> we use Ciphermail as an encryption gateway and it works as aspected. > Now we got a certificate from a custom to encrypt mails per S/MIME. > This certificate has as key usage „nonRepudiation, digitalSignature“ > and as extended key usage „smartcardLogin, emailProtection, > clientAuth“, but we can’t use it for encryption. Is emailProtection > not enough, does this certificate need as key usage > „keyEncipherment“?
To be valid for encryption, a certificate should contain the keyEncipherment key usage. For more information see: https://www.ciphermail.com/documentation/faq/smime.html#how-does-the-gateway-handle-key-usage-and-extended-key-usage Sometimes a separate signing certificate and encryption certificate is used. You should ask the sender whether he/she has a separate encryption and signing certificate. Kind regards, Martijn Brinkers -- CipherMail email encryption Email encryption with support for S/MIME, OpenPGP, PDF Messenger and Webmail Messenger On Tue, 2020-12-01 at 16:38 +0000, Hund, Christian via Users wrote: > Hi, > > we use Ciphermail as an encryption gateway and it works as aspected. > Now we got a certificate from a custom to encrypt mails per S/MIME. > This certificate has as key usage „nonRepudiation, digitalSignature“ > and as extended key usage „smartcardLogin, emailProtection, > clientAuth“, but we can’t use it for encryption. Is emailProtection > not enough, does this certificate need as key usage > „keyEncipherment“? > > Regards > Christian > _______________________________________________ > Users mailing list -- [email protected] > To unsubscribe send an email to [email protected] _______________________________________________ Users mailing list -- [email protected] To unsubscribe send an email to [email protected]
