Re: Problem digitally signing and decrypting (OE6 & XP SP2)

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

Just found the solution to my encryption problem and want to share it in case anybody else runs into the same problem:

The crucial hint was on one of Verisign's (www.verisign.com) support pages. Verisign issues certificates for email encryption and other purposes (unfortunately their email certificates are not free however). I found their support pages very clear and helpful! The hint in Solution ID: vs38439 - "Yes, export the private key" option is not available - suggested that the problem might be related to missing/wrong access rights to the %SystemDrive%\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys directory. This directory holds some so called key containers and permissions must be set so that private keys are exportable
(see also http://support.microsoft.com/kb/278381/). Well, I did change access rights there but this did not solve the problem - however it pointed me in the right direction.

It turned out that in my case not the ...\All Users\... directory was the problem. Instead the ...Crypto\RSA\. directory for the "<current user>" directory tree in ...\Documents and Settings\... contained the key container that I and OE could not access. I changed the security settings for the folders in the ...\Crypto\RSA\... directory which contained the most recent keys (therefore I was sure that this are the keys that OE could not access) so that I (i.e. the logged in user) have full access rights in the ...\RSA directory and to all directories and files in the RSA directory.

Sounds complicated? Maybe! But this did the magic and I can now send signed and encrypted messages. It is as easy as I was hoping it would be. OE nicely does all the encrypting/decrypting in the background. Also - and this is the answer to my original question #2 - you do NOT need to send a copy of an encrypted message to yourself in order to be able to read it. If you have the "Save copy of sent messages in the Sent Items folder" in Tools/Options/Send enabled you can read it without being one of the encrypted mail's recipients. And really, why shouldn't you be able to read your own email...? ;-)

.

Relevant Pages

  • Re: Problem digitally signing and decrypting (OE6 & XP SP2)
    ... Verisign issues certificates for email encryption and other ... This directory holds some so called key containers and ... access rights there but this did not solve the problem - however it ... contained the most recent keys (therefore I was sure that this are the ...
    (microsoft.public.windows.inetexplorer.ie6_outlookexpress)
  • Re: Access denied error on folders on NTFS Drive
    ... > Yes, I've taken ownership, but it still denies me access rights. ... You didn't answer the question about encryption. ... MS MVP - Windows Shell/User ...
    (microsoft.public.windowsxp.general)
  • Re: A reinstall and encryption problem
    ... Or is it just that you do not have access rights or ownership of the files? ... Home cannot do file encryption, follow Mark's advice to take ownership of the files. ... His friend decided to reinstall Windows XP to cure the problem, ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: XP and NTFS
    ... > advantages would I gain from making the conversion now? ... Encryption, access rights, more than 2 terabytes of addressable disk ...
    (alt.sys.pc-clone.dell)