Find the reason why a mail is not encrypted

Hello

we have our Djigzo gateway configured to encrypt all outgoing mail if
a matching certificate is found by setting "Encrypt Mode = Allow".
Today i discovered a mail which was not encrypted but a valid
certificate is available.
I suspekt it is because the odd keyUsage setting in the certificate.
It contains "digitalSignature" as only keyUsage, but "emailProtection"
as Extended Key Usage. Have i got it right that all certificates which
do not contain "keyEncipherment" as keyUsage or have empty keyUsage
are not used for encryption by automatical selection?

Many Thanks

Andreas

A certificate is only valid for S/MIME encryption if one of the
following conditions is true:

1 the KeyUsage is not set and the extended key usage is not set, the
certificate can be used for encryption

2 the KeyUsage is not set and the extended key usage is set and contains
emailProtection, the certificate can be used for encryption

3 the KeyUsage is set and contains keyEncipherment and the extended key
usage is not set, the certificate can be used for encryption

4 the KeyUsage is set and contains keyEncipherment and the extended key
usage is set and contains emailProtection, the certificate can be used
for encryption

Kind regards,

Martijn Brinkers

ยทยทยท

On 01/-10/-28163 08:59 PM, lst_hoe02(a)kwsoft.de wrote:

Hello

we have our Djigzo gateway configured to encrypt all outgoing mail if a
matching certificate is found by setting "Encrypt Mode = Allow". Today i
discovered a mail which was not encrypted but a valid certificate is
available.
I suspekt it is because the odd keyUsage setting in the certificate. It
contains "digitalSignature" as only keyUsage, but "emailProtection" as
Extended Key Usage. Have i got it right that all certificates which do
not contain "keyEncipherment" as keyUsage or have empty keyUsage are not
used for encryption by automatical selection?

--
Djigzo open source email encryption