7
Outlook encrypts messages that are only signed? Lock icon on just signed mails?
Hello,
recently I've set up Outlook to send always signed mails. But not encrypted ones.
Everything worked fine so far, since today I received feedback from one recipient, that he couldn't "view" an email message. He is the only one from multiple (maybe hundred) recipients so far.
Whats odd: some of the outgoing mails are displayed with a signed badge and others that are also just signed, with a lock-symbol.
I thought that the lock-icon is only applied to emails that were encrypted.
But if you look at my following screenshot, it looks otherwise.
In the list of mails it is marked with a lock, but in the email itself and its properties its just the red badge.
It looks like it has something to do with attached stuff. Another person complained, that opening the attachment was not possible.
My settings:
The mails where this happens are mostly opened from outlook templates. But even there the settings under options don't state them as "send with encryption". Just signed.
Any idea whats wrong or if?
P.S.: Certificates are not self signed and from a common distributor.
EDIT: Added details in the description.
recently I've set up Outlook to send always signed mails. But not encrypted ones.
Everything worked fine so far, since today I received feedback from one recipient, that he couldn't "view" an email message. He is the only one from multiple (maybe hundred) recipients so far.
Whats odd: some of the outgoing mails are displayed with a signed badge and others that are also just signed, with a lock-symbol.
I thought that the lock-icon is only applied to emails that were encrypted.
But if you look at my following screenshot, it looks otherwise.
In the list of mails it is marked with a lock, but in the email itself and its properties its just the red badge.
It looks like it has something to do with attached stuff. Another person complained, that opening the attachment was not possible.
My settings:
The mails where this happens are mostly opened from outlook templates. But even there the settings under options don't state them as "send with encryption". Just signed.
Any idea whats wrong or if?
P.S.: Certificates are not self signed and from a common distributor.
EDIT: Added details in the description.
Auf Facebook teilen
Auf Twitter teilen
Auf Reddit teilen
Auf Linkedin teilenBitte markiere auch die Kommentare, die zur Lösung des Beitrags beigetragen haben
Content-ID: 6839733611
Url: https://administrator.de/contentid/6839733611
Ausgedruckt am: 23.11.2024 um 20:11 Uhr
7 Kommentare
Neuester Kommentar
Hi.
Just to be sure, have you stored a public key for this recipient in the corresponding contact item? Because without, Outlook would be unable to encrypt anyway, without public key no encryption by design! So be sure there is no public certificate stored in the recipients contact object. It could also be just a display/cache error in the overview list.
Regards briggs
Just to be sure, have you stored a public key for this recipient in the corresponding contact item? Because without, Outlook would be unable to encrypt anyway, without public key no encryption by design! So be sure there is no public certificate stored in the recipients contact object. It could also be just a display/cache error in the overview list.
Regards briggs
Hi briggs,
not actively.
If a recipient want to forward a message is also problematic.
Another behavior: It looks like that if I sent a signed email, the recipient then knows that it can "upgrade" the email with encryption, because of the included/sent certificates with signed messages. Therefore responses are often come back encrypted.
Somehow, mail encryption is activated after an email is sent. How is this possible if the option is in Outlook is not activated?
not actively.
If a recipient want to forward a message is also problematic.
Another behavior: It looks like that if I sent a signed email, the recipient then knows that it can "upgrade" the email with encryption, because of the included/sent certificates with signed messages. Therefore responses are often come back encrypted.
Somehow, mail encryption is activated after an email is sent. How is this possible if the option is in Outlook is not activated?
Zitat von @Dymion:
Hi briggs,
not actively.
If a recipient want to forward a message is also problematic.
Another behavior: It looks like that if I sent a signed email, the recipient then knows that it can "upgrade" the email with encryption, because of the included/sent certificates with signed messages. Therefore responses are often come back encrypted.
Somehow, mail encryption is activated after an email is sent. How is this possible if the option is in Outlook is not activated?
OK this explains the behavior! The contact already sends you an encrypted message, Outlook sees the public key in the message and automatically updates the public key set in the contact when there is already a contact with this email address and there is not already a corresponding public key inside ist (just check the contact-objects installed certs).Hi briggs,
not actively.
If a recipient want to forward a message is also problematic.
Another behavior: It looks like that if I sent a signed email, the recipient then knows that it can "upgrade" the email with encryption, because of the included/sent certificates with signed messages. Therefore responses are often come back encrypted.
Somehow, mail encryption is activated after an email is sent. How is this possible if the option is in Outlook is not activated?
If you respond to an encrypted message Outlook automatically turns on encryption, because otherwise you would expose details of the mail when replying in this conversation unencrypted which was encrypted beforehand, that's by design for security reasons.
If I'm responding to an encrypted message and encryption is therefore on is fine.
But it happens that if I'm sending an email message that is just signed. Not encrypted.
Maybe I should deselect the checkbox: Send these certificates with signed messages.
Then the emails are just signed and not encrypted anymore? Because the recipient has no public key to encrypt his response?
I observed that behavior, that some recipient encrypts his response, even if I just signed my message. No encryption turned on.
But it happens that if I'm sending an email message that is just signed. Not encrypted.
Maybe I should deselect the checkbox: Send these certificates with signed messages.
Then the emails are just signed and not encrypted anymore? Because the recipient has no public key to encrypt his response?
I observed that behavior, that some recipient encrypts his response, even if I just signed my message. No encryption turned on.
Zitat von @Dymion:
But it happens that if I'm sending an email message that is just signed. Not encrypted.
Is it a new message? If yes this could only be a an Outlook bug or third party plugin causing this.But it happens that if I'm sending an email message that is just signed. Not encrypted.
Maybe I should deselect the checkbox: Send these certificates with signed messages.
If the recipient cannot validate the signature signing makes no sense. So any remote party which does not have your public key cannot validate your signature.Then the emails are just signed and not encrypted anymore? Because the recipient has no public key to encrypt his response?
This would be only valid for recipients which do not already have your public key in their contacts details.I observed that behavior, that some recipient encrypts his response, even if I just signed my message. No encryption turned on.
That depends on the remote parties client. If you offer your public key in your messages you should always be aware that someone could send you encrypted mail. If you don't want receiving encrypted messages just don't publish your public key!To check if you have a public key of a recipient in your contact see the contact object here (sorry Outlook is running in German language):
1Quote from @6247018886:
Yes. I have an Addin in suspicion. The new draft is marked not encrypted until it gets sent.Zitat von @Dymion:
But it happens that if I'm sending an email message that is just signed. Not encrypted.
Is it a new message? If yes this could only be a an Outlook bug or third party plugin causing this.But it happens that if I'm sending an email message that is just signed. Not encrypted.
Maybe I should deselect the checkbox: Send these certificates with signed messages.
If the recipient cannot validate the signature signing makes no sense. So any remote party which does not have your public key cannot validate your signature.Then the emails are just signed and not encrypted anymore? Because the recipient has no public key to encrypt his response?
This would be only valid for recipients which do not already have your public key in their contacts details.I observed that behavior, that some recipient encrypts his response, even if I just signed my message. No encryption turned on.
That depends on the remote parties client. If you offer your public key in your messages you should always be aware that someone could send you encrypted mail. If you don't want receiving encrypted messages just don't publish your public key!Maybe thats why often a prompt about the CryptoAPI gets shown, requires me to 'Zulassen'. ;)
To check if you have a public key of a recipient in your contact see the contact object here (sorry Outlook is running in German language):
Kein Problem. Deutsch hier. ;) Ich hab gar keine Kontakte im Outlook.Zitat von @Dymion:
Yes. I have an Addin in suspicion. The new draft is marked not encrypted until it gets sent.
So restart outlook in safe mode and try again. In safe mode all addins are disabled.Yes. I have an Addin in suspicion. The new draft is marked not encrypted until it gets sent.
Ok well, that's certainly one bad decision by leaving the checkbox for sending the certs with the email ticked.
No, that's a good selection. So anyone has the ability to send you messages without privacy exposure.Maybe thats why often a prompt about the CryptoAPI gets shown, requires me to 'Zulassen'. ;)
No, this arises when you have enabled/checked extended security for your private key when you imported the key into your keyring.To check if you have a public key of a recipient in your contact see the contact object here (sorry Outlook is running in German language):
Kein Problem. Deutsch hier. ;)
.Ich hab gar keine Kontakte im Outlook.
Then no public key and in the end no encryption is possible by design! That's an essential part of asymmetric cryptography.
