Users July 2009

users@lists.ciphermail.com

5 participants
8 discussions

Re: [Djigzo users] Windows xp does not accept the root certificate

by Martijn Brinkers

Hi Andreas, Good to hear you solved it. I think that for certificate purposed SHA1 is still secure just as long as you do not sign a certificate create by an external untrusted party with your CA. That said most crypto experts are urging users to start using sha256 for new projects. If you need support for XP sp <=2 you have no choice and should use sha1 I'm glad you found the problem and I will add this issue to the faq and documentation. Kind regards Martijn Brinkers --- sent from Blackberry

12 years, 2 months

Re: [Djigzo users] Windows xp does not accept the root certificate

by Andreas Schubert

hello, i think the problem is solved. after i generate a new ca with sha1 signature algorithm it works. now i know, that windows xp whithout xp3 does not support sha256. with that knowledge i testet the import on a sp3 machine and it works. what is the disadvantage i we use certs with sha1? thank you for your help. regards Andreas Schubert Transline Deutschland Dr.-Ing. Sturz GmbH "Martijn Brinkers" <m.brinkers(a)pobox.com> wrote on 15.07.2009 21:58:29: > That's really strange. I have tested it with different windows xp > installations. Also others have been able to import the pfx without > problems. So the main question now is what's different in your setup? > I have seen problems installing certs in the past when access to the > registry was refused for some actions (the certs are imported into the > registry). Perhaps a virus scanner does not allow you to install a > root? What happens when you install only the root (as a cer file) into > the root store? Is it also installed into the intermediate store? > Kind regards > Martijn > --- sent from Blackberry

12 years, 3 months

Re: [Djigzo users] Windows xp does not accept the root certificate

by Martijn Brinkers

Did you import the pfx by dbl click and then import using the import wizard? Could you remove all your root instances from all stores and try again? The easiest way to manage certificates on windows is by starting mmc and then add the certificates add-in. Using the mmc add-in you can search for a certificate by right clicking the top store element and then choose search for certificates. Search for your root and delete all references and try to import the pfx again Kind regards Martijn --- sent from Blackberry

12 years, 3 months

Re: [Djigzo users] Windows xp does not accept the root certificate

by Martijn Brinkers

>my problem is that windows xp does >not import the self created ( with > djigzo ) >root certificate into the "trusted root > certificate" store. Did you try to import the created pfx or did you import a separate root en intermediate (.cer file)? Is the user a restricted user? Kind regards Martijn brinkers --- sent from Blackberry

12 years, 3 months

[Djigzo users] Windows xp does not accept the root certificate

by Andreas Schubert

hallo, first of all i have to tell you that i am not familar with handling x.509 certificates. my problem is that windows xp does not import the self created ( with djigzo ) root certificate into the "trusted root certificate" store. windows xp only import the root certificate together with the intermediate certificate into the "intermediate certificate" store. and so none of these certificates are trusted. i have followed the instructions in the S/MIME setup guide and have tried it with automatically and manualy selection of the certificate store. i tried it on two different xp machines. on my windows vista system it works. what is going wrong here? can i control this behavior? regards Andreas Schubert Dipl.-Ing. (FH) Leiter EDV Tel. +49 7121 9463-360 Fax +49 7121 9463-150 Transline Deutschland Dr.-Ing. Sturz GmbH Transline Deutschland ist ein Unternehmen der Sturz Gruppe (www.sturz-gruppe.de) --------------------------------------------------------------------------- Prozessautomatisierung - als Antwort auf die Krise! http://www.transline.de/prozess-automatisierung Vereinbaren Sie einen Termin mit uns! --------------------------------------------------------------------------- * http://www.transline-group.com * Ihr Partner für Globale Kommunikation * http://www.transline.de * Ihr Partner für Übersetzungen * http://www.doculine.com * Ihr Partner für Technische Dokumentation Am Heilbrunnen 47 * D-72766 Reutlingen * Germany Telefon +49 7121 9463-0 * Fax +49 7121 9463-150 Skype: translinedeutschland Geschäftsführer: Dr.-Ing. Wolfgang Sturz Eingetragen beim Amtsgericht Stuttgart HRB 353333 VAT ID no. DE 193439222 ---------------------------------------------------------------------------

12 years, 3 months

Re: [Djigzo users] getting a java error while encryption an email

by Martijn Brinkers

I wished I could add the "Unlimited Strength Jurisdiction Policy Files" to Djigzo Virtual appliance but I think this is a "legal mine field" because lots of countries have their own crypto laws. Kind regards, Martijn Brinkers Andreas Schubert wrote: > hello Martijn, > > no i don't > i did not realize that i have to do that, i thought installing this is > optional.......... > > -> admin to stupid error or RTFM > > i will test it with this file installed. > > thank you for your fast response. > > regards > > Andreas Schubert > Dipl.-Ing. (FH) > Leiter EDV > Tel. +49 7121 9463-360 > Fax +49 7121 9463-150 > Transline Deutschland Dr.-Ing. Sturz GmbH >

12 years, 3 months

[Djigzo users] getting a java error while encryption an email

by Andreas Schubert

hello, i have a problem with encrypting email that was send to an external user. i have read the administrator and smime guide, and had no problem with the basic setup. i installed the Djigzo VMware virtual appliance 1.2.3 at this time i had created a CA, an internal domain, an internal user and a external user. the encryption mode for this external user is set mandatory and on the Select encryption certificates page the certificate is shown in green colour. but when i send an email from the internal user to the external user i will get these error massage in the MPA log: 09 Jul 2009 08:40:30 | ERROR IOException. (mitm.application.djigzo.james.mailets.SMIMEEncrypt) [Spool Thread #2] org.bouncycastle.mail.smime.SMIMEEnvelopedGenerator$WrappingIOException: org.bouncycastle.cms.CMSException: key invalid in message. at org.bouncycastle.mail.smime.SMIMEEnvelopedGenerator$ContentEncryptor.write(Unknown Source) at org.bouncycastle.mail.smime.handlers.PKCS7ContentHandler.writeTo(Unknown Source) at javax.activation.ObjectDataContentHandler.writeTo(Unknown Source) at javax.activation.DataHandler.writeTo(Unknown Source) at javax.mail.internet.MimeBodyPart.writeTo(MimeBodyPart.java:1381) at javax.mail.internet.MimeMessage.writeTo(MimeMessage.java:1742) at javax.mail.internet.MimeMessage.writeTo(MimeMessage.java:1718) at mitm.common.mail.MailUtils.validateMessage(MailUtils.java:207) at mitm.application.djigzo.james.mailets.SMIMEEncrypt.serviceMail(SMIMEEncrypt.java:259) at mitm.application.djigzo.james.mailets.AbstractDjigzoMailet.service(AbstractDjigzoMailet.java:226) at org.apache.james.transport.LinearProcessor.service(LinearProcessor.java:424) at org.apache.james.transport.JamesSpoolManager.process(JamesSpoolManager.java:405) at org.apache.james.transport.JamesSpoolManager.run(JamesSpoolManager.java:309) at java.lang.Thread.run(Thread.java:636)Caused by: org.bouncycastle.cms.CMSException: key invalid in message. at org.bouncycastle.cms.CMSEnvelopedDataStreamGenerator.open(Unknown Source) at org.bouncycastle.mail.smime.SMIMEEnvelopedGenerator$EnvelopedGenerator.open(Unknown Source) at org.bouncycastle.cms.CMSEnvelopedDataStreamGenerator.open(Unknown Source) at org.bouncycastle.cms.CMSEnvelopedDataStreamGenerator.open(Unknown Source) ... 14 moreCaused by: java.security.InvalidKeyException: Illegal key size at javax.crypto.Cipher.checkCryptoPerm(Cipher.java:972) at javax.crypto.Cipher.checkCryptoPerm(Cipher.java:993) at javax.crypto.Cipher.init(Cipher.java:1394) ... 18 more what ist going wrong? regards Andreas Schubert Dipl.-Ing. (FH) Leiter EDV Tel. +49 7121 9463-360 Fax +49 7121 9463-150 Transline Deutschland Dr.-Ing. Sturz GmbH Transline Deutschland ist ein Unternehmen der Sturz Gruppe (www.sturz-gruppe.de) --------------------------------------------------------------------------- Prozessautomatisierung - als Antwort auf die Krise! http://www.transline.de/prozess-automatisierung Vereinbaren Sie einen Termin mit uns! --------------------------------------------------------------------------- * http://www.transline-group.com * Ihr Partner für Globale Kommunikation * http://www.transline.de * Ihr Partner für Übersetzungen * http://www.doculine.com * Ihr Partner für Technische Dokumentation Am Heilbrunnen 47 * D-72766 Reutlingen * Germany Telefon +49 7121 9463-0 * Fax +49 7121 9463-150 Skype: translinedeutschland Geschäftsführer: Dr.-Ing. Wolfgang Sturz Eingetragen beim Amtsgericht Stuttgart HRB 353333 VAT ID no. DE 193439222 ---------------------------------------------------------------------------

12 years, 3 months

[Djigzo users] Customer experience

by Mario Moder

> Two main new features I was thinking about are: > > 1. PGP support > 2. Client-less email encryption Hi Martijn I vote for number one if that means OpenPGP support (using GnuPG and its libraries for example) ;-) We (a german non-profit-organisation) are currently looking for a Free/Open Source eMail encryption solution (ca. 300 email users). So far I have found GEAM (deep in the GnuPG sources, only OpenPGP, no S/MIME) and got it running but I am concerned that it seems it is not actively developed or even maintained anymore. And it does not support S/MIME. And I have not tested it in a "production environment"... Since most of our communication partners use OpenPGP and some use S/MIME, I decided to vote for OpenPGP support in Djigzo :-) It seems the field of free/open source eMail security gateways is relative small compared to client side encryption solutions. On the other hand there are plenty of commercial gateway solutions. So keep up the good work! Mario

12 years, 3 months

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

Users July 2009