cannot decrypt pgp-inline messages that have s/MIME signature
Hi I've recently received some emails that are encrypted pgp-inline but also signed with s/MIME. Clicking the security button shows me the s/MIME certificate and tells me the signature is valid but gives no way to decrypt the pgp message. Is that also true of later TB! versions? -- Best regards MFPAmailto:expires2...@ymail.com Don't talk unless you can improve on the silence Using The Bat! v4.0.38 on Windows XP 5.1 Build 2600 Current version is 4.2.42 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: [Feature request] disable auto-detection of S/Mime certificate to allow eID signatures
Hi On Tuesday 5 January 2010 at 9:52:56 PM, in , Stephane Bouvard wrote: > Hi, > A small request i've already made a couple of time... > just a hope that it could reach the right people at > Ritlabs :) I see you have asked on this list in previous years. Is it logged at https://www.ritlabs.com/bt/ as well? I looked but did not see it. -- Best regards MFPA Did you hear? They took the word gullible out of the dictionary Using The Bat! v4.0.38 on Windows XP 5.1 Build 2600 Current version is 4.2.12.4 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
[Feature request] disable auto-detection of S/Mime certificate to allow eID signatures
Hi, A small request i've already made a couple of time... just a hope that it could reach the right people at Ritlabs :) Could it be possible to manualy select a S/Mime certificate to sign an eMail ? In Belgium, we use an eID : the electronic identity card, with this card we can use an officially certified certificate to sign our documents like emails... the problem with TheBat! is that this certificate does not contain any email address : the purpose is not to certify the email address, but the identity (name) like a real signature, wichever email address we use... and TheBat! when i request to sign an email try to automatically find a certificate with my email address... of course it does not work : TheBat! does not find the right certificate as it does not contain my EMail address, and thus TheBat! refuse to sign the message... if only it could be possible to manually select a certificate... Of course, i *must* use the MS Crypto API and not the internal implementation, to be able to use the external eID reader configured for the MS Api... >From my point of view it should not be too difficult to allow that, and would >be a really major improvement in usability of TheBat! in professional >environnement (eID signature is the only one recognized by law to certify an >email in Belgium, thus pgp or other certificates are not an option). -- Cordialement, Stephane courrier : anta...@freenet.be Current version is 4.2.12.4 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: S-MIME Certification from CaCert.org
Hi On Thursday 15 October 2009 at 5:22:50 PM, in , Thomas Fernandez wrote: > So, the S/Mime sigs from this particular customer now > verify fine. I thank all who contributed. Glad you got it sorted. -- Best regards MFPA Only dead fish go with the flow Using The Bat! v4.0.38 on Windows XP 5.1 Build 2600 Current version is 4.2.10.0 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: S-MIME Certification from CaCert.org
Hello Thomas, On Sat, 10 Oct 2009 22:52:47 +0700 GMT (10/Oct/09, 22:52 PM +0700 GMT), Thomas Fernandez wrote: >>> How do I import a new root certificate into TB!? I >>> communicate with people who sign all their message by >>> S/Mime but I cannot verify the sigs. I went to the >>> organisdation's server, and they offer a .msi file, >>> which actually works for Internet Explorer and the >>> secure websites are now certified, so the cert >>> apparently resides somewhere in an IE directory. M>> No experience myself but maybe the solution given at reference 2.2 in M>> the first post of M>> http://ritlabs.com/en/forum/read.php?FID=4&TID=7101&MID=27073&phrase_id=1629356#message27073 M>> will help? I think you need to be using the internal implementation. TF> Hey, this is a great link! I will try that on Monday. Basically, this is what I did. The certs were already imported into Internet Explorer, so I exported them from there. Caveat: If you select multiple certs in IE and export them, a .p7b file will be generated, which TheBat! does not import. You need to export each cert seperately from IE, so you will be given the choice to export as .cer file. TB! imports .cer files just fine. After importing, the next step is to click on an S/Mime signed message and trust the cert. I could trust it, because I knew were I downloaded it. After that, I got green tickmarks all over. So, the S/Mime sigs from this particular customer now verify fine. I thank all who contributed. -- Cheers, Thomas. http://thomas.fernandez.hat-gar-keine-homepage.de/ Message reply created with The Bat! 4.2.10.6 under Windows XP 5.1 Build 2600 Service Pack 3 Current version is 4.2.10.0 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: S-MIME Certification from CaCert.org
Guten Tag MFPA, am Montag, 12. Oktober 2009 um 02:13 schrieben Sie: > Both that and your previous message verified OK Ok, thanks, so probably the problem did only affect the other Accounts - thanks for clearification. -- Mit freundlichen Grüßen Jens Franik mailto:je...@gmx.de The Bat! 4.2.10.14 + AntiSpamSniper 3.2.1.5 + Gaijin XMP Makro Plugin 1.2 Language-File-Checksum: 21033D1F Windows XP 5.1 build 2600 Service Pack 2 AMD Athlon Dual Core 4850e 2,50 GHz, 4 GB RAM Debian Lenny + Windows XP @VirtualBox 3.0.8 r53138 non-OSE 8 POP3 Accounts - 1 IMAP - 170 (Common) Folders - about 10 Messages Current version is 4.2.10.0 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: S-MIME Certification from CaCert.org
Hi On Monday 12 October 2009 at 12:39:32 AM, in , Jens Franik wrote: > Guten Tag Jens Franik, > am Freitag, 9. Oktober 2009 um 12:17 schrieben Sie: >> becoming an Assurer for CaCert.org - a free >> Certification Instance for X.509, i would like to >> know, if my signed Messages can be verified by anyone > I fear, i did a mistake and signed my Certificate > myself, instead of pointing to the Root-CA of > CaCert.org. > This is a new Try and should show up "Name: CaCert > User" "eMail: je...@gmx.de" "Issued-by: CaCert.org" Both that and your previous message verified OK, issued to CAcert WoT User by CA Cert Signing Authority. -- Best regards MFPA Don't learn safety rules by accident... Using The Bat! v4.0.38 on Windows XP 5.1 Build 2600 Current version is 4.2.10.0 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: S-MIME Certification from CaCert.org
Guten Tag Jens Franik, am Freitag, 9. Oktober 2009 um 12:17 schrieben Sie: > becoming an Assurer for CaCert.org - a free Certification Instance for > X.509, i would like to know, if my signed Messages can be verified by > anyone I fear, i did a mistake and signed my Certificate myself, instead of pointing to the Root-CA of CaCert.org. This is a new Try and should show up "Name: CaCert User" "eMail: je...@gmx.de" "Issued-by: CaCert.org" -- Mit freundlichen Grüßen Jens Franik mailto:je...@gmx.de The Bat! 4.2.10.14 + AntiSpamSniper 3.2.1.5 + Gaijin XMP Makro Plugin 1.2 Language-File-Checksum: 21033D1F Windows XP 5.1 build 2600 Service Pack 2 AMD Athlon Dual Core 4850e 2,50 GHz, 4 GB RAM Debian Lenny + Windows XP @VirtualBox 3.0.8 r53138 non-OSE 8 POP3 Accounts - 1 IMAP - 170 (Common) Folders - about 100000 Messages smime.p7s Description: S/MIME Cryptographic Signature Current version is 4.2.10.0 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: S-MIME Certification from CaCert.org
Guten Tag Thomas Fernandez, am Sonntag, 11. Oktober 2009 um 02:22 schrieben Sie: JF>> I saw, how much Zertifikates are in the ZIP File, which poorly is JF>> another .exe but you could list the certificates with Commandline JF>> Switches, maybe you find here, what you need (about 72 inside): JF>> Anlagen: JF>>1) Certs.txt (3464 Byte, Textdatei) > Where did you get this list from? Where can I download the .exe to > import these certs into TB!? I got this List from the -l (list) Option as a Command Line Switch to the .exe The Files do not import to The Bat! but to Internet Explorer and maybe Outlook or Outlook Express - because they seem to be special for Windows Users. You can get the Files at https://www.dodpke.com/InstallRoot/ But anyway, it looks like you have to first install them into Internet Explorer and maybe Outlook whatever - and then export them to use in an other application. You know, these Specialists from DOD are very crazy by Windows... -- Mit freundlichen Grüßen Jens Franik mailto:je...@gmx.de The Bat! 4.2.10.14 + AntiSpamSniper 3.2.1.5 + Gaijin XMP Makro Plugin 1.2 Language-File-Checksum: EC2C2E75 Windows XP 5.1 build 2600 Service Pack 2 AMD Athlon Dual Core 4850e 2,50 GHz, 4 GB RAM Debian Lenny + Windows XP @VirtualBox 3.0.8 r53138 non-OSE 8 POP3 Accounts - 1 IMAP - 170 (Common) Folders - about 10 Messages Current version is 4.2.10.0 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: S-MIME Certification from CaCert.org
Hello Jens, On Sat, 10 Oct 2009 19:46:59 +0200 GMT (11/Oct/09, 0:46 AM +0700 GMT), Jens Franik wrote: >> Believe me, the DOD has so many different departments with >> different approval procedures JF> I saw, how much Zertifikates are in the ZIP File, which poorly is JF> another .exe but you could list the certificates with Commandline JF> Switches, maybe you find here, what you need (about 72 inside): JF> Anlagen: JF>1) Certs.txt (3464 Byte, Textdatei) Where did you get this list from? Where can I download the .exe to import these certs into TB!? -- Cheers, Thomas. http://thomas.fernandez.hat-gar-keine-homepage.de/ Message reply created with The Bat! 4.2.10.6 under Windows XP 5.1 Build 2600 Service Pack 3 Current version is 4.2.10.0 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: S-MIME Certification from CaCert.org
Guten Tag Thomas Fernandez, am Samstag, 10. Oktober 2009 um 18:24 schrieben Sie: > Believe me, > the DOD has so many different departments with different approval > procedures I saw, how much Zertifikates are in the ZIP File, which poorly is another .exe but you could list the certificates with Commandline Switches, maybe you find here, what you need (about 72 inside): Anlagen: 1) Certs.txt (3464 Byte, Textdatei) -- Mit freundlichen Grüßen Jens Franik mailto:je...@gmx.de The Bat! 4.2.10.14 + AntiSpamSniper 3.2.1.5 + Gaijin XMP Makro Plugin 1.2 Language-File-Checksum: EC2C2E75 Windows XP 5.1 build 2600 Service Pack 2 AMD Athlon Dual Core 4850e 2,50 GHz, 4 GB RAM Debian Lenny + Windows XP @VirtualBox 3.0.8 r53138 non-OSE 8 POP3 Accounts - 1 IMAP - 170 (Common) Folders - about 10 Messages DoD PKE InstallRoot v3.12A List File Certificates: Store SubjectIssuer Not After Status --- -- -- -- -- --- 1. ROOT DoD PKI Med Root CA 2. ROOT DoD CLASS 3 Root CA 3. ROOT DoD ROOT CA 2 4. ROOT DoD OCSP SS 5. ROOT ECA Root CA 6. ROOT ECA Root CA 7. ROOT ECA Root CA 2 8. CA Med CA-1 9. CA Med CA-2 10. CA DoD CLASS 3 CAC CA 11. CA DoD CLASS 3 CA-3 12. CA DoD CLASS 3 CA-4 13. CA DoD CLASS 3 CA-5 14. CA DoD CLASS 3 CA-6 15. CA DoD CLASS 3 CA-7 16. CA DoD CLASS 3 CA-8 17. CA DoD CLASS 3 CA-9 18. CA DoD CLASS 3 CA-10 19. CA DoD CA-11 20. CA DoD CA-12 21. CA DoD CA-13 22. CA DoD CA-14 23. CA DoD CA-15 24. CA DoD CA-16 25. CA DoD CA-17 26. CA DoD CA-18 27. CA DoD CA-19 28. CA DoD CA-20 29. CA Med Email CA-1 30. CA Med Email CA-2 31. CA DoD CLASS 3 CAC EMAIL CA 32. CA DoD CLASS 3 EMAIL CA-3 33. CA DoD CLASS 3 EMAIL CA-4 34. CA DoD CLASS 3 EMAIL CA-5 35. CA DoD CLASS 3 EMAIL CA-6 36. CA DoD CLASS 3 EMAIL CA-7 37. CA DoD CLASS 3 EMAIL CA-8 38. CA DoD CLASS 3 EMAIL CA-9 39. CA DoD CLASS 3 EMAIL CA-10 40. CA DoD EMAIL CA-11 41. CA DoD EMAIL CA-12 42. CA DoD EMAIL CA-13 43. CA DoD EMAIL CA-14 44. CA DoD EMAIL CA-15 45. CA DoD EMAIL CA-16 46. CA DoD EMAIL CA-17 47. CA DoD EMAIL CA-18 48. CA DoD EMAIL CA-19 49. CA DoD EMAIL CA-20 50. CA DoD Intermediate CA-1 51. CA ORC ECA 52. CA ORC ECA 53. CA ORC ECA 54. CA ORC ECA 2 55. CA ORC ECA FN 56. CA IdenTrust ECA 1 57. CA VeriSign Client External Certi 58. CA VeriSign Client External Certi 59. CA VeriSign Client External Certi 60. CA DoD Intermediate CA-1 61. CA DoD Intermediate CA-2 62. CA ORC ECA SW 3 63. CA ORC ECA HW 3 64. CA IdenTrust ECA 2 65. CA VeriSign Client External Certi 66. CA DOD CA-21 67. CA DOD CA-22 68. CA DOD CA-23 69. CA DOD CA-24 70. CA DOD EMAIL CA-21 71. CA DOD EMAIL CA-22 72. CA DOD EMAIL CA-23 73. CA DOD EMAIL CA-24 Current version is 4.2.10.0 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: S-MIME Certification from CaCert.org
Guten Tag Thomas Fernandez, am Samstag, 10. Oktober 2009 um 17:38 schrieben Sie: > I will > check on Monday whether I have a .crt file on that computer. Or you could export from the Browser. -- Mit freundlichen Grüßen Jens Franik mailto:je...@gmx.de The Bat! 4.2.10.14 + AntiSpamSniper 3.2.1.5 + Gaijin XMP Makro Plugin 1.2 Language-File-Checksum: EC2C2E75 Windows XP 5.1 build 2600 Service Pack 2 AMD Athlon Dual Core 4850e 2,50 GHz, 4 GB RAM Debian Lenny + Windows XP @VirtualBox 3.0.8 r53138 non-OSE 8 POP3 Accounts - 1 IMAP - 170 (Common) Folders - about 10 Messages Current version is 4.2.10.0 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: S-MIME Certification from CaCert.org
Hi On Saturday 10 October 2009 at 5:40:59 PM, in , Thomas Fernandez wrote: > This is very useful, thank you. NAVFAC is actually my > customer, so you are right on the spot. Completely by accident (-; -- Best regards MFPA When you're through changing, you're through Using The Bat! v4.0.38 on Windows XP 5.1 Build 2600 Current version is 4.2.10.0 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: S-MIME Certification from CaCert.org
Hello MFPA, On Sat, 10 Oct 2009 17:15:44 +0100 GMT (10/Oct/09, 23:15 PM +0700 GMT), MFPA wrote: M> Possibly try something like http://crl.disa.mil/getsign?DOD%20CA-21 M> I googled '"DOD EMAIL" certificate' and selected the first result, M> which was an FAQ page on portal.navfac.navy.mil. Firefox gave me the M> "certified by unknown authority" dialogue box and I selected "examine M> certificate" and found the above link under details | certificate M> fields | certificate | extensions | authority information access This is very useful, thank you. NAVFAC is actually my customer, so you are right on the spot. For those who don't know US Naval Facilities (Navfac): We have often heard about the US Army Corps of Engineers. However, in fact (and I don't really know whether I have to shoot you after telling you this), the world has been seperated between the Army and the Navy. Over here, it's the Navy that fixes things (dams, ports, you name it). In other parts of the world (like the continental US), the Army is in charge. That's all there is to it. Not very exciting (no shooting involved), but interesting from a logistics POV. -- Cheers, Thomas. http://thomas.fernandez.hat-gar-keine-homepage.de/ Message reply created with The Bat! 4.2.10.6 under Windows XP 5.1 Build 2600 Service Pack 3 Current version is 4.2.10.0 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: S-MIME Certification from CaCert.org
Hello Jens, On Sat, 10 Oct 2009 17:53:12 +0200 GMT (10/Oct/09, 22:53 PM +0700 GMT), Jens Franik wrote: >> The cert authority in the email I am >> referring to is called "DOD EMAIL". JF> Resources: Installing DoD Root Certificates JF> from searching JF> http://www.google.de/#q=dod+email+root+certificate&btnG=Google-Suche&meta=&aq=f&oq=dod+email+root+certificate JF> and watching JF> http://www.dtic.mil/dtic/announcements/dodrootcertificates.html JF> i found it should be found here, but the Site does not load for me: JF> http://dodpki.c3pki.chamb.disa.mil/rootca.html JF> but they say: JF> For further assistance: DTIC Web site customers should contact r...@dtic.mil or (703) 767-8274. Thanks for all this. Yes, I am in contact with dodpki. Believe me, the DOD has so many different departments with different approval procedures, that my request over here is a cry for help. They do offer suppport for Outlook and Thunderbird (and a few others), but TheBat! isn't in their standard list. JF> Maybe you should eMail r...@dtic.mil and tell them to guide you to the JF> correct Website, where you can download the Root Certificate and see JF> the Fingerprints, because you have to compare the Fingerprints to be JF> sure this is the wanted Certificate. I have never heared of DTIC but am not surprised there is just another unit again. I'll try that but don't expect a quick answer, with the long weekend coming up in the US. I'll also be in the 703 area code later this month, so there is hope this problem will be solved. -- Cheers, Thomas. http://thomas.fernandez.hat-gar-keine-homepage.de/ Message reply created with The Bat! 4.2.10.6 under Windows XP 5.1 Build 2600 Service Pack 3 Current version is 4.2.10.0 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: S-MIME Certification from CaCert.org
Hi On Saturday 10 October 2009 at 4:53:12 PM, in , Jens Franik wrote: > Resources: Installing DoD Root Certificates from > searching > http://www.google.de/#q=dod+email+root+certificate&btnG=Google-Suche&meta=&aq=f&oq=dod+email+root+certificate > and watching > http://www.dtic.mil/dtic/announcements/dodrootcertificates.html > i found it should be found here, but the Site does not > load for me: > http://dodpki.c3pki.chamb.disa.mil/rootca.html but they > say: For further assistance: DTIC Web site customers > should contact r...@dtic.mil or (703) 767-8274. Possibly try something like http://crl.disa.mil/getsign?DOD%20CA-21 I googled '"DOD EMAIL" certificate' and selected the first result, which was an FAQ page on portal.navfac.navy.mil. Firefox gave me the "certified by unknown authority" dialogue box and I selected "examine certificate" and found the above link under details | certificate fields | certificate | extensions | authority information access -- Best regards MFPA War is a matter of vital importance to the State. Using The Bat! v4.0.38 on Windows XP 5.1 Build 2600 Current version is 4.2.10.0 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: S-MIME Certification from CaCert.org
Hello MFPA, On Sat, 10 Oct 2009 16:43:21 +0100 GMT (10/Oct/09, 22:43 PM +0700 GMT), MFPA wrote: >> I see. But S/Mime is internal capability? M> You have a choice of internal implementation or "Microsoft CryptoAPI" M> which is set at Options | S/MIME I never saw that before. What different does it make, and will it help to solve the problem? >> How do I import a new root certificate into TB!? I >> communicate with people who sign all their message by >> S/Mime but I cannot verify the sigs. I went to the >> organisdation's server, and they offer a .msi file, >> which actually works for Internet Explorer and the >> secure websites are now certified, so the cert >> apparently resides somewhere in an IE directory. M> No experience myself but maybe the solution given at reference 2.2 in M> the first post of M> http://ritlabs.com/en/forum/read.php?FID=4&TID=7101&MID=27073&phrase_id=1629356#message27073 M> will help? I think you need to be using the internal implementation. Hey, this is a great link! I will try that on Monday. -- Cheers, Thomas. http://thomas.fernandez.hat-gar-keine-homepage.de/ Message reply created with The Bat! 4.2.10.6 under Windows XP 5.1 Build 2600 Service Pack 3 Current version is 4.2.10.0 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: S-MIME Certification from CaCert.org
Hello Jernej, On Sat, 10 Oct 2009 17:45:58 +0200 GMT (10/Oct/09, 22:45 PM +0700 GMT), Jernej Simončič wrote: >> They don't seem to have it on their website. However, since I have >> imported the cert successfully into IE on my office computer, I will >> check on Monday whether I have a .crt file on that computer. JS> Even if you don't, you can export the certificate from IE - go to JS> Certificates -> Trusted root certification authorities, find the CA JS> there and export it. Thanks, I'll try that on Monday. -- Cheers, Thomas. http://thomas.fernandez.hat-gar-keine-homepage.de/ Message reply created with The Bat! 4.2.10.6 under Windows XP 5.1 Build 2600 Service Pack 3 Current version is 4.2.10.0 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: S-MIME Certification from CaCert.org
Guten Tag Thomas Fernandez, am Samstag, 10. Oktober 2009 um 17:38 schrieben Sie: > The cert authority in the email I am > referring to is called "DOD EMAIL". Resources: Installing DoD Root Certificates from searching http://www.google.de/#q=dod+email+root+certificate&btnG=Google-Suche&meta=&aq=f&oq=dod+email+root+certificate and watching http://www.dtic.mil/dtic/announcements/dodrootcertificates.html i found it should be found here, but the Site does not load for me: http://dodpki.c3pki.chamb.disa.mil/rootca.html but they say: For further assistance: DTIC Web site customers should contact r...@dtic.mil or (703) 767-8274. Maybe you should eMail r...@dtic.mil and tell them to guide you to the correct Website, where you can download the Root Certificate and see the Fingerprints, because you have to compare the Fingerprints to be sure this is the wanted Certificate. -- Mit freundlichen Grüßen Jens Franik mailto:je...@gmx.de The Bat! 4.2.10.14 + AntiSpamSniper 3.2.1.5 + Gaijin XMP Makro Plugin 1.2 Language-File-Checksum: EC2C2E75 Windows XP 5.1 build 2600 Service Pack 2 AMD Athlon Dual Core 4850e 2,50 GHz, 4 GB RAM Debian Lenny + Windows XP @VirtualBox 3.0.8 r53138 non-OSE 8 POP3 Accounts - 1 IMAP - 170 (Common) Folders - about 10 Messages Current version is 4.2.10.0 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: S-MIME Certification from CaCert.org
On Saturday, October 10, 2009, 17:38:22, Thomas Fernandez wrote: > They don't seem to have it on their website. However, since I have > imported the cert successfully into IE on my office computer, I will > check on Monday whether I have a .crt file on that computer. Even if you don't, you can export the certificate from IE - go to Certificates -> Trusted root certification authorities, find the CA there and export it. -- < Jernej Simončič ><><><><>< http://eternallybored.org/ > Where there's a will, there's a won't. -- Law of Inertia Current version is 4.2.10.0 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: S-MIME Certification from CaCert.org
Hi On Saturday 10 October 2009 at 3:42:12 AM, in , Thomas Fernandez wrote: > I see. But S/Mime is internal capability? You have a choice of internal implementation or "Microsoft CryptoAPI" which is set at Options | S/MIME > How do I import a new root certificate into TB!? I > communicate with people who sign all their message by > S/Mime but I cannot verify the sigs. I went to the > organisdation's server, and they offer a .msi file, > which actually works for Internet Explorer and the > secure websites are now certified, so the cert > apparently resides somewhere in an IE directory. No experience myself but maybe the solution given at reference 2.2 in the first post of http://ritlabs.com/en/forum/read.php?FID=4&TID=7101&MID=27073&phrase_id=1629356#message27073 will help? I think you need to be using the internal implementation. -- Best regards MFPA If you save the world too often, it begins to expect it Using The Bat! v4.0.38 on Windows XP 5.1 Build 2600 Current version is 4.2.10.0 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: S-MIME Certification from CaCert.org
Hello Jens, On Sat, 10 Oct 2009 16:50:08 +0200 GMT (10/Oct/09, 21:50 PM +0700 GMT), Jens Franik wrote: >> How do I import a new root certificate into TB!? I communicate with >> people who sign all their message by S/Mime but I cannot verify the >> sigs. JF> You need to watch the Details of the S/MIME Certificate, there you JF> might find the Name of the Certification Authority (for me it is JF> CaCERT). Thanks, I just checked that. The cert authority in the email I am referring to is called "DOD EMAIL". JF> On the Website of the Authority you need to fetch the Root JF> Certificate (.crt) - this you can import in the Adressbook under JF> Certification Authorities beside Thawte for Example. They don't seem to have it on their website. However, since I have imported the cert successfully into IE on my office computer, I will check on Monday whether I have a .crt file on that computer. -- Cheers, Thomas. http://thomas.fernandez.hat-gar-keine-homepage.de/ Message reply created with The Bat! 4.2.10.6 under Windows XP 5.1 Build 2600 Service Pack 3 Current version is 4.2.10.0 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: S-MIME Certification from CaCert.org
Guten Tag Thomas Fernandez, am Samstag, 10. Oktober 2009 um 04:42 schrieben Sie: > How do I import a new root certificate into TB!? I communicate with > people who sign all their message by S/Mime but I cannot verify the > sigs. You need to watch the Details of the S/MIME Certificate, there you might find the Name of the Certification Authority (for me it is CaCERT). On the Website of the Authority you need to fetch the Root Certificate (.crt) - this you can import in the Adressbook under Certification Authorities beside Thawte for Example. -- Mit freundlichen Grüßen Jens Franik mailto:je...@gmx.de The Bat! 4.2.10.14 + AntiSpamSniper 3.2.1.5 + Gaijin XMP Makro Plugin 1.2 Language-File-Checksum: EC2C2E75 Windows XP 5.1 build 2600 Service Pack 2 AMD Athlon Dual Core 4850e 2,50 GHz, 4 GB RAM Debian Lenny + Windows XP @VirtualBox 3.0.8 r53138 non-OSE 8 POP3 Accounts - 1 IMAP - 170 (Common) Folders - about 10 Messages Current version is 4.2.10.0 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: S-MIME Certification from CaCert.org
Hello Marck, On Fri, 9 Oct 2009 19:00:23 +0100 GMT (10/Oct/09, 1:00 AM +0700 GMT), Marck D Pearlstone wrote: TF>> I didn't configure any PGP. I am using TB! as is. MDP> Ah - TB doesn't have that capability. It only has the ability to shell MDP> out to PGP to do the job by proxy. It does require some measure of MDP> configuration. Also, if you don't have any PGP installed, TB only has MDP> RSA key support. Mine is certainly a DSA/1024 key and not RSA so MDP> without external PGP support, you won't be able to verify my MDP> signature. I see. But S/Mime is internal capability? How do I import a new root certificate into TB!? I communicate with people who sign all their message by S/Mime but I cannot verify the sigs. I went to the organisdation's server, and they offer a .msi file, which actually works for Internet Explorer and the secure websites are now certified, so the cert apparently resides somewhere in an IE directory. -- Cheers, Thomas. http://thomas.fernandez.hat-gar-keine-homepage.de/ Message reply created with The Bat! 4.2.10.6 under Windows XP 5.1 Build 2600 Service Pack 3 Current version is 4.2.10.0 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: S-MIME Certification from CaCert.org
Guten Tag Thomas Fernandez, am Freitag, 9. Oktober 2009 um 19:27 schrieben Sie: > I didn't configure any PGP. I am using TB! as is. So do i and it does not search the keyservers, but it did as i had my PGP configured recently... -- Mit freundlichen Grüßen Jens Franik mailto:je...@gmx.de The Bat! 4.2.10.14 + AntiSpamSniper 3.2.1.5 + Gaijin XMP Makro Plugin 1.2 Language-File-Checksum: EC2C2E75 Windows XP 5.1 build 2600 Service Pack 2 AMD Athlon Dual Core 4850e 2,50 GHz, 4 GB RAM Debian Lenny + Windows XP @VirtualBox 3.0.8 r53138 non-OSE 8 POP3 Accounts - 1 IMAP - 170 (Common) Folders - about 10 Messages Current version is 4.2.10.0 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: S-MIME Certification from CaCert.org
Dear Thomas, @10-Oct-2009, 00:27 +0700 (09-Oct 18:27 here) Thomas Fernandez [TF] in mid:1032812111.20091010002...@thomas-bkk.my-fqdn.de said to Marck: ... MDP>> And a PGP configuration issue. If PGP isn't configured to lookup MDP>> unknown keys on a keyserver then it can't verify signatures from MDP>> them. TF> I didn't configure any PGP. I am using TB! as is. Ah - TB doesn't have that capability. It only has the ability to shell out to PGP to do the job by proxy. It does require some measure of configuration. Also, if you don't have any PGP installed, TB only has RSA key support. Mine is certainly a DSA/1024 key and not RSA so without external PGP support, you won't be able to verify my signature. ... -- Cheers -- iviarck D Pearlstone -- List moderator and fellow end user TB! v4.2.10.14 on Windows Vista 6.0.6002 Service Pack 2 ' pgpQLEHnckM7D.pgp Description: PGP signature Current version is 4.2.10.0 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: S-MIME Certification from CaCert.org
Guten Tag Thomas Fernandez, am Freitag, 9. Oktober 2009 um 18:05 schrieben Sie: > Jens' sig verified over here too, but yours didn't. Thats equivocating - which Signatur has been good and which not? If you can not verify my Signature, it would be interesting, if you have in your Adressbook (View/Zertification Database) under Trusted Root CA the dn: cn=CA Cert Signing Authority,mail=supp...@cacert.org cn: CA Cert Signing Authority mail: supp...@cacert.org givenName: CA sn: Authority initials: Cert Signing o: Root CA URL: http://www.cacert.org -- Mit freundlichen Grüßen Jens Franik mailto:je...@gmx.de The Bat! 4.2.10.14 + AntiSpamSniper 3.2.1.5 + Gaijin XMP Makro Plugin 1.2 Language-File-Checksum: EC2C2E75 Windows XP 5.1 build 2600 Service Pack 2 AMD Athlon Dual Core 4850e 2,50 GHz, 4 GB RAM Debian Lenny + Windows XP @VirtualBox 3.0.8 r53138 non-OSE 8 POP3 Accounts - 1 IMAP - 170 (Common) Folders - about 10 Messages Current version is 4.2.10.0 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: S-MIME Certification from CaCert.org
Hello Marck, On Fri, 9 Oct 2009 18:02:40 +0100 GMT (10/Oct/09, 0:02 AM +0700 GMT), Marck D Pearlstone wrote: TF>> Not here. I clicked on it and wasn't even offered to check any key TF>> servers. Just gives a red X instead of a green tickmark. Looks like it TF>> could be a TB! problem. MDP> It sounds more like a "Thomas doesn't have Marck's public PGP key" MDP> issue to me. I agree. I would have expected TB! to search the key servers for the public key when I clicked ont e sig icon, but that didn't happen. MDP> And a PGP configuration issue. If PGP isn't configured to lookup MDP> unknown keys on a keyserver then it can't verify signatures from MDP> them. I didn't configure any PGP. I am using TB! as is. MDP> I know for certain my key is on public keyservers and hasn't MDP> changed for years. And I know that TB! used to search the key servers in the past. This doesn't seem to be the case anymore. -- Cheers, Thomas. http://thomas.fernandez.hat-gar-keine-homepage.de/ Message reply created with The Bat! 4.2.10.6 under Windows XP 5.1 Build 2600 Service Pack 3 Current version is 4.2.10.0 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: S-MIME Certification from CaCert.org
Dear Thomas, @9-Oct-2009, 23:49 +0700 (09-Oct 17:49 here) Thomas Fernandez [TF] in mid:1265807397.20091009234...@thomas-bkk.my-fqdn.de said to Marck: ... MDP>> Do you mean it was invalid? It was PGP - you have to validate my sig MDP>> on your keyring. Checking the mail in my TBUDL folder, the signature MDP>> was good. TF> Not here. I clicked on it and wasn't even offered to check any key TF> servers. Just gives a red X instead of a green tickmark. Looks like it TF> could be a TB! problem. It sounds more like a "Thomas doesn't have Marck's public PGP key" issue to me. And a PGP configuration issue. If PGP isn't configured to lookup unknown keys on a keyserver then it can't verify signatures from them. I know for certain my key is on public keyservers and hasn't changed for years. -- Cheers -- iviarck D Pearlstone -- List moderator and fellow end user TB! v4.2.10.14 on Windows Vista 6.0.6002 Service Pack 2 ' pgpbXBCPj2UAP.pgp Description: PGP signature Current version is 4.2.10.0 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: S-MIME Certification from CaCert.org
Hello Marck, On Fri, 9 Oct 2009 17:25:57 +0100 GMT (09/Oct/09, 23:25 PM +0700 GMT), Marck D Pearlstone wrote: MDP>>> Good plan - now that Thawte has announced that it is getting out of MDP>>> the free personal WOT circle. TF>> Really? What are they planning to do? I thought the WOT was their TF>> strength? MDP> Charge for it. Good luck to them... JF i would like to know, if my signed Messages can be verified by JF anyone, Replys even PM welcome. MDP>>> Verified perfectly here. TF>> Jens' sig verified over here too, but yours didn't. MDP> Do you mean it was invalid? It was PGP - you have to validate my sig MDP> on your keyring. Checking the mail in my TBUDL folder, the signature MDP> was good. Not here. I clicked on it and wasn't even offered to check any key servers. Just gives a red X instead of a green tickmark. Looks like it could be a TB! problem. -- Cheers, Thomas. http://thomas.fernandez.hat-gar-keine-homepage.de/ Message reply created with The Bat! 4.2.10.6 under Windows XP 5.1 Build 2600 Service Pack 3 Current version is 4.2.10.0 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: S-MIME Certification from CaCert.org
'Ello Marck, On Fri, 9 Oct 2009 17:25:57 +0100 (your time) you said: > Checking the mail in my TBUDL folder, the signature was good. Yes, your PGP sig validates here too! -- Simon (Privateofcourse) # 9721. Grow Weens Do Hi? ¶ Auxiliary Information: • The Bat! Pro 4.2.10.1 • Windows XP Pro 5.1.2600 Service Pack 3 • Scanned by avast! Plugin 4.8.1356 DB 091004-0 (04.10.2009) Current version is 4.2.10.0 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: S-MIME Certification from CaCert.org
Dear Thomas, @9-Oct-2009, 23:05 +0700 (09-Oct 17:05 here) Thomas Fernandez [TF] in mid:1143694602.20091009230...@thomas-bkk.my-fqdn.de said to Marck: MDP>> Good plan - now that Thawte has announced that it is getting out of MDP>> the free personal WOT circle. TF> Really? What are they planning to do? I thought the WOT was their TF> strength? Charge for it. JF>>> i would like to know, if my signed Messages can be verified by JF>>> anyone, Replys even PM welcome. MDP>> Verified perfectly here. TF> Jens' sig verified over here too, but yours didn't. Do you mean it was invalid? It was PGP - you have to validate my sig on your keyring. Checking the mail in my TBUDL folder, the signature was good. -- Cheers -- iviarck D Pearlstone -- List moderator and fellow end user TB! v4.2.10.14 on Windows Vista 6.0.6002 Service Pack 2 ' pgpInAv0hAj8Z.pgp Description: PGP signature Current version is 4.2.10.0 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: S-MIME Certification from CaCert.org
Hello Marck, On Fri, 9 Oct 2009 11:34:42 +0100 GMT (09/Oct/09, 17:34 PM +0700 GMT), Marck D Pearlstone wrote: JF>> becoming an Assurer for CaCert.org - a free Certification Instance for JF>> X.509, MDP> Good plan - now that Thawte has announced that it is getting out of MDP> the free personal WOT circle. Really? What are they planning to do? I thought the WOT was their strength? JF>> i would like to know, if my signed Messages can be verified by JF>> anyone, Replys even PM welcome. MDP> Verified perfectly here. Jens' sig verified over here too, but yours didn't. -- Cheers, Thomas. http://thomas.fernandez.hat-gar-keine-homepage.de/ Message reply created with The Bat! 4.2.10.6 under Windows XP 5.1 Build 2600 Service Pack 3 Current version is 4.2.10.0 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: S-MIME Certification from CaCert.org
Hello Jens, Friday, October 9, 2009, 12:17:44 PM, you wrote: JF> i would like to know, if my signed Messages can be verified by JF> anyone, Replys even PM welcome. Verified -- Best Wishes, Mark using The Bat! 4.2.10.14 281 days remaining in 2009. Actually it's 83 days) + less than 24 hours. Yours truly residing on earth for 18959 days now. Current version is 4.2.10.0 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: S-MIME Certification from CaCert.org
Dear Jens, @9-Oct-2009, 12:17 +0200 (09-Oct 11:17 here) Jens Franik [JF] in mid:95547564.20091009121...@gmx.de said: JF> becoming an Assurer for CaCert.org - a free Certification Instance for JF> X.509, Good plan - now that Thawte has announced that it is getting out of the free personal WOT circle. JF> i would like to know, if my signed Messages can be verified by JF> anyone, Replys even PM welcome. Verified perfectly here. -- Cheers -- iviarck D Pearlstone -- List moderator and fellow end user TB! v4.2.10.14 on Windows Vista 6.0.6002 Service Pack 2 ' pgpS9ZN4GPL3c.pgp Description: PGP signature Current version is 4.2.10.0 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
S-MIME Certification from CaCert.org
Guten Tag Tbudl, becoming an Assurer for CaCert.org - a free Certification Instance for X.509, i would like to know, if my signed Messages can be verified by anyone, Replys even PM welcome. TIA -- Mit freundlichen Grüßen Jens Franik mailto:je...@gmx.de The Bat! 4.2.10.14 + AntiSpamSniper 3.2.1.5 + Gaijin XMP Makro Plugin 1.2 Windows XP 5.1 build 2600 Service Pack 2 AMD Athlon Dual Core 4850e 2,50 GHz, 4 GB RAM Debian Lenny + Windows XP @VirtualBox 3.0.8 r53138 non-OSE 8 POP3 Accounts - 1 IMAP - 170 (Common) Folders - about 10 Messages smime.p7s Description: S/MIME Cryptographic Signature Current version is 4.2.10.0 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
S/Mime / TLS / Invalid Server Certificate
Hi, Two related questions : 1. I've upgraded from TB 4.0 to TB 4.1.7, but i have now a problem with TLS... My mail provider use a self signed certificate for TLS, and now when i try to use TLS with IMap, i have the following message : IMAP - TLS handshake failure. Invalid server certificate. The certificate or certificate chain is based on an untrusted root. I understand that now, as i have MS Crypto selected for SMime, TB use it also for TLS... my problem is : how can i obtain the self signed CA certificate used by the mail server to add it to the Widows Certificate Store ? 2. TB still cannot use my legal certificate... I have a legal certificate on my (digital) ID Card, this certificate is installed in Windows Certificate Store, i can use it with Outlook and many other softwares (Adobe Acrobat,...), but i still cannot use it with The Bat! : "Cannot find a certificate to sign a message from m...@email.com"... In the S/Mime settings of TheBat!, the cryptographic service provider is well recognised... I've allready posted this problem before, it seems that it come from the fact that this certificate does not mention any EMail address : it authenticate my *name* and not my EMail, i should be able to sign with my name a mail with any address... but TB only look for a certificate matching the from email address... is there any hope that this will be solved someday ? Thanks in advance for any tips / advice for those two problems... -- Best regards... _ (_' ,_)téphane Bouvard [antarex AT freenet DOT be] http://www.antarex.be Current version is 4.1.7 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: signing with S/MIME
Hello Stephane, Friday, June 1, 2007, 12:50:45 PM, you wrote: SBM> i've asked for 3 years now to add this functionality, really important SBM> in belgium to communicate with any legal autorities, but with no luck til today You're trying to do something that is simply impossible! There are no "legal" authorities in Belgium! :-) -- Best Wishes, Mark using The Bat! 3.99.8 Current version is 3.99 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: signing with S/MIME
Hi, ,- - [ Le mercredi 30 mai 2007 vers 14:20 Alto Speckhardt écrivait: ] - - | > I can't manage to sign a message using S/MIME. I always get a notice > a la "no certificate to sign message from [EMAIL PROTECTED] found". Which > isn't > all that surprising since the certificate I want to use carries an > email address of [EMAIL PROTECTED] | `- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - I have the same problem with the belgian EID certificate : the certificate authenticate the person and not the email address, and thus does not mention any address, TB! never recognized this certificate, and i receive the same error... i've asked for 3 years now to add this functionality, really important in belgium to communicate with any legal autorities, but with no luck til today :( -- Best regards... _ (_' L'informatique est ma passion, vous la simplifier, mon métier ! ,_)téphane Bouvard [antarex AT freenet DOT be] http://www.antarex.be Current version is 3.99 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: signing with S/MIME
Hello Robin, > It validated successfully here. Strange, I restarted TB! 3.99.8 and now it validates here successfully, too. Sorry Uwe -- Using The Bat! v3.99.8 on Windows XP 5.1 Build 2600 Service Pack 2 Current version is 3.99 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: signing with S/MIME
On Wed, 30 May 2007 at 22:12:00 +0200, Uwe wrote: > BTW: It takes a looong time for TB!/Windows trying to validate your signature > ... and it fails. > > Can you verify this (e.g., any software that creates a valid MID)? It validated successfully here. -- Robin Using The Bat! v3.99.3 Windows XP 5.1 Build 2600 Service Pack 2 Popfile v0.22.4 Current version is 3.99 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: signing with S/MIME
Hello Peter, On 2007-05-30 you wrote: > AFAIK, you can't, or at least, you shouldn't. I was advised by my CA > (Thawte) to create a certificate for each email address. That's certainly correct. BTW: It takes a looong time for TB!/Windows trying to validate your signature ... and it fails. Can you verify this (e.g., any software that creates a valid MID)? Gretings Uwe -- Using The Bat! v3.99.8 on Windows XP 5.1 Build 2600 Service Pack 2 Current version is 3.99 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: signing with S/MIME
Hi Alto, on Wed, 30 May 2007 14:20:29 +0200GMT (30.05.2007, 14:20 +0200GMT here), you wrote: AS> I can't manage to sign a message using S/MIME. I always get a notice AS> a la "no certificate to sign message from [EMAIL PROTECTED] found". Which isn't AS> all that surprising since the certificate I want to use carries an AS> email address of [EMAIL PROTECTED] AS> How can I use the certificate in spite of the discrepancy? I know that AS> the recipient of the signed message may see a invalid signature, but AS> let's say I want to accept that - how do I do it? AFAIK, you can't, or at least, you shouldn't. I was advised by my CA (Thawte) to create a certificate for each email address. -- Cheers Peter "If they don't want us to drink and drive, why do you have to have a driver's license to buy beer?" smime.p7s Description: S/MIME Cryptographic Signature Current version is 3.99 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: signing with S/MIME
Hi Marek, > what implementation do You use? viz Options | S/MIME I had switched to "MS CryptoAPI" because with "Internal" I got two errors if I sent an email from [EMAIL PROTECTED] to [EMAIL PROTECTED] - once for each address "no valid certificate". This is even stranger than the other way where it only complains once, since [EMAIL PROTECTED] is actually the name the certificate has been issued to. (Previously, I had imported the certificate straight from the email it had been sent to me. I don't know in which storage it ended up though, if any. ;-) ) > if MS CryptoAPI, do You have correct certificate imported to Windows (I do > not know how it is named in original Windows, I have Czech version now. That it is. I had a good look at it using certmgr.msc. -- Mit freundlichen Grüßen Alto Speckhardt mailto:[EMAIL PROTECTED] pgphcL7KqK9OT.pgp Description: PGP signature Current version is 3.99 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: signing with S/MIME
Hello all, Wednesday, May 30, 2007, Alto Speckhardt wrote: > Guten Morgen, > I can't manage to sign a message using S/MIME. I always get a notice > a la "no certificate to sign message from [EMAIL PROTECTED] found". Which > isn't > all that surprising since the certificate I want to use carries an > email address of [EMAIL PROTECTED] > How can I use the certificate in spite of the discrepancy? I know that > the recipient of the signed message may see a invalid signature, but > let's say I want to accept that - how do I do it? what implementation do You use? viz Options | S/MIME if MS CryptoAPI, do You have correct certificate imported to Windows (I do not know how it is named in original Windows, I have Czech version now. -- Bye Marek Mikus Czech support of The Bat! http://www.thebat.cz Using the best The Bat! 3.99.8 under Windows XP 5.1 Build 2600 Service Pack 2 with MyMacros,XMP,AnotherMacros, NOD32 Antivirus plugin and AntispamSniper v 2.5.0.2 Notebook Toshiba, Core2 Duo 1.83 GHz, 1 GB RAM Current version is 3.99 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: signing with S/MIME
Hello Alto, Wednesday, May 30, 2007, 2:20:29 PM, you wrote: AS> I can't manage to sign a message using S/MIME. I know the test with the PGP-signed message was no answer to your question. I (don't know where my mind was, but) thought I could stop it from sending, which obviously wasn't the case. -- Best Wishes, Mark using The Bat! 3.99.8 Current version is 3.99 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: signing with S/MIME
Hello Alto, Wednesday, May 30, 2007, 2:20:29 PM, you wrote: AS> I can't manage to sign a message using S/MIME. I always get a notice AS> a la "no certificate to sign message from [EMAIL PROTECTED] found". Which isn't AS> all that surprising since the certificate I want to use carries an AS> email address of [EMAIL PROTECTED] Sorry, only testing... -- Best Wishes, Mark using The Bat! 3.99.8 pgpJfSaaU4Xq6.pgp Description: PGP signature Current version is 3.99 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
signing with S/MIME
Guten Morgen, I can't manage to sign a message using S/MIME. I always get a notice a la "no certificate to sign message from [EMAIL PROTECTED] found". Which isn't all that surprising since the certificate I want to use carries an email address of [EMAIL PROTECTED] How can I use the certificate in spite of the discrepancy? I know that the recipient of the signed message may see a invalid signature, but let's say I want to accept that - how do I do it? -- MfG, Alto mailto:[EMAIL PROTECTED] pgpFGi6TYXSn0.pgp Description: PGP signature Current version is 3.99 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Sign mails with a S/Mime certificate from an EID card...
Hi, ,- - [ Le lundi 5 mars 2007 vers 1:00 Roelof Otten écrivait: ] - - | > Being supported by windows doesn't mean it's a public format. Windows > supports lots of proprietary formats. Is it supported by mac or Linux? Yes, it's fully supported by Mac and Linux. But when i say that the reader is "standard", i mean that the use of the reader should be fully transparent for any application using the standards API of Windows. The problem does not come from the reader itself, it come from the fact that the certificate does not certify an email address. You can use any other certificate with no email address defined, you will suffer the same problem with TB!. | `- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -- Best regards... _ (_' L'informatique est ma passion, vous la simplifier, mon métier ! ,_)téphane Bouvard [antarex AT freenet DOT be] http://www.antarex.be Current version is 3.98 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Sign mails with a S/Mime certificate from an EID card...
Hello Stephane, This is gettin OT. Sunday, March 4, 2007, 4:18:06 PM, you wrote: SBM> In Belgium, it's the only legaly accepted way to send official emails to SBM> any official service, an email signed with an EID is equivalent of a SBM> signed snail mail. Most of this "signed snail mail" doesn't constitute any kind of proof either. I was obliged to have a card reader from day one, when actually only some civil servants had an EID. Euphemistically speaking, I'm not impressed by the EID. -- Best Wishes, Mark using The Bat! 3.98.3 Current version is 3.98 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Sign mails with a S/Mime certificate from an EID card...
Hallo Stephane, On Sun, 4 Mar 2007 16:18:06 +0100GMT (4-3-2007, 16:18 +0100, where I live), you wrote: SB> Hi, SB> ,- - [ Le samedi 3 mars 2007 vers 10:07 Roelof Otten écrivait: ] - - SB> | >> Consider it to be a feature helping TB!-users from doing stupid things! [moderator on] Please keep your quotes straight. That quote didn't come from the message you were replying to, nor was it written by me. [moderator off] -- Groetjes, Roelof Error 99: Dead mouse in hard drive. http://www.voormijalleen.nl/ The Bat! 3.98.2 Windows XP 5.1 Build 2600 Service Pack 2 1 pop3 account, server on LAN OTFE enabled P4 3GHz 2 GB RAM pgpYnG19cbH7p.pgp Description: PGP signature Current version is 3.98 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Sign mails with a S/Mime certificate from an EID card...
Hallo Stephane, On Sun, 4 Mar 2007 16:18:06 +0100GMT (4-3-2007, 16:18 +0100, where I live), you wrote: >> read with a special card reader. SB> With a standard electronic card reader, it's not a proprietary SB> one, it's a reader recognised by Windows, integrated with the CryptoAPI of windows. Being supported by windows doesn't mean it's a public format. Windows supports lots of proprietary formats. Is it supported by mac or Linux? -- Groetjes, Roelof Win95 -Microsoft. Lose$95 -Usenet Oracle. http://www.voormijalleen.nl/ The Bat! 3.98.2 Windows XP 5.1 Build 2600 Service Pack 2 1 pop3 account, server on LAN OTFE enabled P4 3GHz 2 GB RAM pgpKB7mFuL9AZ.pgp Description: PGP signature Current version is 3.98 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Sign mails with a S/Mime certificate from an EID card...
Hi, ,- - [ Le samedi 3 mars 2007 vers 10:07 Roelof Otten écrivait: ] - - | HDB>> Did you import that S/MIME (X.509) certificate into The Bat? > If I understood it correctly, they've got a hardware card, that can be An identity card is hardware, of course :) But i do not see how to import the certificate into TheBat!... the certificate is imported in the certificate repository of Windows, and TB! is configured to use the Windows CryptoAPI... > read with a special card reader. With a standard electronic card reader, it's not a proprietary one, it's a reader recognised by Windows, integrated with the CryptoAPI of windows. Those card include a certificate wich can be imported in windows, and should be available for any program using the CryptoAPI : this certificate is visible into the certificate manager of Windows as "personnal certificate". Even TheBat! recognize this API : in the S/Mime settings, when MS CryptoAPI is selected, i can choose "Belgium Identity Card CSP" as crypto service provider. The only problem is that those certificate does not mention any email address, and TheBat does not allow to select a certificate manually : TheBat! only allow to select a certificate mentionning the same email address as the one used to send the mail... and as the EID certificate does not mention any email, TheBat! does not find the cetrificate as valid. > Consider it to be a feature helping TB!-users from doing stupid things! In Belgium, it's the only legaly accepted way to send official emails to any official service, an email signed with an EID is equivalent of a signed snail mail. | `- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -- Best regards... _ (_' L'informatique est ma passion, vous la simplifier, mon métier ! ,_)téphane Bouvard [antarex AT freenet DOT be] http://www.antarex.be Current version is 3.98 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Sign mails with a S/Mime certificate from an EID card...
Hello Roelof, Saturday, March 3, 2007, 10:07:01 AM, you wrote: RO> If I understood it correctly, they've got a hardware card, that can be RO> read with a special card reader. That's how I understood it in the RO> past. And AAFAIK TB doesn't support that. Consider it to be a feature helping TB!-users from doing stupid things! -- Best Wishes, Mark using The Bat! 3.98.3 Current version is 3.98 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re[2]: Sign mails with a S/Mime certificate from an EID card...
Hello Henk, HMdB> Did you import that S/MIME (X.509) certificate into The Bat? I Thunderbird it works and there I have to "Load a secutity devic" in fact a dll-file. But I don't see that possibility in The Bat -- Best regards, Patrick Using The Bat! v3.98.1 on Windows XP 5.1 Build 2600 Service Pack 2 Current version is 3.98 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re[2]: Sign mails with a S/Mime certificate from an EID card...
Hello Roelof, RO> If I understood it correctly, they've got a hardware card, that can be RO> read with a special card reader. That's how I understood it in the RO> past. And AAFAIK TB doesn't support that. Thanks for clearing this out. -- Best regards, Patrick Using The Bat! v3.98.1 on Windows XP 5.1 Build 2600 Service Pack 2 Current version is 3.98 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Sign mails with a S/Mime certificate from an EID card...
Hallo Henk, On Sat, 3 Mar 2007 05:10:07 +0100GMT (3-3-2007, 5:10 +0100, where I live), you wrote: SBM>>> I've allready asked long time ago, in Belgium we have Electronic SBM>>> Identity Cards, those cards include a certificate allowing normally to sign emails... PN>> I have the same question, PN>> see my email to the list on 25/02/2007 PN>> subject : Unable to sign with pkcs#11 or what am I doing wrong ? PN>> but there is still no reaction HDB> Did you import that S/MIME (X.509) certificate into The Bat? If I understood it correctly, they've got a hardware card, that can be read with a special card reader. That's how I understood it in the past. And AAFAIK TB doesn't support that. -- Groetjes, Roelof FIDO: Fading Into Discreet Obsolescence http://www.voormijalleen.nl/ The Bat! 3.96.15 Windows XP 5.1 Build 2600 Service Pack 2 1 pop3 account, server on LAN OTFE enabled P4 3GHz 2 GB RAM pgptGUq14JoED.pgp Description: PGP signature Current version is 3.98 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Sign mails with a S/Mime certificate from an EID card...
On Sat, 3 Mar 2007 00:13:59 +0100GMT (3-3-2007, 0:13 +0200, where I live), Patrick Nijs wrote: SBM>> I've allready asked long time ago, in Belgium we have Electronic SBM>> Identity Cards, those cards include a certificate allowing normally to sign emails... PN> I have the same question, PN> see my email to the list on 25/02/2007 PN> subject : Unable to sign with pkcs#11 or what am I doing wrong ? PN> but there is still no reaction Did you import that S/MIME (X.509) certificate into The Bat? -- grtz, Henk M. de Bruijn __ The Bat! E-Mail System version 3.98.3 Pro on Windows XP SP2/OTFE enabled PGPkey at: http://www.biglumber.com/x/web?qs=0X11EECBEEB464DD0F Gossamer Spider Web of Trust http://www.gswot.org An innovative and progressive OpenPGP Web of Trust smime.p7s Description: S/MIME Cryptographic Signature Current version is 3.98 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Sign mails with a S/Mime certificate from an EID card...
Hello Stephane, SBM> I've allready asked long time ago, in Belgium we have Electronic SBM> Identity Cards, those cards include a certificate allowing normally to sign emails... I have the same question, see my email to the list on 25/02/2007 subject : Unable to sign with pkcs#11 or what am I doing wrong ? but there is still no reaction -- Best regards, Patrick Using The Bat! v3.98.1 on Windows XP 5.1 Build 2600 Service Pack 2 Current version is 3.98 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Sign mails with a S/Mime certificate from an EID card...
Hi, I've allready asked long time ago, in Belgium we have Electronic Identity Cards, those cards include a certificate allowing normally to sign emails... The problem : this certificate only certify my name, of course, and not a specific email address, as it's an official and legal personnal certificate... when i try to sign an email using TheBat!, TB search a certificate for my email address, and of course is unable to find my certificate as this is without any email address specified... Is there any possibility to tell TB that i still want to sign my emails using this certificate ? It do now a couple of years that EID cards where legaly implemented, can we expect an update someday to support this kind of security in TB ? It's really annoing that to send a legal email i need to use Outlook :( -- Best regards... _ (_' L'informatique est ma passion, vous la simplifier, mon métier ! ,_)téphane Bouvard [antarex AT freenet DOT be] http://www.antarex.be Current version is 3.98 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Diverent S/MIME certify
Hi, ,- - [ Le mercredi 18 janvier 2006 vers 12:23 Christian Bonkowski écrivait: ] - - | > on my job we got new S/Mime certificates. One for signing a mail and > one for encrypting. The certificate for signing I can import in the > bat and use it. But I can't import the other. > Is it possible to work with different certificates? And if so how? | `- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - I jump on this question... i've allready asked last year if TheBat! can use S/Mime certificate with no EMail address in... Last year, TheBat! only allowed to sign a message with a certificate if this certificate is made for the same email address than the from address... in belgium we have an electronic ID card with official S/Mime certificate authenticating our *identity* (and not our email address), and thus those certificates does not mention any EMail and thus cannot work with TB! (and work perfectly with Outlook) :( Does this have changed since last year, can we now use an "email-less" S/Mime certificate to sign a message ? (as it was not working, my ID Reader is installed on another computer with Outlook, thus i cannot test myself here). -- Best regards... _ (_' ,_)téphane Bouvard [antarex AT freenet DOT be] http://www.antarex.be Current version is 3.65.03 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Diverent S/MIME certify
Dear Christian, @18-Jan-2006, 12:23 +0100 (18-Jan 11:23 here) Christian Bonkowski [CB] in mid:[EMAIL PROTECTED] said to TBUDL: CB> on my job we got new S/Mime certificates. One for signing a mail and CB> one for encrypting. The certificate for signing I can import in the CB> bat and use it. But I can't import the other. CB> Is it possible to work with different certificates? And if so how? I have many S/MIME certificates. I use the Edit personal certificates button in the Account properties .. General dialog. There is an Import button there and no restriction on the number of different certificates that can be imported. I'm not sure how to associate one key with signing only and a different key with encryption only. I had always thought that an encryption key would be used for signing too. -- Cheers -- //.arck D Pearlstone -- List moderator and fellow end user TB! v3.65.04 on Windows XP 5.1.2600 Service Pack 2 ' pgpyuSGZNTiAV.pgp Description: PGP signature Current version is 3.65.03 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Diverent S/MIME certify
Hello, on my job we got new S/Mime certificates. One for signing a mail and one for encrypting. The certificate for signing I can import in the bat and use it. But I can't import the other. Is it possible to work with different certificates? And if so how? Thanx for help, Christian Current version is 3.65.03 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Help with S/MIME on Microsoft Crypto API
On Tue, 26 Jul 2005 18:22:15 +0200GMT (26-7-2005, 18:22 +0200, where I live), Peter Palmreuther wrote: Hello Peter, > On Tuesday, July 26, 2005 at 9:34:26 AM Henk [HMdB] wrote: HMdB>> Sorry I can not help you with this :-( > No problem. > It confuses me even more with it's S/MIME / security settings, iow: I > couldn't get it to work either. I didn't even see my MS Crypto API > stored certificates, not to talk about signing something with them ;-) Sorry to read that! It is not the Bat! but it works with PGP/GPG very easy, almost intuitive ;-) -- Henk M. de Bruijn __ The Bat! Natural E-Mail System version 3.51.10 Pro on Windows XP SP2 Request-PGP: http://www.biglumber.com/x/web?qs=0x6C9F6CE78C32408B Gossamer Spider Web of Trust http://www.gswot.org A progressive and innovative Web of Trust pgpZxf6cFjj0t.pgp Description: PGP signature Current version is 3.51.10 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Help with S/MIME on Microsoft Crypto API
Hello Henk, On Tuesday, July 26, 2005 at 9:34:26 AM Henk [HMdB] wrote: HMdB> Sorry I can not help you with this :-( No problem. >> Seems I don't get only TB! to behave this way, it's just I don't want >> to use Outlook or Outlook Express for sending mails signed with this >> certificate ;-) HMdB> Maybe Thunderbird is an alternative ;-) HMdB> It is for me when the Bat! does not behave with PGP/GPG as I want. It confuses me even more with it's S/MIME / security settings, iow: I couldn't get it to work either. I didn't even see my MS Crypto API stored certificates, not to talk about signing something with them ;-) -- Regards Peter Palmreuther (The Bat! v3.51.10 on Windows XP 5.1 Build 2600 Service Pack 2) She's dead Jim... Still warm though. Flip ya for her? Current version is 3.51.10 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Help with S/MIME on Microsoft Crypto API
On 26-7-2005 9:14 Peter Palmreuther wrote: Hello Peter, > On Tuesday, July 26, 2005 at 12:21:10 AM Henk [HMdB] wrote: ... Sorry I can not help you with this :-( > Seems I don't get only TB! to behave this way, it's just I don't want > to use Outlook or Outlook Express for sending mails signed with this > certificate ;-) Maybe Thunderbird is an alternative ;-) It is for me when the Bat! does not behave with PGP/GPG as I want. I would not want to miss the Bat! but.. -- cheers, Henk M. de Bruijn __ Mozilla Thunderbird version 1.0.6 (20050716) on Windows XP SP2 PGPkey at: http://www.biglumber.com/x/web?qs=0x6C9F6CE78C32408B Gossamer Spider Web of Trust http://www.gswot.org A progressive and innovative Web of Trust Current version is 3.51.10 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Help with S/MIME on Microsoft Crypto API
Hello Henk, On Tuesday, July 26, 2005 at 12:21:10 AM Henk [HMdB] wrote: >> As I intended to finally use it I changed S/MIME configuration to use >> "Microsoft Crypto API". >> Sadly I wasn't able to sign any e-mail, most probably because I choose >> the wrong settings. All I get (after selecting the appropriate key >> when I'm asked) is HMdB> Did you import the e-mail certificate into the Bat!? Nope. I want to use the certificate stored using MS Crypto API. Importing into TB! and using internal S/MIME implementation is not what I want. HMdB> Does it have to be Microsoft CryptoApi? Not internal implementation? It does, because the certificate is linked to a chip card. Where normal certificates are password protected this one is PIN protected. Wherever else I use it (e.g. Online Banking) I have to enter my card-PIN using the card reader (therefore the PIN never goes to the computer and the certificate can't be misused because no password can be cracked/guessed/hacked/whatever). This PIN-confirmation is activated by MS Crypto methods, whenever one of the other programs tries to use the certificate the chip card driver (plus a service plus component X) interrupts and asks me to insert the chip card and then enter the PIN (instead of the usual password dialog). Seems I don't get only TB! to behave this way, it's just I don't want to use Outlook or Outlook Express for sending mails signed with this certificate ;-) -- Regards Peter Palmreuther (The Bat! v3.51.10 on Windows XP 5.1 Build 2600 Service Pack 2) Condition red: spent casing dropping to the ground... Current version is 3.51.10 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Help with S/MIME on Microsoft Crypto API
On Mon, 25 Jul 2005 19:51:38 +0200GMT (25-7-2005, 19:51 +0200, where I live), Peter Palmreuther wrote: Hi Peter, ... > As I intended to finally use it I changed S/MIME configuration to use > "Microsoft Crypto API". > Sadly I wasn't able to sign any e-mail, most probably because I choose > the wrong settings. All I get (after selecting the appropriate key > when I'm asked) is ... Did you import the e-mail certificate into the Bat!? Does it have to be Microsoft CryptoApi? Not internal implementation? -- cheers, Henk M. de Bruijn __ The Bat! Natural E-Mail System version 3.51.10 Pro on Windows XP SP2 Request-PGP: http://www.biglumber.com/x/web?qs=0x6C9F6CE78C32408B Gossamer Spider Web of Trust http://www.gswot.org A progressive and innovative Web of Trust pgptEWvM1EOuc.pgp Description: PGP signature Current version is 3.51.10 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Help with S/MIME on Microsoft Crypto API
Hello List, seems it's time I need a little help. I own a class three card reader (ReinerSCT) and an appropriate chip card. This card includes, among others, an e-mail certificate, which can be used to S/MIME sign e-mail-messages. As I intended to finally use it I changed S/MIME configuration to use "Microsoft Crypto API". Sadly I wasn't able to sign any e-mail, most probably because I choose the wrong settings. All I get (after selecting the appropriate key when I'm asked) is ,- | Cannot sign the message | | Der registrierte Schlüsselsatz ist nicht definiert `- The German part says "The registered key pair is not defined". What should I do (not with the drunken sailor *g*), what *can* I do to make it work? I think I remember I had it working, aeons ago and with something that still might have been a 1.x release, but might have been an early 2.x release as well. But I might be wrong. So is anybody using TB!3 with S/MIME on MS crypto API, driven by a chip card? And if so: what's the way to go? Thanks a lot in advance, -- best regards Peter Palmreuther (The Bat! v3.51.9 on Windows XP 5.1 Build 2600 Service Pack 2) I like long walks, especially when they are taken by people who annoy me. Current version is 3.5.30 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
S/MIME- und PGP-Tuning
Hi all, after writing in the German list and getting no reply I decided to post this issue also here... Maybe I have more luck... I'm looking forward to optimize my S/MIME and PGP configuration. At the moment I use S/MIME (as you also see in this mail) only for signing every outgoing mail. I personally like S/MIME for signing better than PGP because S/MIME signatures are shown as valid or invalid at once in TB. PGP signatures are shown with a question mark and you first have to start the external program to verify the signature. Encryption with S/MIME and PGP also works but I do not use it very often because I think it's unpractical. I really don't like it that every incoming and outgoing encrypted mail is stored encrypted in the database. TB also wants the mantra every time I try to read the mail. Plus the search engine does not find content in the encrypted mails (which is absolutly clear for me because these mails are stored encrypted and I have to type in the mantra every time I try to read the content). So here comes the first question: Is it possible to store these mails plain in the database? At least I'm using OTFE encryption and I think this is enough security for my local workstation. The issue described above is leading us to my second question: Using S/MIME for encryption I cannot add or remove recipients which can decode the mail like when using PGP for encryption. So I cannot add myself and I have the problem that I cannot decode mails I sent using S/MIME for encryption. How can I add myself so that I can decode mails lying in my sent mail folder? By the way: Is this the right group for these kind of issues or should I better address this to the beta group? Regards, Martin -- The Bat! v3.51 powered by Windows 2003 5.2 Build 3790 Service Pack 1 ConCarne cooks best since 1998 http://www.concarne.org smime.p7s Description: S/MIME Cryptographic Signature Current version is 3.50 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Using a S/Mime certificate with no specific email adress included
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ***^\ ."_)~~ ~( __ _"o Was another beautiful day, Fri, 29 Apr 2005, @ @ at 14:19:53 +0200, when Stephane Bouvard [ML] wrote: > In Belgium, we have now an electronic identity card... this card > include a certificate allowing us to digitaly sign a document/email... > The problem is : this certificate is used to authenticate our name, > not a "temporary" or a specific email address... it means that this > certificate does not mention any email address... > Consequence, when i try to sign a mail with The Bat! Pro, it tell > me that there isn't any certificate for my email address (i think that > The Bat only try to find a certificate with my email address, and > refuse to use a certificate not mentionning it )... but i do not find > how i can ask it to use my "address-less" certificate... > With Microsoft Outlook, i need to manualy change a registry key to > allow it : > HKLM\SOFTWARE\Microsoft\11.0\Outlook\Security\SupressNameChecks > Is it possible with The Bat ! ? Or did i need to forget TB and use Outlook ? Hmm...that's problem with The Bat (btw, you can't change anything in this regard in TB's registry entry), and as I know it's not solved in any way. You might cheat though TB by associating a fake/"blank" address to your nick/name (like giving the address in a form -- literally -- [EMAIL PROTECTED] ), but again it will be, via TB, associated only with the corresponding account, which hence must be tied to the fake address, and a fake address you cannot use for any correspondency. There are some other limitations as to PGP keys used in TB, for instance, when you want to sign a message, you'll be offered *only* those keys with the address corresponding to the actual account (while in some earlier versions you could freely use *any* key with any address associated). Etc. There are some other...peculiarities too, but let's them put aside in the moment, it's already pretty messy situation with some *really* important and essential features, being consistently neglected, in the strange favour of definitely nonessential ones. A bearable "workaround" would be perhaps that authors get these, actually nonsensical, and absolutely unnecessary, limitations -- "unblocked", allowing this way the user to choose *any* PGP key/certificate s/he wants to use (with or without address!), since TB does not have and "rights" actually to "think" and "decide" instead the user which key will be used and in a what way: it is entirely and strictly the matter of the user him/herself, and of the external program (PGP/GPG/etc) s/he uses, in the way s/he wants to use it. TB is here just an "intermediary" and shouldn't in any way interfere with something it's not allowed or even appropriate to interfere with. That is, I should be able, for instance, to sign a message with key 1, then to encrypt it with a key 2 and to send it using account with address corresponding to a key 3. (-: That's my *right* to do with my keys what *I* want and what *I* find appropriate. Not what some "software" tells me what is "good" "for me". It is nonsensical. (-: These "associations" of keys/certificates with accounts/addresses etc. should be dismissed. So, when a User wants to sign/encrypt a message, then *all* keys/certificates on disposal should be offered, in *any* account. Isn't that obvious? (-: - -- Mica PGP keys nestled at: http://bardo.port5.com/pgpkeys/ [Earth LOG: 240 day(s) since v3.0 unleashing] OSs: Windows 98 SE Micro Lite Professional IVa Enterprise Millennium with nestled ZipSlack(tm) 9.1, and, for TB sometimes, Gentoo and Vector via Wine... ~~~ For PM please use my full address as it is *exactly* given in my "From|Reply To" field(s). ~~~ -BEGIN PGP SIGNATURE- iD8DBQFCcjwN9q62QPd3XuIRAqs1AJ0Va4v0RcDHNiPo251pj5q74zJizgCaAh7N 2AscOA7sqtCCMP2z4emm020= =gLzj -END PGP SIGNATURE- Current version is 3.0.1.33 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Using a S/Mime certificate with no specific email adress included
Hi, In Belgium, we have now an electronic identity card... this card include a certificate allowing us to digitaly sign a document/email... The problem is : this certificate is used to authenticate our name, not a "temporary" or a specific email address... it means that this certificate does not mention any email address... Consequence, when i try to sign a mail with The Bat! Pro, it tell me that there isn't any certificate for my email address (i think that The Bat only try to find a certificate with my email address, and refuse to use a certificate not mentionning it )... but i do not find how i can ask it to use my "address-less" certificate... With Microsoft Outlook, i need to manualy change a registry key to allow it : HKLM\SOFTWARE\Microsoft\11.0\Outlook\Security\SupressNameChecks Is it possible with The Bat ! ? Or did i need to forget TB and use Outlook ? Thanks for your help. Best regards... _ (_' ,_)téphane Bouvard [antarex AT freenet DOT be] http://www.antarex.be -- _ _ |_)(_ Votre propre nom de domaine .be - service de qualité - 25 Euros o|_)(_ Hosting php4/cgi/mySQL - 100 Euros, pq payer plus ? www.myown.be Current version is 3.0.1.33 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: REPOST: Problems with S/MIME
> BEGIN REPOSTED MESSAGE > Hi > I'm using TB! Pro v3, and when I try and generate a digital certificate > for myself (using the generate button in TB!) I get the following error > messages: > "Token driver is not installed or PKCS#11 API is missing" > (this error only shows up the first time I try it after starting TB!. > After the first attempt it then only shows the error below until I shut > down TB! and reopen it again) > followed by: > "The specified token could not be found" > FWIW I used this function previously in TB! 2 without any problems. > I'm not using any tokens or hardware authentication methods. > Also, I created a digital certificate for myself using openSSL and a > GUI front-end and when imported into other programs (IE, Mozilla, > Thunderbird etc.) it works fine but when I import it into TB! the > certificate shows up as invalid due to "Invalid signature match". > Any ideas what the problem(s) could be and how to solve it? > Thanks. > END OF REPOSTED MESSAGE Sorry to repost the whole of the original message but I felt it was only fair to let you know that this problem has been resolved in the new version of TB! Well done Ritlabs. I was so very close to divorcing TB! because of this "issue". The new v3 looks good (so far) ;) P.S. Thanks Marck (and others), for helping me look into this problem further. Elis (formerly known as acemanATtinternetDOTcom) -- Current version is 3.0.1.33 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: 2nd REPOST: Problems with S/MIME
Hello Marck, On Fri, 8 Oct 2004 18:23:52 +0100 GMT (09/10/2004, 00:23 +0700 GMT), Marck D Pearlstone wrote: TF>> Found it. I don't have a Certification Path tab, though. MDP> Hmmm .. Then you may not have gone deep enough. Correct. Found it. MDP> You have to "View INVALID certificate", click the "View" button at the MDP> bottom of the certificate view dialog, click to the "Certification MDP> path" tab in the View dialog, select Henk's authority certificate MDP> there and click the "Add to trusted" button. Did that. Now I get: "This certificate is valid". Went back to Henk's message, jump to another and back again. Still a red cross. It still says "Viwe INVALID signature", and upon viewing, "Message was altered". That message doesn't like me... -- Cheers, Thomas. Kommt ein Mann in ne Bank: "Haende raus, Geld hoch, ich bin eine Geisel!" - "Gell, Sie wollen's in Schilling?" Message reply created with The Bat! 2.12.02 under Chinese Windows 98 4.10 Build A Current version is 3.00.00 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: 2nd REPOST: Problems with S/MIME
Hello Peter, On Fri, 8 Oct 2004 19:57:33 +0200GMT (8-10-2004, 19:57 +0100, where I live), you wrote: ... PM> I came late in this thread, but this works to have Henk's previously PM> invalid sig turn to valid. It is not always necessary to do so much trouble to valid a S/MIME sig.. -- regards, Henk. __ :tbflag: The Bat! Natural Email System v3.0nl Professional on Windows XP SP2 PGP Key Request: See Headers or send email with subj.: send HenksKeyID Gossamer Spider Web of Trust http://gswot.webhop.info/ smime.p7s Description: S/MIME Cryptographic Signature Current version is 3.00.00 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: 2nd REPOST: Problems with S/MIME
Hi Marck, on Fri, 8 Oct 2004 18:23:52 +0100GMT, you wrote: MDP> You have to "View INVALID certificate", click the "View" button at the MDP> bottom of the certificate view dialog, click to the "Certification MDP> path" tab in the View dialog, select Henk's authority certificate MDP> there and click the "Add to trusted" button. I came late in this thread, but this works to have Henk's previously invalid sig turn to valid. -- Cheers Peter "Smash forehead on keyboard to continue." Winamp currently playing: Rutles - Give Booze a Chance pgpSP7Z2cRDYL.pgp Description: PGP signature Current version is 3.00.00 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: 2nd REPOST: Problems with S/MIME
Dear Thomas, @8-Oct-2004, 23:40 +0700 (08-Oct 17:40 UK time) Thomas Fernandez [TF] in mid:[EMAIL PROTECTED] said to Marck: MDP>>>> You have to "View INVALID certificate", MDP>> The button that is the X marker on the signed message. That was my MDP>> start point for the instructions. Go back there and follow the MDP>> instructions again. TF> Found it. I don't have a Certification Path tab, though. Hmmm .. Then you may not have gone deep enough. TF> I have a Certificate tab, but that offers no path. Maybe that's TF> because I'm using an older version of TB. Nah - it's been there since v1 S/MIME support. To reiterate ... You have to "View INVALID certificate", click the "View" button at the bottom of the certificate view dialog, click to the "Certification path" tab in the View dialog, select Henk's authority certificate there and click the "Add to trusted" button. -- Cheers -- //.arck D Pearlstone -- List moderator and fellow end user TB! v3.0.1 RC5 on Windows XP 5.1.2600 Service Pack 2 ' pgp3oxNXdVzTM.pgp Description: PGP signature Current version is 3.00.00 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: 2nd REPOST: Problems with S/MIME
Hello Marck, On Fri, 8 Oct 2004 16:29:35 +0100 GMT (08/10/2004, 22:29 +0700 GMT), Marck D Pearlstone wrote: MDP>>> You have to "View INVALID certificate", MDP> The button that is the X marker on the signed message. That was my MDP> start point for the instructions. Go back there and follow the MDP> instructions again. Found it. I don't have a Certification Path tab, though. I have a Certificate tab, but that offers no path. Maybe that's because I'm using an older version of TB. -- Cheers, Thomas. Prepositions are not words to end sentences with. Message reply created with The Bat! 2.12.02 under Chinese Windows 98 4.10 Build A Current version is 3.00.00 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: 2nd REPOST: Problems with S/MIME
Dear Thomas, @8-Oct-2004, 22:14 +0700 (08-Oct 16:14 UK time) Thomas Fernandez [TF] in mid:[EMAIL PROTECTED] said to Marck: MDP>> You have to "View INVALID certificate", TF> Where do I do that? I have imported the cert. I went to the AB, there TF> are Root CAs and Trusted CAs, many of them, which one is the INVALID TF> one? The button that is the X marker on the signed message. That was my start point for the instructions. Go back there and follow the instructions again. -- Cheers -- //.arck D Pearlstone -- List moderator and fellow end user TB! v3.0.1 RC5 on Windows XP 5.1.2600 Service Pack 2 ' pgpINBAde94vh.pgp Description: PGP signature Current version is 3.00.00 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: 2nd REPOST: Problems with S/MIME
Hello Marck, On Thu, 7 Oct 2004 11:48:30 +0100 GMT (07/10/2004, 17:48 +0700 GMT), Marck D Pearlstone wrote: MDP> You have to "View INVALID certificate", Where do I do that? I have imported the cert. I went to the AB, there are Root CAs and Trusted CAs, many of them, which one is the INVALID one? -- Cheers, Thomas. Durchgang bei geoeffnetem Tor verboten. Message reply created with The Bat! 2.12.02 under Chinese Windows 98 4.10 Build A Current version is 3.00.00 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: 2nd REPOST: Problems with S/MIME
>> Unfortunately, it's increasingly looking likely that I'm the only >> one (so far) suffering from this problem. I guess it doesn't look >> too hopeful I'll be able to resolve it. :( Phew, I'm sooo glad I'm not the only person with this problem :) > No, I tried generating a self-cert certificate and it failed for the > same reason, so you are not alone. I too am using the Pro version, so > maybe the problem is as you and Marck have suggested. > Do you want to post a bug report and post the details here so I can > support it? I would love to but I honestly don't know how to! ;) -- Current version is 3.00.00 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: 2nd REPOST: Problems with S/MIME
Dear Thomas, @7-Oct-2004, 01:07 +0700 (06-Oct 19:07 UK time) Thomas Fernandez [TF] in mid:[EMAIL PROTECTED] said to Marck: TF>>> Not here: Big red X on Hank's message. MDP>> Yes - until I approved Henk as a certification authority. TF> I wouldn't know how to do that. But don't worry, this is probably a TF> question for pgp-beginners. It's not because we're talking about S/MIME, not PGP. So this is the correct forum. S/MIME is an integral function in The Bat, completely self-contained. You have to "View INVALID certificate", click the "View" button, click to the "Certification path" tab, select Henk's authority certificate there and click the "Add to trusted" button. Once you have done that, reselect Henk's message (by selecting a different message and then coming back) to re-validate the certificate and it should have changed to a green tick. And do the same for mine. You could then remove the entries from the Trusted Root CA Address Book folder if you don't wish to continue trusting us ;-). -- Cheers -- //.arck D Pearlstone -- List moderator and fellow end user TB! v3.0.1 RC5 on Windows XP 5.1.2600 Service Pack 2 ' pgp9BIZErbrxW.pgp Description: PGP signature Current version is 3.00.00 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: 2nd REPOST: Problems with S/MIME
Hello Marck, On Wed, 6 Oct 2004 00:38:28 +0100 GMT (06/10/2004, 06:38 +0700 GMT), Marck D Pearlstone wrote: TF>> Not here: Big red X on Hank's message. MDP> Yes - until I approved Henk as a certification authority. I wouldn't know how to do that. But don't worry, this is probably a question for pgp-beginners. TF>> "Message was altered" MDP> Not at all - just certified by an unknown authority. I am just reporting what PGP told me. -- Cheers, Thomas. Why do you need a driver's license to buy liquor when you can't drink and drive ? Message reply created with The Bat! 2.12.02 under Chinese Windows 98 4.10 Build A Current version is 3.00.00 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: 2nd REPOST: Problems with S/MIME
Hello Julian, On Wed, 6 Oct 2004 08:08:46 +0100GMT (6-10-2004, 9:08 +0100, where I live), you wrote: ... > No, I tried generating a self-cert certificate and it failed for the > same reason, so you are not alone. I too am using the Pro version, so > maybe the problem is as you and Marck have suggested. > Do you want to post a bug report and post the details here so I can > support it? When I tried to generate a X.509 certificate I was using v3.01 RC3. So maybe it is not necessary to post a bug report but just wait for the next release? -- cheers, Henk __ :tbflag: The Bat! Natural Email System v3.01 RC4 Professional on Windows XP SP2 PGP Key Request: See Headers or send email with subj.: send HenksKeyID Gossamer Spider Web of Trust http://gswot.webhop.info/ smime.p7s Description: S/MIME Cryptographic Signature Current version is 3.00.00 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: 2nd REPOST: Problems with S/MIME
On Tuesday, October 5, 2004, 11:36:53 PM, [EMAIL PROTECTED] wrote: > Unfortunately, it's increasingly looking likely that I'm the only > one (so far) suffering from this problem. I guess it doesn't look > too hopeful I'll be able to resolve it. :( No, I tried generating a self-cert certificate and it failed for the same reason, so you are not alone. I too am using the Pro version, so maybe the problem is as you and Marck have suggested. Do you want to post a bug report and post the details here so I can support it? Julian -- Using The Bat! v3.0 on Windows XP 5.1 Build 2600 Service Pack 2 Current version is 3.00.00 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: 2nd REPOST: Problems with S/MIME
Dear Thomas, @6-Oct-2004, 00:48 +0700 (05-Oct 18:48 UK time) Thomas Fernandez [TF] in mid:[EMAIL PROTECTED] said to Marck: HDB>>> I am already working with two X.509 certificates (Thawte and CAcert) HDB>>> and tried to generate a certificate myself withing the Bat! HDB>>> Let´s see if it works? MDP>> Perfecto. TF> Not here: Big red X on Hank's message. Yes - until I approved Henk as a certification authority. TF> "Message was altered" Not at all - just certified by an unknown authority. -- Cheers -- //.arck D Pearlstone -- List moderator and fellow end user TB! v3.0.1 RC3 on Windows XP 5.1.2600 Service Pack 2 ' pgpu2HfTjgXaE.pgp Description: PGP signature Current version is 3.00.00 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: 2nd REPOST: Problems with S/MIME
>> I still have the problem with the self-signed certificates though :( > I am already working with two X.509 certificates (Thawte and CAcert) > and tried to generate a certificate myself withing the Bat! > Let´s see if it works? Yep, looked ok here. Thanks for trying. Unfortunately, it's increasingly looking likely that I'm the only one (so far) suffering from this problem. I guess it doesn't look too hopeful I'll be able to resolve it. :( -- Current version is 3.00.00 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: 2nd REPOST: Problems with S/MIME
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ***^\ ."_)~~ ~( __ _"o Was another beautiful day, Tue, 5 Oct 2004, @ @ at 19:27:50 +0200, when Henk de Bruijn wrote: > Hello aceman, > On Tue, 5 Oct 2004 17:01:10 +0100GMT (5-10-2004, 18:01 +0100, where I > live), you wrote: > >> OK, please disregard the above problem. I have now managed to fix it (somehow). >> I still have the problem with the self-signed certificates though :( > I am already working with two X.509 certificates (Thawte and CAcert) > and tried to generate a certificate myself withing the Bat! > Let´s see if it works? Does that mean something if I see here this: Message was altered. Signed time 05 okt 2004 19:27:59 This S/MIME Certificate is invalid. - -- Mica PGP key uploaded at: <http://pgp.mit.edu/> once just before breakfast [Earth LOG: 34 day(s) since v3.0 unleashing] -BEGIN PGP SIGNATURE- iD8DBQFBYuWj9q62QPd3XuIRAntZAKCRxRLDphW0Gtu+9/t6Easmyob/NACdHObM R/iNwwYZ9XU+t7C9jnMUbQ8= =8jfQ -END PGP SIGNATURE- Current version is 3.00.00 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: 2nd REPOST: Problems with S/MIME
Hello Marck, On Tue, 5 Oct 2004 18:40:37 +0100 GMT (06/10/2004, 00:40 +0700 GMT), Marck D Pearlstone wrote: HDB>> I am already working with two X.509 certificates (Thawte and CAcert) HDB>> and tried to generate a certificate myself withing the Bat! HDB>> Let´s see if it works? MDP> Perfecto. Not here: Big red X on Hank's message. "Message was altered" -- Cheers, Thomas. Early to bed and early to rise means it's time to meet more guys. Message reply created with The Bat! 2.12.02 under Chinese Windows 98 4.10 Build A Current version is 3.00.00 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: 2nd REPOST: Problems with S/MIME
Dear Henk, @5-Oct-2004, 19:27 +0200 (05-Oct 18:27 UK time) Henk de Bruijn [HDB] in mid:[EMAIL PROTECTED] said: >> OK, please disregard the above problem. I have now managed to fix it (somehow). >> I still have the problem with the self-signed certificates though :( HDB> I am already working with two X.509 certificates (Thawte and CAcert) HDB> and tried to generate a certificate myself withing the Bat! HDB> Let´s see if it works? Perfecto. -- Cheers -- //.arck D Pearlstone -- List moderator and fellow end user TB! v3.0.1 RC3 on Windows XP 5.1.2600 Service Pack 2 ' pgpgEdasrnDPc.pgp Description: PGP signature Current version is 3.00.00 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: 2nd REPOST: Problems with S/MIME
Hello aceman, On Tue, 5 Oct 2004 17:01:10 +0100GMT (5-10-2004, 18:01 +0100, where I live), you wrote: ... > OK, please disregard the above problem. I have now managed to fix it (somehow). > I still have the problem with the self-signed certificates though :( I am already working with two X.509 certificates (Thawte and CAcert) and tried to generate a certificate myself withing the Bat! Let´s see if it works? -- cheers, Henk __ :tbflag: The Bat! Natural Email System v3.0nl Professional on Windows XP SP2 PGP Key Request: See Headers or send email with subj.: send HenksKeyID Gossamer Spider Web of Trust http://gswot.webhop.info/ smime.p7s Description: S/MIME Cryptographic Signature Current version is 3.00.00 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: 2nd REPOST: Problems with S/MIME
> On a somewhat related note, my email provider has issued a new POP3 > certificate today but TB! keeps giving me the error: > "TLS handshake failure. Invalid server certificate (The issuer of this certificate > chain was not found)." > Now, the certificate was issued by Comodo Group so I know there isn't a > problem with the issuer and the old certificate they were using worked > fine. The structure and issuer of the certificate is fine so why is TB! > having such a problem with it? > I even manually installed the issuer's certificate into TB! but it then > reports "Invalid signature match" for the new POP3 certificate. The email > account and associated certificates work fine in other email programs but > TB! seems to have real problems dealing with certificates. > Any ideas? Please. > TIA OK, please disregard the above problem. I have now managed to fix it (somehow). I still have the problem with the self-signed certificates though :( Current version is 3.00.00 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: 2nd REPOST: Problems with S/MIME
>> Try downloading the Home version instead. > I agree, TB! seems to be choking on the token issue. I'm going to try > installing Home version now to see if that helps. Will report back ASAP. > Thanks for your help so far. Ok, I downloaded and installed the Home version (BTW the Help/About screen still listed TB! version as being v3 Pro but I definitely removed every single trace of TB! - registry included so I'm assuming this is simply just another bug in TB! v3?) but that made no difference at all. The same annoying problem is still presenting itself. Any other ideas before I give up on TB! and start the laborious task of exporting everything over to Thunderbird? These numerous "Bat bugs" are just becoming too much now! :( On a somewhat related note, my email provider has issued a new POP3 certificate today but TB! keeps giving me the error: "TLS handshake failure. Invalid server certificate (The issuer of this certificate chain was not found)." Now, the certificate was issued by Comodo Group so I know there isn't a problem with the issuer and the old certificate they were using worked fine. The structure and issuer of the certificate is fine so why is TB! having such a problem with it? I even manually installed the issuer's certificate into TB! but it then reports "Invalid signature match" for the new POP3 certificate. The email account and associated certificates work fine in other email programs but TB! seems to have real problems dealing with certificates. Any ideas? Please. TIA -- Current version is 3.00.00 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: 2nd REPOST: Problems with S/MIME
> No ideas at this end. You're using the internal implementation (you > must be - MS Crypto API doesn't have a Generate option - nor even an > Edit personal certificates button). Yes, internal implementation. > I'm using RC2 encryption algorythm and SHA-1 hashing. 3DES and SHA-1 (well, I'm trying to). > You've specified a valid path to the Random Seed File, right? Yes, all present and correct. A>> So obviously it works ok for you then? Thanks for trying it. I was A>> hoping that the problem was not going to be just *my* problem? > :-( looks like it is. That wasn't the answer I was hoping for :( > Back to the original issue: >> Token driver is not installed or PKCS#11 API is missing > Doesn't the API use an external DLL? Hmmm. I thought the slibeay.dll > had something to do with it - but I'm wrong. I don't even have it and > S/MIME is fully operational here. > It seems to think you're using a token. Have you installed Pro? I > wonder if it's a bug in the Pro version. The Pro version is set up to > use tokens and perhaps the S/MIME is hard coded to expect token > support. Try downloading the Home version instead. I agree, TB! seems to be choking on the token issue. I'm going to try installing Home version now to see if that helps. Will report back ASAP. Thanks for your help so far. -- Current version is 3.00.00 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: 2nd REPOST: Problems with S/MIME
Dear Aceman, @5-Oct-2004, 11:31 [EMAIL PROTECTED] [A] in mid:[EMAIL PROTECTED] said to Marck: A> Now I wonder why it doesn't it work for me? :( No ideas at this end. You're using the internal implementation (you must be - MS Crypto API doesn't have a Generate option - nor even an Edit personal certificates button). I'm using RC2 encryption algorythm and SHA-1 hashing. You've specified a valid path to the Random Seed File, right? ... >> ... and this one with a brand new, freshly generated, self signed one. A> So obviously it works ok for you then? Thanks for trying it. I was A> hoping that the problem was not going to be just *my* problem? :-( looks like it is. A> I don't suppose you (or anyone else even) has any further ideas? A> I'm beginning to lose patience with TB! :( Back to the original issue: > Token driver is not installed or PKCS#11 API is missing Doesn't the API use an external DLL? Hmmm. I thought the slibeay.dll had something to do with it - but I'm wrong. I don't even have it and S/MIME is fully operational here. It seems to think you're using a token. Have you installed Pro? I wonder if it's a bug in the Pro version. The Pro version is set up to use tokens and perhaps the S/MIME is hard coded to expect token support. Try downloading the Home version instead. -- Cheers -- //.arck D Pearlstone -- List moderator and fellow end user pgpZdOWtAkv6C.pgp Description: PGP signature Current version is 3.00.00 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: 2nd REPOST: Problems with S/MIME
> They are different than those with PGP, because they appear already > verified, with no ? The first one had a green check, this comes with > a red sign with a cross. > So those self signed are useless? Not necessarily. I have a use for them although I agree, that most probably will not. Current version is 3.00.00 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: 2nd REPOST: Problems with S/MIME
Dear Cristina, @5-Oct-2004, 12:31 Maria Cristina Ramos [CR] in mid:[EMAIL PROTECTED] said to Marck: MDP>> ... and this one with a brand new, freshly generated, self signed one. CR> They are different than those with PGP, because they appear CR> already verified, with no ? I meant to answer you the first time you asked this question - I forgot ... sorry! PGP messages are signed with a key. The key is kept on an external PGP keyring which has no connection to TB nor an API. If the key does not exist on the keyring it may even have to be acquired from a keyserver before any verification can be done. All in all this means that TB has to refer to external applications and sources to verify a PGP signature. Such action requires user permission and control before it can take place - hence the ? button. S/MIME keys are held in the TB address book record for the individual and are encapsulated in the signature. TB doesn't have to make any external reference to verify such a signature and can do so without any kind of user intervention. So the message is automatically verified and the results displayed as a tick or a cross. CR> The first one had a green check, Yes - it was a Thawte issued certificate with full provenance from the certification authority - Thawte. CR> this comes with a red sign with a cross. Yes - it was a self generated certificate without any known certification authority. If you explore the certificate and request that I be added to your root authority, then any certificates I generate will be valid on your system. CR> So those self signed are useless? Pretty much. -- Cheers -- //.arck D Pearlstone -- List moderator and fellow end user TB! v3.0.1 RC3 on Windows XP 5.1.2600 Service Pack 2 ' pgpR87NWoHR5x.pgp Description: PGP signature Current version is 3.00.00 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: 2nd REPOST: Problems with S/MIME
> ... A>> When you say "I have done" do you mean you were able to generate A>> your own certificate using TB! feature without the errors I A>> experienced? > I have done. Just did another. Yes, and it was all present and correct at this end. Thanks. Now I wonder why it doesn't it work for me? :( RO I've actually received once a message with TB 3.0 pro that was RO signed with a digital certificate, so I guess it's possible. >>> This message should be so signed with my Thawte certificate. A>> That it was sir :) > ... and this one with a brand new, freshly generated, self signed one. So obviously it works ok for you then? Thanks for trying it. I was hoping that the problem was not going to be just *my* problem? I don't suppose you (or anyone else even) has any further ideas? I'm beginning to lose patience with TB!:( -- Current version is 3.00.00 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: 2nd REPOST: Problems with S/MIME
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello Marck, On 05 October 2004 at 11:18:24GMT +0100 (which was 11:18 where I live) Marck D Pearlstone wrote and made these points on the subject of "2nd REPOST: Problems with S/MIME": >>> This message should be so signed with my Thawte certificate. A>> That it was sir :) MDP> ... and this one with a brand new, freshly generated, self signed one. They are different than those with PGP, because they appear already verified, with no ? The first one had a green check, this comes with a red sign with a cross. So those self signed are useless? - -- Best regards, Cristina in Lisbon, Portugal :flag-portugal: The BAT! 3.0.1 RC3 -BEGIN PGP SIGNATURE- Version: PGP SDK 3.2.2 Comment: "" iQA/AwUBQWKGF1PsaxtteqJVEQJBPACg24oM5Y9VT4gYPW0HwYSPYswK3FcAoO46 T1EQq7MeYe6jrrnGVBM9T2bH =jn9Q -END PGP SIGNATURE- Current version is 3.00.00 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: 2nd REPOST: Problems with S/MIME
Dear Aceman, @5-Oct-2004, 02:18 [EMAIL PROTECTED] [A] in mid:[EMAIL PROTECTED] said to Marck: ... A> When you say "I have done" do you mean you were able to generate A> your own certificate using TB! feature without the errors I A> experienced? I have done. Just did another. RO>>> I've actually received once a message with TB 3.0 pro that was RO>>> signed with a digital certificate, so I guess it's possible. >> This message should be so signed with my Thawte certificate. A> That it was sir :) ... and this one with a brand new, freshly generated, self signed one. -- Cheers -- //.arck D Pearlstone -- List moderator and fellow end user TB! v3.0.1 RC3 on Windows XP 5.1.2600 Service Pack 2 ' smime.p7s Description: S/MIME Cryptographic Signature Current version is 3.00.00 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
