0

My government issues certificates for many purposed, including e-mail signing. The government doesn't provide e-mail addresses, but it does declare my e-mail in the certificate.

  1. Can I use this certificate to sign e-mail in S/MIME?
  2. Can I use this certificate to sign e-mails using Microsoft Outlook?
  3. Can I use this certificate to sign e-mails in any system, that's not my own developement?
KrNeki
  • 97
  • 1
  • 5

1 Answers1

1

If your email is indeed in the cert and the key usage is there, you would expect that you can sign with it, providing that:

  1. the certificate is compatible with the email client;
  2. the signing generation is compatible with the email client;
  3. that you have the entire certificate chain present (otherwise the receiver may miss an intermediate certificate).

And of course the receiver must have a compatible mail client as well and trust the (root) certificate of that government in his own certificate store.

If the Outlook mail client - or any other mail client - is compatible depends on the details. They can often be made compatible by including specific plugins.

Note that Outlook, like many other Microsoft products, depends on the PKI capabilities of the host operating system, i.e. Windows.

Maarten Bodewes
  • 96,351
  • 14
  • 169
  • 323