The 'Digital ID Name cannot be found' error is both wrong and misleading. If you select the problem email message and open up the raw 'Internet headers' in Outlook or 'Message source' in Thunderbird you will see that the format is smime.p7s which means that it is signed only (no encryption) as per spec (CMS is the standard used for email signing/encryption). Clearly at this point Outlook should let you view the email showing an invalid signature at the very least, but it does not. Ok let’s take a look inside: openssl cms -cmsout -in rawmessage.txt -out cleansmime.txt openssl cms -cmsout -in cleansmime.txt -print > CMSContentInfo.txt Here you see that the digest signature algorithm (“Hash Algorithm”) used in the problem email message is most likely: sha256WithRSAEncryption (1.2.840.113549.1.1.11).

Email Encryption for Microsoft Outlook - How to send and receive secure emails directly from Outlook - Duration: 2:21. NeoCertified 47,182 views.

Mac users have the ability to encode/decode using SHA2. Unfortunately Windows XP SP3 does not support encoding/decoding SHA2 message digest algorithms in CMS as per: My theory is that Outlook attempts to decode the CMS digest using the Cryptographic Provider PROV_RSA_FULL; which outputs a generic error message when it cannot decode. However, Outlook does support decoding of *certificates* signed with a SHA2 hash, as long as they are inside a SHA1 CMS digest. I believe in this case Outlook is using the newer Cryptographic Provider PROV_RSA_AES. This article sums it up: 'Outlook 2003, 2007, and 2010 running on Windows XP Service Pack 3 cannot validate email messages when the message itself is SHA2 signed (regardless of the certificate used)' Also, here someone notes that it doesn’t work: The solution: Simply reducing the Mac’s “Signing algorithm” level to SHA1 will correct this problem in future emails sent from that client.

Upgrading your version of Windows would resolve the issue for all emails received by that client. -- Greg Surbey. Outlook 2011 on Mac OSX: Select the Outlook menu and click on “Preferences” (Command-,). Click the “Accounts” button.

Click the “Advanced” button. Click on the “Security” tab.

Click the “Signing algorithm” drop down and select “SHA-1 (more compatible)”. If you do not do this then people running Windows XP, and other older computing devices, will have trouble opening your messages and validating your signature. Click the “Encryption algorithm” drop down and select “3DES (more compatible)”. If you do not do this then people running Windows XP, and other older computing devices, will not be able to open your encrypted messages.

-- Greg Surbey.

Before you can receive encrypted e-mail or send digitally signed e-mail, you must first configure Outlook or other e-mail application to use. Publishing your certificates to the NIH Global Address List (GAL) simplifies the exchange of encrypted e-mail within NIH. • • • • Setting Up E-mail Applications to Use Your Digital Certificates AppleMail • Smart Card AppleMail Configuration and Users Guide () Blackberry • Email Web Access (EWA) • Entourage (Mac OS X) • • Outlook Windows computers with (i.e., there is a gray smart card reader icon in lower-right system tray) will automatically configure Outlook to use when you insert your smart card into the reader. However, you may still need to publish your certificate to the GAL.

• (includes using Outlook to publish your certificates to the GAL) • Outlook 2007 Configuration and User Guide () Reading Old Encrypted Email If you are unable to read old encrypted email, you need to obtain copies of your prior email encryption digital certificates and associated private keys. You can obtain these items from the. Please see the for more information.