• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0

CFMAIL send encrypted email using a PKI instead of .p7c file

LEGEND ,
Dec 27, 2018 Dec 27, 2018

Copy link to clipboard

Copied

Hello, all,

Is it possible to use CFMAIL to send an encrypted email using a PKI resource instead of a .p7c cert file?

Looking at the help docs for CFMAIL, you have to have a local copy of the receiver's certificate, and include the path/file as one of the attributes.

Seeing as how email clients like Outlook can reach out to a PKI to encrypt an email, can CFMAIL do the same??

V/r,

^ _ ^

Views

781

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

correct answers 1 Correct answer

Community Expert , Dec 27, 2018 Dec 27, 2018

Outlook or Thunderbird or anything else you double-click on to activate do run as a user account - whichever user double-clicked on them in the first place. That's all it means to run as a user account. Applications that run in userspace can do things that services cannot, in general. Keep in mind to do this, your mail client is doing a lot more than sending an email, which is all that CFMAIL is doing. Your mail client is going out and getting information from somewhere.

There is certainly no har

...

Votes

Translate

Translate
Community Expert ,
Dec 27, 2018 Dec 27, 2018

Copy link to clipboard

Copied

My guess is, probably not. CF doesn't even run as a user account most of the time, and won't have access to a CAC card reader when it runs. But, if you run CF as a user account and can that user account can access the contents of a CAC card reader using a directory path (I don't know enough about that to know one way or the other) you might be able to do it.

Dave Watts, Fig Leaf Software

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
LEGEND ,
Dec 27, 2018 Dec 27, 2018

Copy link to clipboard

Copied

Hi, Dave,

It's my understanding that when an email client (like Outlook, or Thunderbird) sends an encrypted email, the client reaches out to a PKI to get the recipient's public key which it then uses to encrypt the message.  The receiving email client then uses the recipient's private key to decrypt the message.  AFAIK, the CAC is not utilised for this process.

I can see how the way it currently is set up, CFMAIL can use a local copy of the public key.  But that means that 1) the developer has to first GET a copy of the public key and store it locally, and 2) if that key ever changes, the developer then has to get the new public key to keep things working smoothly.

Now, I get that CF doesn't run as a user account, but then neither do Outlook or Thunderbird.  Yet Outlook and Thunderbird can still access the PKI and do a search for the user email address to get the public key.  CF _should_ be able to do that, as well.

Should I file a suggestion on Tracker?  Will that make a difference?

As always, thank you for your time.

V/r,

^ _ ^

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Dec 27, 2018 Dec 27, 2018

Copy link to clipboard

Copied

Outlook or Thunderbird or anything else you double-click on to activate do run as a user account - whichever user double-clicked on them in the first place. That's all it means to run as a user account. Applications that run in userspace can do things that services cannot, in general. Keep in mind to do this, your mail client is doing a lot more than sending an email, which is all that CFMAIL is doing. Your mail client is going out and getting information from somewhere.

There is certainly no harm in filing a suggestion. I don't know how quickly Adobe will get around to adding that as a feature, though.

Dave Watts, Fig Leaf Software

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
LEGEND ,
Dec 27, 2018 Dec 27, 2018

Copy link to clipboard

Copied

Well, here goes.  I'm crossing my fingers, but won't hold my breath.

https://tracker.adobe.com/#/view/CF-4203845

Anyone reading this, please click on the link above and vote for this feature request.

V/r,

^ _ ^

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Dec 27, 2018 Dec 27, 2018

Copy link to clipboard

Copied

I voted it, but I expect that if it's added it'll be a new feature in the next version of CF and won't be back-ported to CF 11.

Dave Watts, Fig Leaf Software

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
LEGEND ,
Dec 27, 2018 Dec 27, 2018

Copy link to clipboard

Copied

LATEST

Yeah, probably not.  In which case, it was a complete waste of time because we are switching to Lucee (or at least trying to) when CF11 goes EOL.  Still have to get DoD approval.  (Sigh.. red tape.)

Thank you for your vote.

V/r,

^ _ ^

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation