Digital ID

Exchange 2003 & Outlook 2003.
To encrypt email message Digital ID is required.
How to get digital ID from Exchange server instead from external 
certification authority? 


0
cmchong20 (124)
7/20/2005 9:30:42 AM
exchange.admin 57650 articles. 2 followers. Follow

2 Replies
351 Views

Similar Articles

[PageSpeed] 31

"Emyeu" <cmchong20@yahoo.com> wrote:

>Exchange 2003 & Outlook 2003.
>To encrypt email message Digital ID is required.
>How to get digital ID from Exchange server instead from external 
>certification authority? 

Windows 2003 can be used as a CA. But that's a Windows Server
question, not an Exchange problem. :)

PKI isn't easy if you need more tha just server certs.

-- 
Rich Matheisen
MCSE+I, Exchange MVP
MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm
Don't send mail to this address mailto:h.pott@getronics.com
0
richnews (7316)
7/21/2005 12:59:35 AM
Emyeu wrote:
> Exchange 2003 & Outlook 2003.
> To encrypt email message Digital ID is required.
> How to get digital ID from Exchange server instead from external
> certification authority?

the technoloyg is asymmetric key cryptography ... what one key encodes,
the other key decodes (as opposed to symmetric key where the same key
both encrypts and decrypts).

there is a business process called public key ... where one of the
key-pair is identified as "public" and made widely available. The other
of the key-pair is identified as "private" and kept confidential and
never divulged.

there is a business process called digital signature ... where the
originator calculates the hash of a message, encodes it with the
private key producinng a digital signature, and transmits both the
message and the digital signature. the recipient recalculates the hash
on the message, decodes the digital signature with the public key
(producing the original hash) and compares the two hashes. If they are
equal, then the recipient can assume that

1) the contents haven't changed since the original digital signature

2) "something you have" authentication, i.e. the originator has access
to and use of the corresponding private key.

PGP-type implementations involve the senders and receviers having a
trusted repositories of public keys. The senders can use their private
key to digital sign messages and transmit them to the recipients. The
recipients can authenticate the sender by verifying the digital
signature with the corresponding public key. Senders can also use
on-file public key for the recipient to encode the message being sent
(so only the addressed recipient can decrypt the message with the
specific private key). Some actual message encryption implementations
may be a two-step process where a random symmetric key is generate, the
message encrypted with the random symmetric key and the random
symmetric key then encoded with the recipient's public key. The
recipient then uses their private key to decode the random symmetric
key, and then uses the decoded random symmetric to decrypt the actual
message.

In the SSL implementation used by browsers for encrypted communication,
digital certificates are introduced.
http://www.garlic.com/~lynn/subpubkey.html#sslcert

These are special messages containing the public key  of the server and
their domain name which is digital signed by certification authorities.
Users have their trusted repositories of public keys loaded with the
public keys of some number of certification authorities (in the case of
many browsers these certification authority public keys have been
preloaded as part of the browser creation). A Server has registered
their public key and domain name with some certification authority and
gotten back a digital certificate (signed by the certification
authority)

The client browser contacts the server with some data. The server
digital signs the data and returns the digital signature and their
domain name digital certificate.  The client browser inds the correct
public key in their local repository and verify the certification
authority's digital signature. If they certification authority's
digital signature verifies, then the client assumes that the content of
the digital certificate is correct. The client browser then checks the
domain name in the digital certificate against the domain name used in
the URL to contact the server (if they are the same, then the client
assumes that the server they think they are talking might actually be
the server they are talking to). The client browser can now use the
server's public key (also contained in digital certificate) to validate
the returned server's digital signature. If that validates, then the
client has high confidence that the server they think they are talking
to is probably the server they are talking to. The browser now
generates a random symmetric key and encocdes it with the server's
public key (taken form the digital certificate) and sends it to the
server. When the server decrodes the random symmetric key with their
private key ... then both the client and server have the same random
symmetric key and all futher communication between the two is encrypted
using that random symmetric key.

So the basic starting point is that the sender has to already have the
recipient's public key in some locally accessable place. In the normal
email scenario this tends to be a long term repository where the sender
may collect before hand the public keys of recipients that they wish to
securely communicate with. There are also a number of public-key server
implementations ... where senders can obtain recipient public keys in
real time.

In the SSL dynamic session scenarion ... the server's public key is
provided as part of the two-way session initiation (although, the
client browser still needs a trusted repository of public keys ... in
this case at least for some number of certification authorities ... so
that the dynamically obtained digital certificate containing the
server's public key can be verified).

In a number of implementations ... the term "digital IDs" is used
interchangeably with digital certificates ... and digital certificates
can represent one source of obtaining recipient's public key.

However, when encrypting messages ... the sender isn't encoding with
either their public or private keys ... they are encoding with the
recipient's public key. If the sender doesn't already have the
recipient's public key on file ... it is possible that the reicpient
has registered their public key with some public key repository server
.... and the sender can obtain the recipient's public key, in real-time,
from such a server.

0
lynn1982 (1)
7/22/2005 3:10:12 AM
Reply:

Similar Artilces:

Active Directory and Exchange System Manager Facility Win32 ID No. c0070002
Hi Folks, Recently I have been encountering a problem with the Active Directory users and the system manager in the exchange server 2003. Upon right clicking on the active directory user I get an error stating "The System cannot find the file specified Facility: Win32 ID No: c0070002 Microsoft Active Directory - Exchange Extension." Following this error the active directory mmc crashes. I get a similar error when I double click on the Exchange System Manager. When I check out the Application Log in the system's event viewer after recieving this error, I see the following e...

2-digit
I have two lists of product codes (2-digit and 6-digit), each of which has an import value (in otherwords 4 columns) as follows: 1 2 3 4 Prod code (2 digit) importval ($) Prod code (6-digit) import value ($) 01 50 010001 25 010002 10 010003 15 02 75 020001 12 020002 18 020003 20 020004 25 As you can see the 6-digit product codes are a dissaggregated from the 2-digit codes. That is if you sum the value of the 6-digits imports it will equal the value of the 2-digits imports. So for product 01 = $50 = 010001 +010002+010003=50. The same occurs for product 02 and so in for my real data set. N...

Digital Imaging Pro #2
Great tools! Question is, can I convert a (B&W) photograph to a line drawing? -- CharleneM Carla wrote: > Great tools! Question is, can I convert a (B&W) photograph to a line > drawing? We wouldn't know. This is a Publisher group. -- In memory of MS MVP Alex Nichol: http://www.dts-l.org/ Yes, I know it's a Publisher group, but since Dig Imaging Pro is bundled with Publisher and since I can't find a Dig. Imaging Pro forum, I was hoping someone working with Publisher and DIP might know as such a conversion would be most appropriate in black and white materi...

event id 3015 and 3018
Hello Group, the queue messages awating delivery lookup is very large and on the application log appears many times this events 3015 and 3018. thank Im ...

Digitally signature
Hi We have an excel spreadsheat that different people fill out. Is it possible for every person to digitally sign the excel spread sheet when they have filled out the excel spreadsheet?? Regards Morten ...

Digital Signature
I am trying to apply a digital signature to my XLS doc. I have created a couple of macros and when I go into the VB editor and go to Tools>>Digital Signature and select my Digital ID It shows [No Certificate]. I then proceed to select choose and select my Digital ID from the list. After hitting ok it will now show The VB project is currently signed as [my Digital ID] but when I exit out of the VB editor and out of excel and reopen the xls it doesn't have the digital ID attached anymore. It shows The VB project is currently signed as [no certificate] Am I missing a step he...

Bypassing Live ID Sign-In Yet Getting Online Updates
Money Plus Deluxe 17.0.120.1415 I had been able to get online updates and download transactions without having to sign in at Money startup. I recently added a new account and must have changed a setting since I now have to sign in to Money to get online updates. I don't want my info on MSN Money Central, I don't need to access it from another computer and I don't use automatic updates. How can I reconfigure Money to open my file and get online updates without having to sign in with a Windows Live ID? How can I remove my info from Money Central without affecting my ability...

Using Self Certify Digital ID with Shared Files
You can use the MS Self Certification utility to create a Digital ID to share macro enabled files with other XL users, even those running at high security. Here's how: File Originator: 1. Run c:\program files\OfficeXP\Office10 \selfcert.exe (if file not found, use add/remove on MSOffice, it's in Office Tools) 2. Enter a name (eg John Doe, ACME Corp) 3. Open XL file you want to certify and open up VBE 4. Go Tools|Digital Signature 5. Click Choose 6. You should see the name of the cert that you just created on this list. Select it then click OK, then OK again 7. Save and Close fi...

Macros & digital signatures
Can anyone tell me if macros that are digitally signed would be affected if the person who signed them left a company & their network account was cancelled? Thanks, Jason ___ As I understand it, there will be a file containing the digital signature and it is not connected to the creator's network account. In any case, it's not difficult to create a new digital signature file of your own "Jason O" wrote: > Can anyone tell me if macros that are digitally signed would be affected if > the person who signed them left a company & their network account was &g...

Error 1067 Event ID 7031
I am currenlty faced with a complete outage of my email services. I am unable to start my IMC service. I repeatedly getting error 1067 and showing event ID 7031. Can anyone point me in the right direction. Exchange 5.5 Corrupt message? You can try stopping the IMS service, move all the messages from the imcdata\in and out dirs to temp dirs. Dont mix them up! Rename the queue.dat file and restart the IMS and see if it stays up. If it does, add some of the messages back to the imcdata in and out dirs that you copied to the temp dirs and restart the IMS to push those messages out. If it ...

certificates and digital signatures with 2003
if the exchange server 2003 gives out DS's or encryption to the clients, do all the oultook clients have to be 2003? or can the other clients like 2000 gain access as well? Ihope that makes sense thanks ...

Convert 8 digits to leading alpha plus 6 digits following?
I finally worked this out (I'm very much a dummy with any type o formula!) although I'm sure someone else may have a better solution. I'll post the IF statement here in case someone else is attempting similar exercise and they may be able to adapt this. My 8 digit number appear in Column F and start in Row 2: =IF(LEFT(F2,1)="1","a"&MID(F2,2,6),IF(LEFT(F2,1)="2","b"&MID(F2,2,6),IF(LEFT(F2,1)="3","c"&MID(F2,2,6),IF(LEFT(F2,1)="4","d"&MID(F2,2,6),IF(LEFT(F2,1)="5","e"...

separating multiples digit in a cell into individual cell
I have a series of number sets. When I copied from the MS Word and pasted them into Excel, all of the numbers in the set are pasted into one cell. I need those numbers to be in an individual cell. How do I do it? I think MS Excel 2003 was able to do it. I currently have Excel 2007. Please help. Thank you very much. EggHeadCafe - Software Developer Portal of Choice A Wrapper for the Dispatcher class of Threading Namespace to manage thread items http://www.eggheadcafe.com/tutorials/aspnet/bce7889e-d2cf-42b8-a6af-2f01a383cff6/a-wrapper-for-the-dispatc.aspx Hi, You may use Data >...

Cannot get a certificate for obtaining a digital ID with OutLook Express 2002
I go to the menu: -Tools -Options... -Security -Get Digital ID... -Internet Explorer opens a page,this is http://www.microsoft.com/ie_intl/fr/ie40/oe/certpage.htm but upper this it is written: "We're sorry, but there is no Microsoft.com Web page matching your entry. It is possible that you typed the address incorrectly, or that the page no longer exists. You may wish to try another entry or to use the links below, which we hope will help provide you with the information you need." and then -what do I do to have a certificate for a Digital ID? -It is not my entry, it ...

sign code Java Applet Security Internet Explorer Article ID 193877
We are trying to sign the java class for an applet so it will be able to write to a file on the hard drive from Internet Explorer. We are following the instructions in "How to make your Java code trusted in Internet Explorer" Article ID 193877 on msdn.microsoft.com. Specifically, we prepared the following batch file: javac S5.java cabarc -s 6144 N mycab1.cab S5.class setreg 1 true makecert -sk MyKeyName -n "CN=My Publisher Name" MyTestCert.cer cert2spc MyTestCert.cer MyTestCert.spc signcode -j javasign.dll -jp LOW -spc MyTestCert.spc -k MyKeyName mycab1.cab start S5.htm...

Event ID 4999
Hi. I am running an Exchange Organization with one Exch2003 and one exch2007 server (SP1, upd rollup 7). Today I received this error in the app-log on the Exch 2007 server: Event Type: Error Event Source: MSExchange Common Event Category: General Event ID: 4999 Date: 16-11-2009 Time: 12:19:19 User: N/A Computer: server Description: Watson report about to be sent to dw20.exe for process id: 6308, with parameters: E12IIS, c-RTL-AMD64, 08.01.0240.006, WS, M.E.Services, M.E.S.C.T.CallContext.Initialize, System.NullReferenceException, 4b8, 08.01.0359.002. ErrorReportin...

eConnect
I'm trying to pass SOP entry using eConnect. We are likely to get orders, which are to be placed in two different databases based on the currency id. Is there any company id field available? Or how could I change the connection string value based on the currency id passed? Or is there any other method available to achieve this? Any suggestion is appreciated. Thanks in advance. Shankar- Take a look at MC60200 and SY01500 in the DYNAMICS database. Depending on how you have currencies set up, you might be able to get from MC60200 to SY01500 using CMPANYID, and then get INTERID (wh...

Losing last digit on 16 digit number
I am importing a figure of 16 digits into an excel file e.g. 4000000000000002 but it is showing as 4000000000000000 Is there a way to stop this happening? -- davee10 ------------------------------------------------------------------------ davee10's Profile: http://www.excelforum.com/member.php?action=getinfo&userid=27956 View this thread: http://www.excelforum.com/showthread.php?threadid=474577 On Sun, 9 Oct 2005 05:57:20 -0500, davee10 <davee10.1wmt6a_1128855900.7498@excelforum-nospam.com> wrote: > >I am importing a figure of 16 digits into an excel file e.g. >4...

event ID 9646
exchange 2003 sp2. got the event with " ... exceeded the maximum of 500 objects of type "objFolder". I found the article which expalined the symptom well. http://support.microsoft.com/kb/830829. But can someone explain how a mapi client uses the objects? What the function is for the objects, for example objFolder? In our case it's caused by the backup software sending out emails. How to control a mapi client not to open too many objects? thanks. On Wed, 6 Jan 2010 15:14:01 -0800, Chris <Chris@discussions.microsoft.com> wrote: >exchange 200...

Tracking Users by Workgroup User ID
I have a split database consisting of the front end residing on an XP desktop and the backend on a server running Server 2003 R2, and not utilizing a domain controller. The necessary tables are simply linked to the frontend from the server. If I secure the database with the Workgroup Administrator and issue each user his own User ID, how can I then track or audit which user makes specific changes and/or updates to the database and when they are made. I specifically want to know which user adds which records to the database. On 11 May 2007 04:49:03 -0700, "charles.kendricks@charter.ne...

Digital copy of movie
I purchased a movie that had a digital copy. I authorized and downloaded it to my computer. It download a wmv file. When I load it into the Windows Media Player I get an error and I click on Web help and it gives me an error code C00D11B1 and suggests I check my sound devices for updated drivers. When I do they are all up to date. Other wmv files play fine. My operating system is Vista 64 bit. Please any help is appreciated. ...

Digital signature in Excel 2000
When trying to sign a macro project (with a valid certificate), I receive the following error message: "There was a problem with the digital certificate. The VBA project could not be signed. The signature will be discarded." I have created several other certificates using SelfCert but the problem persist. Any help? Thanks for you help! ...

XL 2k
In Excel 2000 numbers in having over 15 digits in a cell results in each digit from 16 on turn into zeros (0). How can I enter numbers over 15 digits? XL only calculates to 15 digit precision! To enter numbers larger then 15 digits, that will *not* be used for calculation (credit card #'s - part #'s), you can enter an apostrophe ( ' ) first, which will not display in the cell, but will be visible in the formula bar. On a larger basis, simply *pre-format* the column to "Text". Changing the format to "Text" *after* entering the long numbers will *not* work....

Event ID: 2104 Process INETINFO.EXE (PID=1964). All the DS Servers in domain are not responding.
Gurus, why would my single-server W2K3 SP1 DC / Exchange 2003 SP2 machine throw the 2104 error in the application log during a shutdown? I am shutting Exchange down via script b/c we all know Exchange on a DC takes forever to shut down unless you tell it to shut down the services manually first. My event logs are clean of errors except for this one lone nagging one. I know DSAccess keeps it's own separate "cache" of Directory Servers, but how can I program it not to try to look for other DCs/GCs when shutting down? Because in my test environment, I only have one GC (th...

Problem about digital Sign On Window X64 OS
Hi: I have a question need your help,Now, We already made a driver(include SYS,INF) The driver run well on Windows 32bit OS(Window2000~WIndow7). But IT can not be loaded on WinX64 OS.The device Manager always show that there are no Digitally Signed at Digital Signer. When i switch system work mode to disable enforcement digital signed Check mode,The Driver work well. SO i bought a signature from VerSign, Use SignTool to make digital signature on SYS file. SYS file can be seen that there is a correct signature. But I put the new SYS into Drivers directory. restart OS The devi...