0
I have set up my work email (Exchange) using the Windows 10 built-in mail client. The mail client was able to download all of my emails, and even automatically found my personal certificate for decrypting and reading emails. I had outlook set up prior to trying this so I'm assuming it found the cert wherever outlook keeps it.
The client did not, however, find the public keys required to send encrypted emails. We use Active Directory which gives us a global address list for all employees. I believe that each user's public key is also stored there. It seems that Windows 10 mail is unable to access the address list since it hasn't been able to use that account to automatically import contacts into People, which is the contacts application for Windows 10. I was able to populate the contacts list by exporting from outlook, but the public keys didn't come with any of the contact cards.
Given that I can access and export the public keys from the address list, where would I put them so that the Windows 10 mail application would find them? I've tried a few tests with a colleague using the cert management console, putting his public key in the Trusted People and Other People folders, but had no luck getting the encrypted email to send. There is a banner that comes up on each attempt that says "The public key is missing for some recipients".
I have to assume that since encryption is an option when sending an email in the application, it would have to be able to cache the public keys somewhere, Right?
EDIT: I was able to pinpoint where the Mail app looks for public keys, but it isn’t able to install them itself (from a signed email, for example). I manually installed a public key from a colleague to that location within the key store, but Mail still couldn’t see that it had their public key when I would try to send him an encrypted email. I began to lean towards the idea that Mail cannot access the key store for one reason or another, but that wouldn’t make sense since it accessed my private cert right away and began decrypting emails. Still stumped.
I would assume the certificate store – Ramhound – 2017-10-18T22:28:15.847