3 Jun
2011
3 Jun
'11
2:57 p.m.
Hello
we have our Djigzo gateway configured to encrypt all outgoing mail if
a matching certificate is found by setting "Encrypt Mode = Allow".
Today i discovered a mail which was not encrypted but a valid
certificate is available.
I suspekt it is because the odd keyUsage setting in the certificate.
It contains "digitalSignature" as only keyUsage, but "emailProtection"
as Extended Key Usage. Have i got it right that all certificates which
do not contain "keyEncipherment" as keyUsage or have empty keyUsage
are not used for encryption by automatical selection?
Many Thanks
Andreas
3 Jun
3 Jun
3:20 p.m.
On 01/-10/-28163 08:59 PM, lst_hoe02(a)kwsoft.de wrote:
Hello
we have our Djigzo gateway configured to encrypt all outgoing mail if a
matching certificate is found by setting "Encrypt Mode = Allow". Today i
discovered a mail which was not encrypted but a valid certificate is
available.
I suspekt it is because the odd keyUsage setting in the certificate. It
contains "digitalSignature" as only keyUsage, but "emailProtection"
as
Extended Key Usage. Have i got it right that all certificates which do
not contain "keyEncipherment" as keyUsage or have empty keyUsage are not
used for encryption by automatical selection?
A certificate is only valid for S/MIME encryption if one of the
following conditions is true:
1 the KeyUsage is not set and the extended key usage is not set, the
certificate can be used for encryption
2 the KeyUsage is not set and the extended key usage is set and contains
emailProtection, the certificate can be used for encryption
3 the KeyUsage is set and contains keyEncipherment and the extended key
usage is not set, the certificate can be used for encryption
4 the KeyUsage is set and contains keyEncipherment and the extended key
usage is set and contains emailProtection, the certificate can be used
for encryption
Kind regards,
Martijn Brinkers
--
Djigzo open source email encryption
4002
days inactive
4002
days old
1 comments
2 participants
participants (2)
-
lst_hoe02@kwsoft.de -
Martijn Brinkers