Highlighted

CFMAIL send encrypted email using a PKI instead of .p7c file

LEGEND ,
Dec 27, 2018

Copy link to clipboard

Copied

Hello, all,

Is it possible to use CFMAIL to send an encrypted email using a PKI resource instead of a .p7c cert file?

Looking at the help docs for CFMAIL, you have to have a local copy of the receiver's certificate, and include the path/file as one of the attributes.

Seeing as how email clients like Outlook can reach out to a PKI to encrypt an email, can CFMAIL do the same??

V/r,

^ _ ^

Adobe Community Professional
Correct answer by Dave Watts | Adobe Community Professional

Outlook or Thunderbird or anything else you double-click on to activate do run as a user account - whichever user double-clicked on them in the first place. That's all it means to run as a user account. Applications that run in userspace can do things that services cannot, in general. Keep in mind to do this, your mail client is doing a lot more than sending an email, which is all that CFMAIL is doing. Your mail client is going out and getting information from somewhere.

There is certainly no harm in filing a suggestion. I don't know how quickly Adobe will get around to adding that as a feature, though.

Dave Watts, Fig Leaf Software

Views

379

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more

CFMAIL send encrypted email using a PKI instead of .p7c file

LEGEND ,
Dec 27, 2018

Copy link to clipboard

Copied

Hello, all,

Is it possible to use CFMAIL to send an encrypted email using a PKI resource instead of a .p7c cert file?

Looking at the help docs for CFMAIL, you have to have a local copy of the receiver's certificate, and include the path/file as one of the attributes.

Seeing as how email clients like Outlook can reach out to a PKI to encrypt an email, can CFMAIL do the same??

V/r,

^ _ ^

Adobe Community Professional
Correct answer by Dave Watts | Adobe Community Professional

Outlook or Thunderbird or anything else you double-click on to activate do run as a user account - whichever user double-clicked on them in the first place. That's all it means to run as a user account. Applications that run in userspace can do things that services cannot, in general. Keep in mind to do this, your mail client is doing a lot more than sending an email, which is all that CFMAIL is doing. Your mail client is going out and getting information from somewhere.

There is certainly no harm in filing a suggestion. I don't know how quickly Adobe will get around to adding that as a feature, though.

Dave Watts, Fig Leaf Software

Views

380

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Dec 27, 2018 0
Adobe Community Professional ,
Dec 27, 2018

Copy link to clipboard

Copied

My guess is, probably not. CF doesn't even run as a user account most of the time, and won't have access to a CAC card reader when it runs. But, if you run CF as a user account and can that user account can access the contents of a CAC card reader using a directory path (I don't know enough about that to know one way or the other) you might be able to do it.

Dave Watts, Fig Leaf Software

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Dec 27, 2018 0
LEGEND ,
Dec 27, 2018

Copy link to clipboard

Copied

Hi, Dave,

It's my understanding that when an email client (like Outlook, or Thunderbird) sends an encrypted email, the client reaches out to a PKI to get the recipient's public key which it then uses to encrypt the message.  The receiving email client then uses the recipient's private key to decrypt the message.  AFAIK, the CAC is not utilised for this process.

I can see how the way it currently is set up, CFMAIL can use a local copy of the public key.  But that means that 1) the developer has to first GET a copy of the public key and store it locally, and 2) if that key ever changes, the developer then has to get the new public key to keep things working smoothly.

Now, I get that CF doesn't run as a user account, but then neither do Outlook or Thunderbird.  Yet Outlook and Thunderbird can still access the PKI and do a search for the user email address to get the public key.  CF _should_ be able to do that, as well.

Should I file a suggestion on Tracker?  Will that make a difference?

As always, thank you for your time.

V/r,

^ _ ^

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Dec 27, 2018 0
Adobe Community Professional ,
Dec 27, 2018

Copy link to clipboard

Copied

Outlook or Thunderbird or anything else you double-click on to activate do run as a user account - whichever user double-clicked on them in the first place. That's all it means to run as a user account. Applications that run in userspace can do things that services cannot, in general. Keep in mind to do this, your mail client is doing a lot more than sending an email, which is all that CFMAIL is doing. Your mail client is going out and getting information from somewhere.

There is certainly no harm in filing a suggestion. I don't know how quickly Adobe will get around to adding that as a feature, though.

Dave Watts, Fig Leaf Software

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Dec 27, 2018 0
LEGEND ,
Dec 27, 2018

Copy link to clipboard

Copied

Well, here goes.  I'm crossing my fingers, but won't hold my breath.

https://tracker.adobe.com/#/view/CF-4203845

Anyone reading this, please click on the link above and vote for this feature request.

V/r,

^ _ ^

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Dec 27, 2018 0
Adobe Community Professional ,
Dec 27, 2018

Copy link to clipboard

Copied

I voted it, but I expect that if it's added it'll be a new feature in the next version of CF and won't be back-ported to CF 11.

Dave Watts, Fig Leaf Software

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Dec 27, 2018 0
LEGEND ,
Dec 27, 2018

Copy link to clipboard

Copied

Yeah, probably not.  In which case, it was a complete waste of time because we are switching to Lucee (or at least trying to) when CF11 goes EOL.  Still have to get DoD approval.  (Sigh.. red tape.)

Thank you for your vote.

V/r,

^ _ ^

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Dec 27, 2018 0