http://msmvps.com/blogs/bradley/archive/2005/06/21/54423.aspxA fellow MVP sent me an digitally signed email and asked if the email was encrypted.... but you see it wasn't. Why not? Because he didn't have 'my' digital certificate in his cert store. You see when Alice want to send an encrypted email to Bob she mustenCommunityServer 2008.5 SP2 (Build: 40407.4157)http://msmvps.com/blogs/bradley/archive/2005/06/21/54423.aspx#56903Sun, 10 Jul 2005 14:53:00 GMTd67277c4-116b-43f1-b688-e9ef184ea916:56903bradleyI can speak to Tim's question. <br> <br>If Alice wants to send an encrypted email to Bob, Susan, and James. <br> <br>After you have created and addressed your message, select Send. If any of the recipients do not have digital signature certificates, then you will get an error message designating who does not have this. If you select Continue, it will send the email encrypted to all. <br> <br>Those who do not have your Digital ID (and trusted you), will not be able to read your message. <div style="clear:both;"></div><img src="http://msmvps.com/aggbug.aspx?PostID=56903" width="1" height="1">http://msmvps.com/blogs/bradley/archive/2005/06/21/54423.aspx#54762Thu, 23 Jun 2005 15:40:00 GMTd67277c4-116b-43f1-b688-e9ef184ea916:54762bradleyAnd to make things more complicate, Bob could not just send Alice his public key (because Alice should not trust email headers ;-) - he should send it offline or Bob and Alice should trust the same Certification Authority and receive certificates <div style="clear:both;"></div><img src="http://msmvps.com/aggbug.aspx?PostID=54762" width="1" height="1">http://msmvps.com/blogs/bradley/archive/2005/06/21/54423.aspx#54579Wed, 22 Jun 2005 21:09:00 GMTd67277c4-116b-43f1-b688-e9ef184ea916:54579bradleyIt really doesn't matter what form of public key cryptography you're using, if Alice wants to encrypt a message for Bob, the only way to do it is for Alice to use Bob's public key to encrypt it. <br> <br>Alice can't use her private key to encrypt it, because then anyone could decrypt it (because anyone can get Alice's public key). <br> <br>Alice can't use her public key to encrypt it, because then only Alice would be able to decrypt it. <br> <br>Alice can't use Bob's private key to encrypt it, because unless there's something intimate going on here, Alice shouldn't have access to Bob's private key. <br> <br>Alice must use Bob's public key to encrypt the message. <br> <br>The only remaining question is &quot;how can Alice get Bob's public key?&quot; <br> <br>Bob sending Alice a signed email just happens to be the easiest way to get this done. Then Alice sends Bob an encrypted, signed message, and Bob can now encrypt messages for Alice. Note that after the first signed message goes out, everything remaining can be encrypted.<div style="clear:both;"></div><img src="http://msmvps.com/aggbug.aspx?PostID=54579" width="1" height="1">http://msmvps.com/blogs/bradley/archive/2005/06/21/54423.aspx#54463Wed, 22 Jun 2005 12:31:00 GMTd67277c4-116b-43f1-b688-e9ef184ea916:54463TrackBack<div style="clear:both;"></div><img src="http://msmvps.com/aggbug.aspx?PostID=54463" width="1" height="1">http://msmvps.com/blogs/bradley/archive/2005/06/21/54423.aspx#54457Wed, 22 Jun 2005 11:19:00 GMTd67277c4-116b-43f1-b688-e9ef184ea916:54457bradleySo in your first statement, your saying if I send what I think is an encrypted message out to a number of people, and i only have a digital cert on hand for half of them, one half will receive the message encrypted, and the other half won't? Also, you said he sent you a digitally signed message, and then asked you if it was encrypted, but that is two different things. <br> <br>Even though it doesnt integrate as tightly, this is what made PGP such a nice alternative. I didnt need a thing from anyone else.<div style="clear:both;"></div><img src="http://msmvps.com/aggbug.aspx?PostID=54457" width="1" height="1">