login about faq

AES with Outlook seems to be a quite a big problem looking at various forums. Have you had any experience with this issue when using AES256 for encryption algorithm when sending mails using Chilkat ?

asked Feb 28 at 08:36

chilkat's gravatar image

chilkat ♦♦
12.7k317362463


The Outlook application implementation would be hooking into the software installed on a particular Windows machine to do the PKCS7 encryption/signing. Specifically, it's going to use Microsoft's CryptoAPI (internally) which uses a CSP (Cryptographic Service Provider) to do the work. It is the capabilities of the CSP that determine what is or is not possible.

If your app runs on an older machine (Windows 7, Windows XP, etc.) then the CSP is likely missing newer algorithms. (Nowadays, "AES" is hardly "new")

Of course, if your app is using a token / smartcard / hardware dongle, then it's using the CSP of the token manufacturer, and thus the capabilities are dependent on it.

The CSP on Windows has access to the private key, which could be stored in hardware (on a token) or in the Windows Protected Store. Thus, when a cert w/ private key is installed on a system, such as from a PFX, it can be installed to make the private key non-exportable. "Non-Exportable" means that only a CSP has access to the private key. In PKCS7 operations, the private key is needed to create a signature, or to decrypt. The act of encrypting or validating signatures only requires the public key, which is freely available within the certificate itself.

With Chilkat, you shouldn't have any issues encrypting or validating signatures, because these don't involve the private key. If the private key is installed on the system and is exportable, then Chilkat can do the private key operations itself, and there should be no problem. If Chilkat finds that the private key is non-exportable, it will automatically fall back to using the CryptoAPI (and indirectly whatever CSP is associated with the cert/private key). This is a good way to check to see if the CSP is the problem -- install such that the private key is non-exportable, and then see if Chilkat can decrypt.

link

answered Feb 28 at 08:50

chilkat's gravatar image

chilkat ♦♦
12.7k317362463

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×40
×8

Asked: Feb 28 at 08:36

Seen: 404 times

Last updated: Feb 28 at 08:50

powered by OSQA