Ping a Specific Port

Question

Christian

Asked: 2012-07-31 06:27:24 +0800 CST2012-07-31 06:27:24 +0800 CST 2012-07-31 06:27:24 +0800 CST

Outlook Encrypted Emails boo boo

772

I just reinstalled my Windows OS 7 and forgot to backup my Email Certificate for Outlook 2010 beforehand. Now I can't read any encrypted emails. When I try, it says "Cannot open this item. Your Digital ID name cannot be found by the underlying security system."

The certificate was issued by our internal Windows Certificate Authority and I can see it still in there but I don't suppose there is any way to import it back into my computer or any other way to read those encrypted emails?

The certificate is also in the GAL if that makes any difference but I just tried to export it and no PFX option :(

3 Answers

Voted

the-wabbit · Answer 1 · 2012-07-31T15:17:52+08:00

Encrypted mails are encrypted - if you have lost the private key and it is unrecoverable by other means, you would not have access to these messages in the foreseeable future.

To understand why this is so, you need to understand how certificates work: the public/private key pair is not generated by the CA but by the client, only the public key along with the identity information gets signed by the CA, so the CA never gets to see the private key. This is an integral part of the certificate's security - a compromised CA should not give the attacker the ability to decrypt all data encrypted in the past.

That said, if you are running an internal enterprise CA in your AD domain, chances are that your domain administrator has configured automatic key archival in the CA store. If this is the case, the CA administrator is able to recover the private key from the store.

Also, the certificate store including the keys is stored within the user's profile. So if you were using roaming profiles, this information has been copied to the server-located profile directory and likely can be recovered.

Greg Askew · Answer 2 · 2012-08-01T06:15:25+08:00

Greg Askew

2012-08-01T06:15:25+08:002012-08-01T06:15:25+08:00

If you have access to a machine that has the certificate + private key, but it is marked as non-exportable, it can be exported with JailBreak. That's about the best option, and you still need the private key password to use it.

http://www.isecpartners.com/application-security-tools/jailbreak.html

0

gWaldo · Answer 3 · 2012-08-01T06:17:07+08:00

gWaldo

2012-08-01T06:17:07+08:002012-08-01T06:17:07+08:00

You will need to create a new key-pair and publish.

Then back them up.

-1

Outlook Encrypted Emails boo boo

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?