to Oracle database using oracle.dacf.dataset.connections.Connection, like this:
  sessionInfo1.setAppModuleInfo(new ModuleInfo("bc", "BcModule"));
  sessionInfo1.setConnectionInfo(new LocalConnection("JDBCThin"));
  sessionInfo1.publishSession();
  My question is:
  Is there any way to implement DataEncryption and Integrity into this type of connection?
  Thanks a lot in advance.
  Victor Bykov
  null

  Victor,
  No, you can't do this from DAC, but I've been discussing it with the developer, and we both think this capability would be useful to have, so I've logged it as an enhancement request.
  I do have a question for you. Once you've made the JDBC connection, do you need access to the Connection object afterwards? We're thinking of how the change could be implemented, and one way would be to allow you to pass in a Properties object when creating your own NamedConnection.
  Thanks
  Blaise

• Multiple mail certificates and signing mail

  If I understand the information I have read correctly, you can sign an email in Mail as long as you have a personal certificate. I can do this without a problem. My question to you all is.. if you have multiple certificates on your machine, which is Mail using to sign? Is there a way to choose a default?
  Thanks.

  your personal cert should be tied to a specific email address. mail uses the one for the address that is being used to send the email. if the digital signatures/certs aren't tied to a single email address, what good would they be?

• Change encryption and signing certifcate

  Hi,
  in my network I have Exchange 2007 and Outlook 2010/2013.
  I need to replace the existing internal enterprise root Certification Authority with a new one.
  Some people use the encryption email with certificates issued by current CA.
  When will I replace the CA and install the new user certificate issued by the new root CA, what will happen to old encrypted emails ?
  I need users to be able to read the old encrypted email.
  Thanks
  Andrea

  Hi Andrea:
  where do you want to apply this change? 
  For Email encryption, if public key of the old certificate is still available, user will be able to read the mail. Otherwise, no.

• How to process encrypted and signed PGP message in BC library ?

  Message is encrypted by rsa and idea algorithm. I've got decrypted idea sesssion key. But i don't know how to decrypt this message (and what is the structure). Maybe somebody would post working code for that operation.

  Here is another option.
  I had the same problem with my Mac OSX System 10.8.4 after update cups from 1.6.2 to 1.6.3.
  I have a MacBookPro with the same system version and copy the libcups.2.dylib file form /usr/lib/ then replace the error file in my other Mac.
  1. Install cups 1.6.2 again
  2. Replace the file libcups.2.dylib in /usr/lib/ directory with this one libcups.2.dylib
  Note: I added the link if you dont have an other mac in the same version available.
  This works for me.

• Mail Encrypted by openssl can be read on outlook but not on BB

  While mail encryption and decryption generally works with my certificates, i get some Mail that is encrypted on a unixmachine using openssl and displays in oulook as ordinary mailbody. On a Blackberry however the mailbody displays as attachment with name "unknown" no extension.
  The header reads like this:
  X-MimeOLE: Produced By Microsoft Exchange V6.5
  Received: from xxx by xxx with Microsoft SMTPSVC(6.0.3790.3959); Thu, 4 Jun 2009 12:01:29 +0200
  MIME-Version: 1.0
  Content-Type: application/x-pkcs7-mime;
  name="smime.p7m"
  Content-Transfer-Encoding: base64
  Content-Description: smime.p7m
  Content-Disposition: attachment;
  filename="smime.p7m"
  ...Routing Information ...
  Return-Path: xxx
  Content-class: urn:content-classes:message
  Subject:  xxx
  Date: Thu, 4 Jun 2009 12:01:21 +0200
  Message-ID: <xxx >
  X-MS-Has-Attach: yes
  X-MS-TNEF-Correlator:
  Thread-Topic: xxx
  thread-index: Acnk+24wKbZNTgEvRpKyFh7nUWVA2Q==
  From: yyy
  To: zzz
  Cc: xyz
  Is there a way to display this type of encrypted attachment ?

  this article does not directly answer your question but is adjacent to it:
  http://www.blackberry.com/btsc/KB16246
  Unable to open encrypted attachments
  if you are under BES you can ask your IT department about the BES version.
  The search box on top-right of this page is your true friend, and the public Knowledge Base too:

• WSE3.0 encrpyt and sign soap message together with disabled WSAdressing

  Good Morning,
  my task is to develop client´s applications written in .net4 who calls webservice (written by other- foreign firm in Java). My application, which calls webservice of other firm are: (plugin of MS CRM 2013, windowservice, windowformsapp for testing this communication)..
  I had to implement encrypt and sign comunication with this webservice by client and servers certifikate.
  I implemented this functions from:
  http://msdn.microsoft.com/en-us/library/aa528788.aspx
  and
  http://msdn.microsoft.com/en-us/library/aa529565.aspx
  by WSE 3.0.
  Now I have to implement to disable WSAdresing in soap messege. Is it possible to use encrypt and sign from WSE together with disabled WSadressing?
  (Other firm needs so as nodes of WSA will not be in soap message). With nodes WSAdresing in soap message, my communication with other webservice do not works. They (other firm) require no WSA nodes in soap message
  If it is posible, how to implement this functionality?

  Hi Matesak,
  I'm afraid this is not the most suitable forum for your question. Please open a new thread in this forum, you'll get more valuable responses.
  ASP.NET Forums >
  Advanced ASP.NET >
  WCF, ASMX and other Web Services
  Thanks for your understanding.
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• Persistent S/MIME problems in Mail.app

  I have had consistently spotty problems using Mail.app with Thawte personal freemail certificates to encrypt and sign mail.
  I've had the certificates installed for a while, but have never been able to test them, but yesterday I got an encrypted message. I was able to read it, but whe I tried to reply, I was not able to encrypt the reply. Neither the encrypt nor sign buttons appeared. I verified the case of email address in the certificates, and verified I had private keys, for everyone, but no luck.
  On the advise of another forum, I removed and refetched all the certificates, but that broke it completely and now I am unable to read encrypted messages. I ended up creating a new pair of certs and importing those. Now I can send encrypted mail, but still not read the old messages encrypted with the original certs, nor can I read new messages encrypted with my new certs. This problem is driving me insane, and I can't for the life of me figure out why I can't get this to work completely.
  I have an idea that this should not be nearly this hard. Perhaps there is something obvious I am missing?

  Yes! Are you pondering what i am pondering?
  After numerous tries last year with leopard i finally got it to work:
  Safari 4.0.2
  Keychain 4.0.2
  Open keychain and delete the old certificate.
  Open Safari and go to Thawte website, choose quick login -> personal e-mail-certificates.
  request a new certificate with the standard settings (choose x.509 and Mozilla Firefox/Thunderbird, Netscape Communicator/Messenger).
  Wait until the certificate is issued.
  Go to view certificate status and klick on Navigator. Fetch the certificate.
  Restart Mail.app, create new message.
  This worked for me. The Buttons for Signing E-Mails appear now in Mail.app

• Why isn't multipart/mixed supported in Mail?

  If I'm not mistaken multipart/mixed content types aren't supported in Mail.app and I'm told I should be using multipart/alternative despite the difference in the actual content for each part. In my case I have some text content and an rfc822 context so I figure I'm typing the thing correctly since Mail.app under OSX displays the rfc822 inline but the phone's Mail client simply complains.

  Just wanted to echo this post. Given that a lot I people keep on sending multipart/mixed messages, I have to say that simply not displaying them is very disappointing.
  The problem is that there are no alternatives whatsoever. Ok mail.app does not support it, but at least let the user download the source. I had my electronic tickets sent to me in such a message and had to figure out how the henk and when I can get my fligt having a dumb mail.app telling me that it won't download the rest. Come on!!! That's so frustrating.
  In my experience about 10% of mails are multipart mixed. Do you see me telling to my customers to use another mail programme? Please improve this one.

• When I try to sign in to the support community using one of my email addresses it asks for my apple support community user name and when I type in what I think it might be I get one of several messeges Ie. An account using this e-mail address already exis

  When I try to sign in to the support community using one of my e-mail addresses and I put in nothing or what I thought was my apple support community user name I can get one of several messages
  Ie.1. Please specify a user name
  2.An account using this e-mail address already exists; only one account per e-mail address is allowed on Apple Support Communities
  How do I find out what my Apple Support Communities user name is

  Good luck with this!!!
  EVEN USING what WAS my Username, this is the exact problem I am having having entered my correct ID and Password.
  Rgds
  Rod

• Mail missing Encrypt and Digitally Sign buttons

  I don't have the option of encrypting or digitally signing any e-mails I compose in Mail. I have a valid security certificate in my Keychain Access, as well as valid certificates for my contacts. I can't find an option to show/add the encrypt and digitally sign buttons either.
  When composing a new message, the drop down box next to the subject line only gives the following options:
  CC field
  BCC field
  Reply-to address field
  Priority field
  Customize...
  I know where these two buttons should be and what they look like, but they're just not there. Any ideas or suggestions?

  I finally have a solution to this problem. I had been trying to use a .cer security certificate issued by Comodo, it had worked just fine on Windows but my Mac didn't seem to like it. I also tried creating my own certificate through OSX, but even after I created it I still couldn't see the buttons.
  I had someone direct me to this webpage which ultimately helped me fix the problem:
  http://allforces.com/2007/03/02/email-security/
  I ended up using Thawte to issue me another security certificate (this time it was an x.509 file), the security certificate automatically opened in Keychain Access and downloaded to the Certificates and My Certificates folder. Once I shutdown Mail and restarted it I had the buttons for both encryption and digitally signed. Of course the encryption button is still greyed out because it is a new certificate and I need to make sure my Address Book contacts have a copy of it before I can encrypt.