> seems as if i found the reason. > as the sender's certificate was issued by the same CA as the recipient's > certificate, djigzo took the sender's certificate for decrypting the > message. could this be the explanation?
Yes if the private key of the sender is stored on the gateway and the message was encrypted by an email client (Outlook, Thunderbird) etc. the gateway will be able to decrypt the message. The email client will also encrypt the message with the certificate of the sender to make sure the sender can open the message from the sent items folder. > if yes: > given the situation that user a and b are internal users in djigzo, b > gets deleted (user, certificate and keys), but emails send to a and b > still can be read by b because djigzo uses the key of user a. is this > justifiable (if the explanation mentioned above is correct)? Yes. Djigzo tries to decrypt the message not matter who the recipient is. It only looks with which certificate the message was encrypted with and uses the private key associated with the certificate. Djigzo also checks attached messages (message/rfc822) to see whether they are encrypted. You can for example forward two messages both encrypted with a different certificate and Djigzo will decrypt the messages (if a private key is available). Kind regards, Martijn -- Djigzo open source email encryption
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Users mailing list [email protected] http://lists.djigzo.com/lists/listinfo/users
smime.p7s
Description: S/MIME Cryptographic Signature
