0

I have set up my work email (Exchange) using the Windows 10 built-in mail client. The mail client was able to download all of my emails, and even automatically found my personal certificate for decrypting and reading emails. I had outlook set up prior to trying this so I'm assuming it found the cert wherever outlook keeps it.

The client did not, however, find the public keys required to send encrypted emails. We use Active Directory which gives us a global address list for all employees. I believe that each user's public key is also stored there. It seems that Windows 10 mail is unable to access the address list since it hasn't been able to use that account to automatically import contacts into People, which is the contacts application for Windows 10. I was able to populate the contacts list by exporting from outlook, but the public keys didn't come with any of the contact cards.

Given that I can access and export the public keys from the address list, where would I put them so that the Windows 10 mail application would find them? I've tried a few tests with a colleague using the cert management console, putting his public key in the Trusted People and Other People folders, but had no luck getting the encrypted email to send. There is a banner that comes up on each attempt that says "The public key is missing for some recipients".

I have to assume that since encryption is an option when sending an email in the application, it would have to be able to cache the public keys somewhere, Right?

EDIT: I was able to pinpoint where the Mail app looks for public keys, but it isn’t able to install them itself (from a signed email, for example). I manually installed a public key from a colleague to that location within the key store, but Mail still couldn’t see that it had their public key when I would try to send him an encrypted email. I began to lean towards the idea that Mail cannot access the key store for one reason or another, but that wouldn’t make sense since it accessed my private cert right away and began decrypting emails. Still stumped.

Improve this question
1
  • I would assume the certificate store
    – Ramhound
    Commented Oct 18, 2017 at 22:28

1 Answer 1

Reset to default
0

Read signed or encrypted messages

When you receive an encrypted message, the mail app will check whether there is a certificate available on your computer. If there is a certificate available, the message will be decrypted when you open it. If your certificate is stored on a smartcard, you will be prompted to insert the smartcard to read the message. Your smartcard may also require a PIN to access the certificate.

Install certificates from a received message

When you receive a signed email, the app provide feature to install corresponding encryption certificate on your device if the certificate is available. This certificate can then be used to send encrypted email to this person.

1.Open a signed email.

2.Tap or click the digital signature icon in the reading pane.

3.Tap Install.

enter image description here

Improve this answer
1
  • I wasn’t able to install the encryption certificate through a signed email. While it did say that it installed successfully, there was no certificate for that user in the User or Machine key store. When clicking the digital signature icon, under “Security status”, it says “The digital ID that was used to sign this message was revoked”.
    – Jason
    Commented Oct 19, 2017 at 17:22

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .