A
anonymous
Hello!
We have a problem with decrypting encrypted e-mails with Outlook2003 with
SP2.We use the classic sign and crypt buttons from Microsoft Outlook 2003
with SP2.
The following error appears: "Can't open this item.Your digital ID name can
not be found by the underlying security system."
We have installed a Windows XP with SP2 workstation - clean installation.
We have updated the operating system with all security and software Windows
XP optional patches from Microsoft Update Web site WITHOUT KB909520 Update
for Microsoft Base Cryptographic Service Provider
http://support.microsoft.com/kb/909520/
We have installed Office 2003 - and after that, we have patched the
workstation with Office 2003 SP2 and the 4 security hotfixes for Office after
SP2 from Microsoft Update web site.
We have tested on this workstation signed and encrypted e-mails - with
digital certificates stored on Safenet ikey2032 tokens
(www.safent-inc.com).We use a digital certificate for digital signature and a
different digital certificate for encryption. Of course the digital
certificate used for signature must have the Secure E-mail extension - to be
used as a certificate for signature in Microsoft Outlook or Outlook Express.
Everything is OK for MU3.3, MU 20 and MU 20.3 Rainbow Safenet drivers on
that workstation - signing e-mail and digital signature verification,
encrypting and decrypting e-mails.
After that we have installed KB909520 and signing and verifying digital
signature is OK, encrypting and sending e-mail works but at decryption we
have the above error "Can't open this item.Your digital ID name can not be
found by the underlying security system."
After uninstalling this patch KB909520 the error remains. Also after
reinstallation of the Rainbow drivers on that workstation the error remains.
The situation is the same on other 2 workstations with this patch KB909520
installed but we have many workstations WITHOUT this patch installed and the
issue with decrypting encrypted e-mails is present! So this patch KB909520 is
not the source of this error.
Other facts:
- the Axalto e-gate and Alladin token on the same workstation are not
affected by this issue and they works with KB909520 installed or uninstalled
on that workstations.
- everything is OK with Outlook 2003 SP2 if we use digital certificates
stored in PKCS#12 format.
- decrypting e-mails with Rainbow tokens is OK IF WE USE THE SAME DIGITAL
CERTIFICATE FOR SIGNATURE AND ENCRYPTION ( a digital certificate with Digital
signature and Key encipherment/Data encipherment extensions)!!!
- there are many workstations WITHOUT the KB909520 patch installed but with
Outlook 2003 with SP2 and that workstations HAVE THE SAME ISSUE .
-on all the workstations (XP with SP2 with all operating system patches)
with Outlook 2003 SP 2 decrypting encrypted e-mails problem, the problem is
the same and with Outlook Express.
So...there was a Outlook 2003 issue regarding signed and encrypted e-mails
that was resolved by the Office 2003 SP2
http://support.microsoft.com/kb/895679/
but apparently, there still is a problem with Outlook 2003 SP2 (and Outlook
Express) and Rainbow ikey2032 drivers BUT ONLY IF WE USE SEPARATE digital
certificates for signature and encryption.
Can You help me?
Thank You in advance,
Ovidiu Pismac
MCSE Security, MCSA Messaging
We have a problem with decrypting encrypted e-mails with Outlook2003 with
SP2.We use the classic sign and crypt buttons from Microsoft Outlook 2003
with SP2.
The following error appears: "Can't open this item.Your digital ID name can
not be found by the underlying security system."
We have installed a Windows XP with SP2 workstation - clean installation.
We have updated the operating system with all security and software Windows
XP optional patches from Microsoft Update Web site WITHOUT KB909520 Update
for Microsoft Base Cryptographic Service Provider
http://support.microsoft.com/kb/909520/
We have installed Office 2003 - and after that, we have patched the
workstation with Office 2003 SP2 and the 4 security hotfixes for Office after
SP2 from Microsoft Update web site.
We have tested on this workstation signed and encrypted e-mails - with
digital certificates stored on Safenet ikey2032 tokens
(www.safent-inc.com).We use a digital certificate for digital signature and a
different digital certificate for encryption. Of course the digital
certificate used for signature must have the Secure E-mail extension - to be
used as a certificate for signature in Microsoft Outlook or Outlook Express.
Everything is OK for MU3.3, MU 20 and MU 20.3 Rainbow Safenet drivers on
that workstation - signing e-mail and digital signature verification,
encrypting and decrypting e-mails.
After that we have installed KB909520 and signing and verifying digital
signature is OK, encrypting and sending e-mail works but at decryption we
have the above error "Can't open this item.Your digital ID name can not be
found by the underlying security system."
After uninstalling this patch KB909520 the error remains. Also after
reinstallation of the Rainbow drivers on that workstation the error remains.
The situation is the same on other 2 workstations with this patch KB909520
installed but we have many workstations WITHOUT this patch installed and the
issue with decrypting encrypted e-mails is present! So this patch KB909520 is
not the source of this error.
Other facts:
- the Axalto e-gate and Alladin token on the same workstation are not
affected by this issue and they works with KB909520 installed or uninstalled
on that workstations.
- everything is OK with Outlook 2003 SP2 if we use digital certificates
stored in PKCS#12 format.
- decrypting e-mails with Rainbow tokens is OK IF WE USE THE SAME DIGITAL
CERTIFICATE FOR SIGNATURE AND ENCRYPTION ( a digital certificate with Digital
signature and Key encipherment/Data encipherment extensions)!!!
- there are many workstations WITHOUT the KB909520 patch installed but with
Outlook 2003 with SP2 and that workstations HAVE THE SAME ISSUE .
-on all the workstations (XP with SP2 with all operating system patches)
with Outlook 2003 SP 2 decrypting encrypted e-mails problem, the problem is
the same and with Outlook Express.
So...there was a Outlook 2003 issue regarding signed and encrypted e-mails
that was resolved by the Office 2003 SP2
http://support.microsoft.com/kb/895679/
but apparently, there still is a problem with Outlook 2003 SP2 (and Outlook
Express) and Rainbow ikey2032 drivers BUT ONLY IF WE USE SEPARATE digital
certificates for signature and encryption.
Can You help me?
Thank You in advance,
Ovidiu Pismac
MCSE Security, MCSA Messaging