Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

PGP integration with CA's outside of PGP's PKI

Created: 13 May 2011 • Updated: 13 May 2011 | 6 comments

Hello All,

I'm not sure I entirely understand how a PGP’s implementation of secure messaging differs from a Microsoft solution (SMIME)... http://forum.pgp.com/t5/PGP-Desktop-for-Windows/PGP-Desktop-and-S-Mime-Outlook-No-go/td-p/37017
 

It appears that PGP strips the signature from incoming emails that have been singed within outlook (via a microsoft certificate with digital signature extension)

*funny behavior on the outlook side as well, outlook will identify signatures generated within PGP –only until it’s opened or you try to use the key (reply with encrypted message) back to the email address than signed that email.. –outlook will show a small certificate icon on that email until you interact with the “.sig”

…if I export the microsoft certificate (public key only) used to sign emails on my outlook side, to my PGP machine it will identify the “Public x509 certificate file” and complete the import. When I go to transmit an email to that user as it appears on their certificate, PGP pops up and says “key not found, email blocked”

…I’ve tried adding the CA’s root key (public) to this machine’s trusted “root”, so it has a trustpoint for the certificate…. I beginning to think I’m doing somthing fundamental wrong, or missing something really stupid

 

>>>Quick summary<<<
I have a microsoft issued certificate (RSA keys pairs) with email signing attributes, generated via internal Microsoft CA. These certificates can be used within outlook to sign/encrypt messages all is well… I’d like to have this PKI send to a PGP client.
Outlook (public x.509) certificate encrypting email’s to a PGP client. Can this be done?

 

Many thanx to all/Tom,

 

J

Comments 6 CommentsJump to latest comment

Tom Mc's picture

This Knowledge Base Article may be helpful.

When you consider your issue resolved, please click Mark As Solution on the most helpful response.

Search the Knowledge Base &

ciscoL33Tness's picture

thanks for the reply Tom,

http://forum.pgp.com/t5/PGP-Desktop-for-Windows/Import-PGP-public-key-into-Windows-Outlook/td-p/21303

 

?It is possible to export your pgp public to a x.509 format?

 

I've successfully imported/signed the smime key (certificate that was generated via microsoft CA) to the PGP client. The PGP client can now securely send to the outlook client, but i have not figured out how to import PGP's .sig into outlook.

 

I will post a complete "smime <=> PGP" config, once i figure out how to import PGP's signature into outlook (not running any PGP services...)

 

any idea's how this can be done?

 

regards,

J

Tom Mc's picture

Although I can't offer any details on it, I believe you will need to obtain and import your own x.509 cert for the S/MIME only user to use the public portion of, for encryption to you.  PGP/MIME signatures do not include the public key.

When you consider your issue resolved, please click Mark As Solution on the most helpful response.

Search the Knowledge Base &

ciscoL33Tness's picture

thanks for the reply Tom,

I'm not entirely sure why there is such little documentation on this, seems like a pretty important function.... Are there any support options that would allow me to speak with an engineer (pay or free)???

thanks,

J

this config is super close to working... just need the second half of it (PGP key signature/import side)

Tom Mc's picture

I don't know that you will find exactly what you seek, but there is some participation in this forum, you may want to consider support options, and you may want to consider using the Idea option under Create Content (at the top of this page).

When you consider your issue resolved, please click Mark As Solution on the most helpful response.

Search the Knowledge Base &