Can I get certificates for other recipients of an encrypted email?

email microsoft-outlook public-key-encryption

The message does not carry the recipients' actual certificates – it includes only enough information to allow them to identify themselves as recipients, but most likely not enough information for you or someone else to download them.

For example, in S/MIME, the 'RecipientInfo' field only includes the certificate's issuer + serial number, or the certificate's "subject key identifier" (public key hash), but not the actual public key, let alone the actual certificate. (See here and here.)

(In the idealized OSI world, issuer + serial number would be sufficient to retrieve the certificate from "The Directory" via X.500 or LDAP, in reality not so much. Although if the recipients are within the same Active Directory system their certificates could be stored in their AD user account objects.)

Likewise, in OpenPGP, the 'Public-Key Encrypted Session Key' packet only includes a 64-bit key ID of the specific encryption subkey that's necessary to decrypt the message – not even the full fingerprint.

The key ID can be searched on various public keyservers, although it's too short to be used for serious verification (by now it is possible to generate keys with chosen 64-bit key IDs).


To send encrypted to one or more recipients, you must have the public key of each recipient stored in his contact information.

You may save in Outlook the public key of any of your contacts this way:

  • Request that the contact send you a signed e-mail. An indicator will appear on the e-mail to indicate it is signed.

  • Right-click on the sender's name and click "Add to Outlook Contacts" (even if he is already a contact)

  • Enter the details of the new contact and click Save. If they are an existing contact, choose "Yes" to update the contact details.

Note: When you add or update a contact directly from a signed e-mail, Outlook will pull in the sender's public key and associate it with the contact details. Now when you send an encrypted e-mail, it will know what certificate to use for the recipient.

Related

Fedora 31: "Please install the Linux kernel "header" files matching the current kernel for adding new hardware support to the system" in VirtualBox
Diagnostics and usage data option disabled? [duplicate]
How do I keep a large directory that is located inside WSL2, in sync with another one in Windows?
Remove BIOS password for HP ProBook 645 G2 [duplicate]
How do I get my eSATA drive working in Windows 7 x64?
What is the meaning of this sentence in Lolita?
Individual things that make us, us
a phrase/word for a place that looks good decor wise but bad products wise
Can "superior" and "senior" be used with "very" and "much"?
What does "traffic shot by so close" mean? [closed]
Meaning of this sentence in Lolita? [closed]
Five students visit three farmers in their village. their? [closed]