Encrypting Email

[Joe Lewis]

Today I sent an email to two people that I encrypted. I
have the public key for one person, but not the other.
When I clicked send, I got a warning telling me it could
not encrypt the email being sent to the person for whom I
do not have a public key. I clicked continue.

I assumed that an encrypted copy would go to the person
for whom I had a public key, while an unencrypted version
would go to the other person. This was a probably a poor
assumption now that I think about it. You wouldn't want
an email that requires encryption to go unencrypted to
some people.

My problem is with the fact that the person for whom I
don't have a public key has received an email he can not
read. My questions is, What was used to encrypt that
email? I the public key was used to encrypt an email. If
I don't have a users public key, how does the email get
encrypted?

Thanks,
Joe

 

[Joe Lewis]

That last paragraph should read:

My problem is with the fact that the person for whom I
don't have a public key has received an email he cannot
read. My questions is, What was used to encrypt that
email? I THOUGHT the public key was used to encrypt an
email. If I don't have a user's public key, how does the
email get encrypted?

 

[Vanguard]

That last paragraph should read:

My problem is with the fact that the person for whom I
don't have a public key has received an email he cannot
read. My questions is, What was used to encrypt that
email? I THOUGHT the public key was used to encrypt an
email. If I don't have a user's public key, how does the
email get encrypted?

Hmm, my guess is that the public key used was the one for the recipient
that actually got the usable message (i.e., they could decrypt it using
their private key). This makes me wonder how you would send one copy of
a message to multiple recipients if only the public key for one of them
was available to you (which would not match the private keys for the
other recipients).

My assumption would've been the same as yours, that an encrypted copy
would get sent to the recipient_A using recipient_A's public key, a
differently encrypted copy would get sent to recipient_B using
recipient_B's public key, and so on, and that NO copy would get sent to
the rest of the recipients for whom you did not have their public key
(unless, as you mentioned, there is an option to override that and send
an unencrypted copy to recipients for whom you do not have their public
key, but then why bother encrypting it at all if you're going to send it
in the clear). For the recipient for whom you did not have their public
key, can they relate to you the details of the certificate used in
encrypting the message? Does an icon appear or can they click Details
to see if recipient_B who cannot read the message can see if
recipient_A's public key was used, or if the certificate says it was
from you?

Are you using Exchange? If the recipient isn't, they won't be able to
read your secure message unless you are using S/MIME. Under Tools ->
Options -> Security -> Settings, do you have S/MIME selected, or do you
have Exchange Server Security?

 

[Vizvary Istvan III]

My assumption would've been the same as yours, that an encrypted copy

would get sent to the recipient_A using recipient_A's public key, a
differently encrypted copy would get sent to recipient_B using
recipient_B's public key, and so on, and that NO copy would get sent to
the rest of the recipients for whom you did not have their public key

Only one message is sent to all recipients. The original content is
encrypted with a session key. That session key is then encrypted with
recipients'
public keys. For each recipient who is meant to be able to decrypt the
message
there is a record in the message's internal structure which describes the
recipient's
certificate and contains encrypted session key.

Outlook allows to send an encrypted message to recipients for whom it
cannot explicitly encrypt the session key. This can be useful in some cases,
eg. for archiving purposes or a BCC recipient.

Vizvary Istvan III
http://www.ppuvas.com.pl/