On 03/04/2014 07:18 AM, Djigzo Users wrote: > sending a encrypted & signed mail from outside thru Djigzo to an > internal receipient, the message arrives decrypted but still signed > at the mailbox (ms exchange based, outlook as client). > > The same(!) mail is seen at an android device still encrypted and > can just be displayed with a local installed certificate. > A mail which is sent just encrypted ist displayed decrypted on the > mobile device. > A mail which is sent just signed is shown encrypted (lock symbol) > but readable without certificate. > The mobile device is vpn-connected to the internal network and synced > by TouchDown client software (http://www.nitrodesk.com/androidplatform.html). > > Any Idea - or client software problem?.
With S/MIME there are two ways to sign an email: clear text or opaque. With clear text signed email the email can be read even with an email client that does not support S/MIME (for example webmail) since the signature is some external MIME part. With opaque email, the email is encoded into a binary blob which can only be read by an S/MIME capable email client. Note that an opaque signed email is not encrypted, but requires an email client which understands how to parse the binary blob. Some email clients (like Outlook) will use opaque signing when the email is also encrypted (the djigzo gateway will always use clear signed signatures). Their (Microsoft) thinking was probably that since you are encrypting, you need an email client which understands S/MIME and therefore the email can be opaquely signed. With a gateway however this might be problematic if the email is only decrypted but the signature is not removed since the resulting email is opaquely singed and therefore requires an S/MIME capable email client. The only option in this case, if you need to mix S/MIME capable and non-capable email clients, is to remove the signature from the email. This can be enabled by checking the S/MIME advanced setting "Remove signature". By checking the advanced option "Add security info", security info of the message (like whether it was signed etc.) will be added so end users can still check whether the message was valid. Kind regards, Martijn Brinkers -- DJIGZO email encryption _______________________________________________ Users mailing list [email protected] https://lists.djigzo.com/lists/listinfo/users
