Problem with personal certificates

Hi,

I have a personal Thawte certificate installed in Outlook 2000.

I am getting an error when trying to open an email I sent to myself as a
test.

It says 'Can't open this item.  Your Digital ID name cannot be found by the
underlying security system.'

What on earth does that mean?

How do I resolve this?

Thanks,

Neil


0
bounce (4)
8/12/2003 10:02:01 PM
outlook 87535 articles. 11 followers. Follow

3 Replies
294 Views

Similar Articles

[PageSpeed] 50

I actually have two - one each for two email addresses.

They are both installed, but the one for my default address is selected.

Do I have to match up the encryption algorithms with the certificate specs?
Can I uninstall and re-install them?  Will this restore the default settings
for them?

Neil



---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.509 / Virus Database: 306 - Release Date: 12/08/2003


0
bounce (4)
8/13/2003 7:42:06 AM
"N J Jelley" <bounce@njjelley.com> wrote in message
news:OIz5c1RYDHA.2484@TK2MSFTNGP09.phx.gbl
> Hi,
>
> I have a personal Thawte certificate installed in Outlook 2000.
>
> I am getting an error when trying to open an email I sent to myself
> as a test.
>
> It says 'Can't open this item.  Your Digital ID name cannot be found
> by the underlying security system.'
>
> What on earth does that mean?
>
> How do I resolve this?
>
> Thanks,
>
> Neil

Although you have *installed* the personal freemail certificate, you
need the public key of the security certificate from the person to whom
you are going to *send* e-mail to.  That is, I want to encrypt a file
that I want only Joe to receive (and the reason I encrypted it).  Joe
must FIRST send me a digitally signed e-mail so I can save his public
key in an entry in my Contacts folder.  Then when I send an encrypted
e-mail to him, that e-mail will use his public key to encrypt the file
and only he can then decrypt it using his private key.  It guarantees
that only Joe can decrypt the e-mail because only he has the private key
that matches with his public key that was used to do the encrypting.

You can always digitally sign your e-mail using your public key from
your security certificate.  That gives the recipient your public key so
they could then encrypt an e-mail using your public key which you would
then receive and then decrypt using your always protected private key.
You can digitally sign any outbound e-mails but you cannot encrypt them
without the *other* person's public key, even if the recipient is you.

So if you want to sent a test e-mail to yourself, you must be listed in
your Contacts or other contacts-type folder (that has been included in
the Outlook Address Book) so your public key is stored there.  Then an
e-mail addressed (to yourself) will use your public key to encrypt the
e-mail.  You then receive the encrypted e-mail and use your private key
to decrypt it.  Although you are both the send and recipient, you have
to behave as you-as-sender is a different person than you-as-recipient;
i.e., you have to go through the same process as if you were sending
e-mail to someone else.

Person_A sends a digitally signed e-mail which includes their public key
to Person_B.  Person_B can then encrypt a message using Person_A's
public key and send that encrypted e-mail to Person_A.  Person_A
receives the encrypted e-mail and uses their private key to decrypt the
file.

In your test case, you were Person_A and Person_B but you had no record
in your Contacts that had your security certificate to make your public
key available (for your own use in this looped e-mail test).

Beware that there is a big deficiency in the defaults used by Outlook
and Outlook Express when using security certificates to digitally sign
e-mails.  Outlook's default is to send clear text signed e-mails.
Outlook Express' default is not encode e-mails (which is NOT the same as
encrypting them; it means the digital signature has not encoded the
content of the message).  That is, the message is sent as a separate
part than the signature (i.e., it is text sent "in the clear" even if it
is HTML content).  The recipient only know that YOU were the originator
of the e-mail but there is no guarantee that the content of the e-mail
has not been altered.  If you disable the "send as clear text signed"
option in Outlook or enable the "encode" option in Outlook Express then
you send opaque signed messages.  That is, the signature envelopes (and
encodes) the content of the message.  If the content is altered in any
way, the recipient will be alerted that what you sent is not what they
received.  However, from what I've heard regarding opaque signed
e-mails, there are still mail servers and gateways that will mutilate
opaque signed e-mails because they will do some crap like trying to add
footers to the e-mails (i.e., you are using a mail service that wants to
add spam/promotional signatures or info to the end of your messages).
Some e-mail clients don't know how to handle opaque signed e-mails and
instead will show the entire e-mail as an attachment (instead of just
the digital signature portion).  Almost every webmail provider I've
tried doesn't know how to handle opaque signed e-mails, so all the
recipient sees is a blank message with one attachment.  With clear text
signed e-mails, the recipient will see your message and the digital
signature is an attachment.  But with clear text signed e-mails, you
cannot guarantee what you said to them is what they actually get to
read.

So digital signatures don't seem to be a great security measure anyway.
You can tell the recipient that the e-mail really originated from you
but you cannot guarantee that what they read is what you wrote.  Or you
could envelope your message with the digital signature (opaque) to
ensure they see what you wrote and hope that no mail server or gateway
mangles your e-mail, that the recipient uses an e-mail client capable of
reading opaque signed e-mails, and that they don't use a webmail
provider.  I don't see much point in universally digitally signing all
my outbound e-mails.  The only time it is useful is when you know that
Joe wants to send you a sensitive e-mail and/or file attached to an
e-mail so you send him a digitally signed e-mail so he can use your
public key to encrypt his sensitive e-mail so only you can decrypt it
with your private key.  So although I have Thawte freemail certificates,
too, I don't set Outlook or OE to always sign my outbound e-mails.
Instead I use the options when composing a new e-mail to sign that
outbound message when it is appropriate.  If you visit newsgroups, as
you have here, you'll find some users won't be able to read your posts;
they will look blank with attachments (at least, that's what happens for
use OE users that do not have a PGP plug-in and some *nix user digitally
signs their post using PGP).

Those who digitally sign all their outbound e-mails but send the message
as clear text don't usually realize that they've guaranteed nothing
about the content of their message.  It's like sending you a letter via
postal mail with my name on the envelope as the sender but someone else
possibly removing my letter and sliding in their own.  Yeah, you know
that I originally sent the letter but you don't know if the letter you
received is the one that I sent.  You could try sending opaque signed
e-mails to let recipients know it came from you and that your message
did not get altered, and see if they mostly arrive unmangled.  How many
times in your life has postal mail sitting in your mailbox after it got
delivered been altered to make you think the sender said something
different than they did?  Same goes for e-mail.  Unless there is a real
need to opaque sign or encrypt your e-mails, which is usually on a
per-mail basis and not universally, you only generate more headaches for
your recipients and yourself.  What also isn't mentioned that almost no
users ever validate a security certificate.  I get an e-mail from
Whackoff that pretends to be from Joe which is digitally signed (by
Whackoff) so that I can use the public key from the digital signature to
return an encrypted e-mail with a highly sensitive document or message,
and now Whackoff gets the encrypted e-mail and decrypts it.  I would
have to first inspect the signature attached to the e-mail purportedly
from Joe, inspect the certificate details to check for any anomalies,
and then I would have to somehow validate that certificate.  Validation
is the hard part.  Supposedly the program is to use Certificate
Revocation Lists (CRLs) from an CA (Certificate Authority) that you
trust but that requires you be online to do that check and I haven't
found it to work in Outlook; instead I get a yellow triangle saying the
CRL could not be checked to see if the certificate is still valid.  So
instead I am expected to hunt around on the CA's web site looking for a
downloadable file containing the CRL and then I have to check the serial
number of the certificate in the e-mail against the serial numbers in
the CRL.  If there is a match then that certificate has been revoked.
That's like the really old days when stores had to use blacklists to
check which credit cards were stolen.  Users are NOT going to go through
all that effort and will usually assume the certificate is valid and it
is for the person they think it is for.  This security was supposed to
eliminate the need to trust the sender and provide authentication that
they are who they say they are by referencing a separate but trusted
authority.  Doesn't work in practice, especially with freemail
certificates which never require any real authentication of the
certificate owner, and because recipients have no easy way to validate
the certificate, anyway.  For something that is supposed to provide
security - which implies lack of trust - there's too much trust going on
with these.

-- 
____________________________________________________________
** Share with others.  Post replies in the newsgroup.
** If present, remove all "-nix" from my email address.
____________________________________________________________



0
8/13/2003 7:55:47 AM
What a thorough reply.

I have printed it, and will study it with interest.

Thankyou.

Neil



---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.509 / Virus Database: 306 - Release Date: 12/08/2003


0
bounce (4)
8/13/2003 8:06:35 AM
Reply:

Similar Artilces:

Smart List problem
I recently re-installed a client (version 9.0). Everything went fine but when we tried to open Smartlist on this client we got an error message telling us that “To use Smartlist capability in this product the Smartlist tables must be built. This is one time initialization process and may take a few minutes”. I answered yes, it ran and then returned the following error “number of columns does not match table definitions”. Every other machine is working fine, is the tables it is talking about building on the client? It does not seem like that should be so. It does not matter ...

Problem with systemstate backup with DPM 2010
Hi! We running DPM 2010RC on a Windows 2008 R2 The Protected computer is: Microsoft(R) Windows(R) Server 2003, Standard Edition 5.2.3790 Service Pack 2 Build 3790 When we installed the DPM agent the first backup of system state was successfully, so we have one restore point. But further backups in failing, the system state backup is in status “replica is inconsistent” and when I running a consistent check the job failing. In the error in DPM is: The replica of System Protection Computer\System Protection on sea0700smon1.xxxx.local is inconsistent with the protected data so...

Questiontest-outlookwebservices problem
hi all and thanks for the support. i'm facing a problem with test.outlookwebservices. notice that oulook side everything seems to be pretty good: the autodiscovery and auto-configuration of the account succeedes, the test email autoconfiguration suceedes too. when i launch the test, once it suceedes for certain services and after a while it fails for those services and suceedes for other. look the prints: here are failing the RPC tests Message : [EXCH] The UM is configured for this user in the AutoDiscover response received from https://mytest-EXC1. myt...

Problem when switching datasource
Help please :) I have created an excel report, that retrieves its data from a view. From that data i have created several sheets with different pivottables. The view is based per country, so each country has to connect to their own view. So I use the same file and change the datasource. It looks fine when i have updated. BUT when I use the dropdown on a field, the old values from the last data are still visible, however they dont show anything if you choose them. For example France has sales men a +b and Sweden c+d. when switching datasource from france to sweden, only c+d should be visible i...

Fewer normal template problems with Word 2000 or 2002?
I have enjoyed some things about Word 2007, but I keep having problems with macros and templates. I am wondering if (a) macros increase the likelihood of corrupting the normal template in 2007, or (b) if the older versions of Word had as many template problems. I have used Word in 2000, with Office 2003, and now with Office 2007 and I don't ever recall having as many problems as I've had with 2007. What I'm thinking is that if it is simply a macro problem causing corruption, I would simply use 2007 without the macros (they're nice but I can live without them). On the...

Bad certificate at Bank One?
I'm getting the error message when connecting to Bank One: "Money cannot establish secure communication with the Internet, banking, or brokerage server because the server's digital certificate is invalid. If the problem persists, contact your Financial Institution (OFXIE12038)." I wonder if the latest security updates to IE6 have anything to do with this ... -- Aloke ---- to reply by e-mail remove 123 and change invalid to com In microsoft.public.money, Aloke Prasad wrote: >I'm getting the error message when connecting to Bank One: > >"Money cannot e...

Font problem
It seems that the Cambria Math font has recently acquired an extremely large Ascent and Descent. Has it perhaps always been that way and I've never noticed it before, or is it something recent, perhaps a Vista thing? Try the following code for example. For Arial and Times New Roman (and virtually all other fonts) I am getting pretty much exactly what I would expect (a TextHeight that is a bit larger than the point size) but for Cambria Math I am getting an extremely large TextHeight (I get exactly the same results using GDI32 methods). At this end (on my Vista Business laptop...

Problems with loading xml from XmlTextWriter
I use an XmlTextWriter to generate xml data. The declaration is: System.Text.StringBuilder sb = new System.Text.StringBuilder(); System.IO.StringWriter sw = new System.IO.StringWriter(sb); XmlTextWriter w = new XmlTextWriter(sw); And I write to it using .... w.WriteElementString("foo","bar"); When the creation is done, I need to load it into DOM to select an XmlNode or an XmlElement to apply to another method (which I cannot control). I thought I could do it with: XmlDocument xDoc = new XmlDocument(); xDoc.Load(sb.ToString()); XmlNode node = xDoc.SelectSingleNode(&...

08 Mac Office activation problems
Version: 2008 Operating System: Mac OS X 10.5 (Leopard) Just found an article posted by michellec and I am faced with exactly the same problem - on 'activation' of the product, none of the 3 product keys seem to be correct, hence activation is unsuccessful!! Have received some help emails (and thanks Diana yours had the microsoft help number that has been good, despite the fact they can't help me and tell me I must get in touch with Digital River) but seems that what I need is another product key, and now that I'm asking for that since about 10 days, I don't get any reply ...

How do I add certificates for digital signatures
I'm trying to follow the directions at http://office.microsoft.com/en-us/help/HP052495571033.aspx and when I get to the step where I'm supposed to choose a certificate, the list is empty. Where is it looking? How do I add a certificate? On Fri, 13 Nov 2009 10:47:39 -0800 (PST), Chris Nelson <chris.nelson.1022@gmail.com> wrote: >I'm trying to follow the directions at http://office.microsoft.com/en-us/help/HP052495571033.aspx >and when I get to the step where I'm supposed to choose a certificate, >the list is empty. Where is it looking? How do I add a...

Problem access variable in On Format
Hi, I'm using Access via Office XP Pro. I am trying to format the Zip Code on the detail line of my report. I have tried the following lines of code in both the On Format event and the On Print event: If len([PostalCode]) > 5 Then : : end if or if len(Me.PostalCode) > 5 Then : : end if In both events and either code, I receive the error message: Access can't find the field 'PostalCode' referred to in your expression. If I put "PostalCode" as the source of the report's control...

Autoshapes' visible problem
When I add some Rectangle autoshapes above the embeded chart, I find it's hard to control it's visibility, They maybe hide when I select some cell or activate chart. I want to know how to make them always visible no matter what I select. Thank you in advance! ^_^ Yours,fujing You need to click on the chart before you use the drawing tool. In this way the Shape and the Chart become one. best wishes -- Bernard V Liengme www.stfx.ca/people/bliengme remove caps from email "fujing1003" <fujing1003@gmail.com> wrote in message news:1171358292.074278.135950@v33g2000cwv...

Problem inserting delta symbol into Excel
Dear Group, Hello. I recently posted a question related to the issue of putting a mu (=B5) symbol into MS Excel charts. Someone kindly suggested using the Alt-numeric code (alt-0181) to place this symbol into the spreadsheet cell which then showed up nicely in the chart. However, when I try to do this same operation using alt+ NumPad 68 (susposed to give the delta symbol), all I get is a capital D. What gives? Why does one symbol work and not the other? I even downloaded the program QuickKeys from SourceForge.net and this still did not solve the problem. Any ideas?? Thank you....

Office 2004 SP 11.1.0 installation problems
I'm trying to update Office 2004 on my brand new iBook. I installed Office 2004 from the CD without incident. Then I downloaded SP 11.1.1.0 and 11.1.0 (which according to the MS website is to be installed 1st.) When I try to install, I received a message, "An error prevented the update from completing 11002:2,-14" The "Read Me" file indicates several potential explainatins/solutions none of whice are relevant except for uninstalling Office and then reinstalling it. I tried dragging the Office folder to the trash and reinstalled and am having the same problem. I've t...

RMS and/or PC Charge Problems
We are having some interesting problems with our RMS system and PC Charge: For no apparent reason RMS will have an error message after a card is swiped or keyed into the system: • DENIED (With a wide variety of error messages) • DUPLICATE use F+ to force (even when it is the first transaction) • TIMED OUT Attempted solutions: • Turned modem off and on • Disconnected the modem and plugged everything back in • Turned the server on/off • Called PC Charge only to be told that it is RMS • RMS said it is PC Charge • Confirmed that everything is set up properly in PC Charge and RMS What works:...

Excel deleting xml item problem
I have an excel macro (in an add-in) that is called by the main excel macro that is deleting various items in an xml file When it gets to the last line as below it generates the following message “An unhandled error occurred: Object variable or with block not set” the variable is dimensioned see Dim statement that I have copied here. This has worked for some time with no problem but suddenly out of the blue generates this error. I have tried replacing the xml file with a copy, also tried replacing the add-in with a copy (in case either have been corrupted). The error desc...

Other problem with recent update that locks you out without product key
Version: 2008 Operating System: Mac OS X 10.5 (Leopard) Processor: Intel I can't get into my Office anymore either until I locate my product key, but I'm also finding that I'm getting a sound stutter when I watch movies online with Netflix. This wasn't happening before the download and I don't get the stutter when I switch to Windows operating system. Is anyone else having this trouble and have you been able to fix it? Thanks. Hey !! I can't get into my Office anymore either until I locate my product key because on my mac, download updates come through automatically. ...

Dialog based problem in vc6
Hi, I am writing an mfc project in vs6 and I have a problem! When I add radio button to my dialog based application and run the application and press that button my application hang, even when I try to run it in the test mode inside visual studio and press that radio button it stack the all environment why?? It append only if I add a radio button for a regular button its all ok! I install sp-6 but it didn't solve the problem. Thanks "Dave" <dbg@012.net.il> wrote in message news:eq14GyguEHA.3872@TK2MSFTNGP11.phx.gbl... > Hi, > > I am writing an mfc project in ...

Problem with Outlook error message
Hi everyone - I just started having problems in Outlook 2003 after uninstalling Mozilla Firefox broswer. Every time I try to open a URL in an Outlook message I get the following error message: "This operation has been cancelled due to restirctions in effect on this computer. Please contact your system administrator." Any way to get rid of this? I've already changed all *.htm and *.html associations to IE. Thanks for your help!!! scripteez wrote: > Hi everyone - > > I just started having problems in Outlook 2003 after uninstalling > Mozilla Firefox broswer. Every...

Outlook 2003 Signature Problem
I've created a signature with my company logo (.jpg file) using Outlook 2003. When the signature is attached in my email, the photo/icon file shows a box with an 'x' in place of the .jpg file. I checked the location where the files are stored and I found the .jpg file in the proper folder under signatures. Thanks in advance for your help. Mike Tools - options -security tab, click on change automatic download settings. Change to what you want. "Mikeul" <Mikeul@hotmail.com> wrote in message news:1132112656.7e1c9b39fdb73a3c7ed44fdbd3e3fbc4@fe5.teranews.com......

Problem in restricting users from sending/receving internet email
I have found a helpful articel here: http://www.msexchange.org/tutorials/MF009.html I read it through couple times but I would like to ask some questions before I start the work on our Exchange 2000 server. 1. The "group" I am going to create for adding users into the restricting list, will it be a Security group or Distribution group? What group scope should I give it? 2. Under the section of "Restricting Users from Sending Internet Base Email", the article tells us to create a *new* SMTP connector and add the group into the "Dilivery Restriction" page. Will ...

Hyperlink Problem #6
Hi all, Maybe someone can help me with a hyperlink problem we have. We have an index spreadsheet with links to all our main documents etc. These documents can be Pdfs, gifs Jpegs etc. I would have expected that when you click on the hyperlink the document would open with the program associated with the file type. On my particular box, the image file ( gif, jpeg) open in internet explorer although the association to the file should use irfranview, on other machine the file opens in Irfranview. I am not understanding why the file should open in different programs although the file associa...

Outlook Draft Email Print Problem
I have emails saved in draft but when i go to print them it doesnt show who it is being sent to and the fact it hasnt been sent yet, i have played with the setting but to no avail. I am using outlook 2003 any help would be appriciated. Turn off WordMail before printing the draft (Tools | Options | Mail Format) or wait to print until after you send it. -- Sue Mosher, Outlook MVP Author of Microsoft Outlook Programming - Jumpstart for Administrators, Power Users, and Developers http://www.outlookcode.com/jumpstart.aspx <kpmail76@yahoo.co.uk> wrote in message news:...

Custom toolbar problem
I'm using Outlook 2000 under terminal services. when i customise my toolbars with my own buttons that use macros i find that when i exit then open outlook again its reset itself to default settings. I tried the whole reseting of the outcmd.dat file but that doesn't help, it keeps reseting back to default after i exit. Is there another way to fix this?, muchly appreciated for any help. Under TS the settings and changes are kept on the server and you probably don't have write access to the underlying files such as outcmd.dat. Your changes will persist only until that Outlook se...

Outlook 2002 HTML printing problem
Outlook 2002. I cannot print HTML emails. Plain text prints without any problems just HTML will not. Office xp pro is at all latest service packs. Anyone have an idea what may be wrong? ...