Some email clients unable to decrypt email sent from Outlook 2010
Thunderbird cannot decrypt this message
The sender encrypted this message to you using one of your digital certificates, however Thunderbird was not able to find this certificate and corresponding private key.
- If you have a smartcard, please insert it now.
- If you are using a new machine, or if you are using a new Thunderbird profile, you will need to restore your certificate and private key from a backup. Certificate backups usually end in ".p12".
The Thunderbird client may display the following warning:
Message Has No Digital Signature
This message does not include the sender's digital signature. The absence of a digital signature means that the message could have been sent by someone pretending to have this email address. It is also possible that the message has been altered while in transit over the network. However, it is unlikely that either event has occurred.
Message Cannot Be Decrypted
This message was encrypted before it was sent to you, but it cannot be decrypted. There are unknown problems with this encrypted message.
Also, Microsoft Entourage 2008 (included in Microsoft Office 2008 for Mac) and Microsoft Outlook 2011 for Mac may be unable to decrypt email messages sent from Outlook 2010. You may see the following error on Outlook 2011 for Mac:
The security of this message cannot be verified because of an error.
This issue is fixed in Microsoft Office 2010 Service Pack 1 (SP1). For more information, click the following article number to view the article in the Microsoft Knowledge Base:
2460049 Description of Office 2010 SP1
After you install SP1, Outlook reverts to using issuerAndSerialNumber as the SignerIdentifier. This is true even if the subjectKeyIdentifier extension is present in the certificate.
To force Outlook to use subjectKeyIdentifier as the SignerIdentifier, set the UseIssuerSerialNumber registry value to 0 (Zero). The UseIssuerSerialNumber registry value is described in detail in the "Resolution" section.
Note Outlook 2013 behaves the same as Outlook 2010 SP1.
If you are unable to install Microsoft Office 2010 Service Pack 1, you can use the following workaround.
To fix this problem automatically, click the Fix this problem link. Then click Run in the File Download dialog box, and follow the steps in this wizard.
Microsoft Fix it 50724
Note This wizard may be in English only. However, the automatic fix also works for other language versions of Windows.
Note If you are not on the computer that has the problem, you can save the automatic fix to a flash drive or to a CD so that you can run it on the computer that has the problem.
On the sender's client, use the following registry value to make Outlook 2010 revert to the behavior found in earlier Outlook versions.
Important This method contains steps that tell you how to modify the registry. However, serious problems may occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For more protection, back up the registry before you modify it so that you can restore the registry if a problem occurs. For more information about how to back up and then restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756 How to back up and restore the registry in Windows
- Start Registry Editor.
- Locate and then click to select the following registry subkey:
Note Create the \Security registry subkey if it does not exist.
- Add the following registry data to the this key:
Value type: DWORD
Value name: UseIssuerSerialNumber
Value data: 1
- Exit Registry Editor.
By default, Microsoft Outlook 2013 uses issuerAndSerialNumber as the SignerIdentifier. This prevents the issue in the "Symptoms" section of this article from occurring.
The third-party products that are discussed in this article are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the performance or reliability of these products.
Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.
For information about how to contact any of the companies mentioned in this article, visit the following Microsoft Web site:
Article ID: 2142236 - Last Review: 09/11/2013 08:13:00 - Revision: 15.0