Can I get certificates for other recipients of an encrypted email?

The message does not carry the recipients' actual certificates – it includes only enough information to allow them to identify themselves as recipients, but most likely not enough information for you or someone else to download them.

For example, in S/MIME, the 'RecipientInfo' field only includes the certificate's issuer + serial number, or the certificate's "subject key identifier" (public key hash), but not the actual public key, let alone the actual certificate. (See here and here.)

(In the idealized OSI world, issuer + serial number would be sufficient to retrieve the certificate from "The Directory" via X.500 or LDAP, in reality not so much. Although if the recipients are within the same Active Directory system their certificates could be stored in their AD user account objects.)

Likewise, in OpenPGP, the 'Public-Key Encrypted Session Key' packet only includes a 64-bit key ID of the specific encryption subkey that's necessary to decrypt the message – not even the full fingerprint.

The key ID can be searched on various public keyservers, although it's too short to be used for serious verification (by now it is possible to generate keys with chosen 64-bit key IDs).


To send encrypted to one or more recipients, you must have the public key of each recipient stored in his contact information.

You may save in Outlook the public key of any of your contacts this way:

  • Request that the contact send you a signed e-mail. An indicator will appear on the e-mail to indicate it is signed.

  • Right-click on the sender's name and click "Add to Outlook Contacts" (even if he is already a contact)

  • Enter the details of the new contact and click Save. If they are an existing contact, choose "Yes" to update the contact details.

Note: When you add or update a contact directly from a signed e-mail, Outlook will pull in the sender's public key and associate it with the contact details. Now when you send an encrypted e-mail, it will know what certificate to use for the recipient.