S/MIME Certificate

Hi,

we use Ciphermail as an encryption gateway and it works as aspected. Now we got a certificate from a custom to encrypt mails per S/MIME. This certificate has as key usage "nonRepudiation, digitalSignature" and as extended key usage "smartcardLogin, emailProtection, clientAuth", but we can't use it for encryption. Is emailProtection not enough, does this certificate need as key usage "keyEncipherment"?

Regards
Christian

attachment.htm (2.28 KB)

we use Ciphermail as an encryption gateway and it works as aspected.
Now we got a certificate from a custom to encrypt mails per S/MIME.
This certificate has as key usage „nonRepudiation, digitalSignature“
and as extended key usage „smartcardLogin, emailProtection,
clientAuth“, but we can’t use it for encryption. Is emailProtection
not enough, does this certificate need as key usage
„keyEncipherment“?

To be valid for encryption, a certificate should contain the
keyEncipherment key usage.

For more information see:

https://www.ciphermail.com/documentation/faq/smime.html#how-does-the-gateway-handle-key-usage-and-extended-key-usage

Sometimes a separate signing certificate and encryption certificate is
used. You should ask the sender whether he/she has a separate
encryption and signing certificate.

Kind regards,

Martijn Brinkers

···

--
CipherMail email encryption
Email encryption with support for S/MIME,
OpenPGP, PDF Messenger and Webmail Messenger

On Tue, 2020-12-01 at 16:38 +0000, Hund, Christian via Users wrote:

Hi,

we use Ciphermail as an encryption gateway and it works as aspected.
Now we got a certificate from a custom to encrypt mails per S/MIME.
This certificate has as key usage „nonRepudiation, digitalSignature“
and as extended key usage „smartcardLogin, emailProtection,
clientAuth“, but we can’t use it for encryption. Is emailProtection
not enough, does this certificate need as key usage
„keyEncipherment“?

Regards
Christian
_______________________________________________
Users mailing list -- users(a)lists.ciphermail.com
To unsubscribe send an email to users-leave(a)lists.ciphermail.com