Mutt/GnuPG-Outlook-plugin diffs / Support for Microsoft's .epf, .pfx, .p12 ?

Luis R. Rodriguez mcgrof at ruslug.rutgers.edu
Thu Feb 12 16:24:00 CET 2004 

On Thu, Feb 12, 2004 at 02:06:02PM -0500, gabriel rosenkoetter wrote:
> On Thu, Feb 12, 2004 at 01:37:21PM -0500, Luis R. Rodriguez wrote:
> > When I use mutt and sign an e-mail and send it to my outlook inbox,
> > Outlook seems to detect it is a signed e-mail and flags this by showing
> > a "signed" icon. I also find an attached .dat file. I notice the headers
> > show some relevant info which may flag this.
> 
> That's a PGP/MIME-signed email, which mutt produces by default.
> 
> See http://www.faqs.org/rfcs/rfc2015.html and
> http://www.faqs.org/rfcs/rfc3156.html.
> 
> Outlook can recognize PGP/MIME messages as being cryptographically
> verifiable, though it can't cryptographically verify them. (Outlook,
> as of maybe 2000 or so--the version number, not the year--supports
> S/MIME natively. I don't believe it does not nor will it probably
> ever support PGP/MIME natively: Microsoft is heavily behind
> third-party certificate systems rather than PKI systems.)

OK that's it. Replacement lookup time. 8) This is a good enough
"official" reason for me. Anyone know good Outlook replacement for
windows *with PGP/MIME support? Some initial google'ing shows Enigmail 
but they're currently working on that site...

> > When I use the GnuPG plugin on Outlook and e-mail myself, I don't get 
> > this "flag" or icon on my e-mail, nor any attached document or even any
> > special headers.
> > 
> > What gives?
> 
> The Outlook plugin you're using is only capable of producing
> clear-signed messages.

Aw, Shucks...

> > I notice that the file types it allows by defaut are :
> > Security Information (*.epf, *.pfx, *.p12)
> 
> Those are the filename extensions. They say little or nothing about
> the file types to anyone who doesn't use Windows.

Well go figure, MS doesn't say much either. After your e-mail I was able
to retrieve some nice keywords to enhance my googling and found the
following correspondance:

.p12:	PKCS#12 S/MIME certificate
.pfx:	predecessor to PKCS#12
.epf:	I'm not sure

And then from the OpenSSL PKCS#12 FAQ v1.83:
http://www.drh-consultancy.demon.co.uk/pkcs12faq.html
---
Q. What is PKCS#12? 
A. PKCS#12 is a standard for storing private keys and certificates
securely (well sort of). It is used in (among other things) Netscape and
Microsoft Internet Explorer with their import and export options. 

Q. What about PFX is it the same as PKCS#12 or what? 
A. PFX in its correct form is an almost unused predecessor to PKCS#12.
Occasionally people incorrectly use the term "PFX" when they mean
"PKCS#12".

Q. Why should I use PKCS#12? 
A. Other than the obvious reason that you want PKCS#12 :-) It's probably
the easiest way to generate your own certificates for MSIE and NS. You
don't need a separate server and you can add them simply by importing a
file. It is also the only way to access the private keys of other
certificates (e.g. issued by a standard CA). 
---

So it seems these are SSL "client" certificates for browsers. I guess
you then that they are also used for signing mail too...

> > Are these "secret" keys in a *special* format? I exported my gpg
> > key and tried to import it using this import utility and it failed.
> 
> Those are S/MIME certificates, probably, since that's all Outlook
> supports natively.

I see. I'm new to gpg so I'm wondering, is there a possible
correspondance between public keys and these ssl certs (I think they are ssl
certs)?

Or is this like comparing apples and orranges?

	Luis
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : /pipermail/attachments/20040212/40e6ab79/attachment.bin

More information about the Gnupg-users mailing list