Thank a lot Christian Mack. Now I understood where my problem. -----Message d'origine----- De : [email protected] [mailto:[email protected]] De la part de Christian Mack Envoyé : mercredi 13 mai 2020 15:20 À : [email protected] Objet : Re: [SOGo] Cannot send encrypt message to users
Hello Am 13.05.20 um 09:28 schrieb "Ndanga brice" ([email protected]): > Hello > > I have imported my certificate with pkcs12 format in sogo and send signed > message to user. > But when I try to send encrypted message to that user, it's failed. > You do not understand asymmetric crypto then :-) Beware, this explanation is heavily simplified. Symmetric crypto means, you have one key for encrypting and the same key for decrypting. Problem with that is, that you have to exchange the key securely from the sender to the recipient. If anybody except your intended recipient gets that key, you are screwed. A S/MIME certificate consists of 2 keys. A private key and a corresponding public key. Corresponding means here, that everything you encrypt with one of them, you can only decrypt with the other one. Because of that it is called asymmetric crypto. The public key can be given to everyone, not just your intended recipient. Security is guaranteed by the fact, that the owner of a certificate is the only one knowing the secret key. When you cryptographically sign a message, you use your private key for doing so. With that everyone can check that signature by using your public key. As only you have access to that private key, only you can make that particular signature matching that message content. That is the proof for others, that this email is from you, and nobody tampered with the content. When encrypting a message, you want to be sure, that only your intended recipient can read that message. Therefore you use the public key of your recipient to encrypt that message. Now only the owner of the corresponding private key can decrypt and read that message. > Please could you tell me the procedure to send encrypted message to user ? > What you uploaded into SOGo is YOUR certificate. But as I explained above, you need the public keys of all RECIPIENTS of that email for encryption. 1) All intended recipients of an encrypted email have to send you a S/MIME signed email first. With that they also send you their public key. 2) All intended recipients have to be in your personal address book in SOGo. 3) Read that signed emails in SOGo Webfrontend at least once. Now SOGo will store those public keys for the corresonding email address in your personal address book for you. 4) From then on you can send them encrypted emails. Kind regards, Christian Mack -- Christian Mack Universität Konstanz Kommunikations-, Informations-, Medienzentrum (KIM) Abteilung IT-Dienste Forschung und Lehre 78457 Konstanz +49 7531 88-4416 -- L'absence de virus dans ce courrier électronique a été vérifiée par le logiciel antivirus Avast. https://www.avast.com/antivirus -- [email protected] https://inverse.ca/sogo/lists
