Digital ID Name cannot be found by underlying security syst. - Unable to decrypt.


  • I have a critical issue where intermittant decryption of secure email (3DES) fails giving the error: The  digital id name cannot be found by

    the underlying security system.   Env. details include private key is stored on a secure dongle (iKey) using Outlook2003 and Exchange 2003.
    I have confirmed the private key matches the public key, private key is installed on local client pc,  CA certs are installed on local client

    pc and Exchange server.  All certs on client pc were installed under the same windows logon that is used to receive email. I have published

    certs to AD. The anomally is where all messages come from same source, encrypted exactly the same sometimes decrypt successfully but most

    donot?  I have compare message header detail between successfull and failed messages and cannot find any difference at all.

    The messages are coming from a UNIX/AIX gateway where customised PKI code is used to secure the messages in plain text. The message received

    contains a embedded encrypted message which fails. This code does not change and successfully works for several other Outlook/Exchange

    environments when decrypting.  The odd thing is when secure messages are sent from other standard smtp clients decryption successfully ocurrs


    Can someone please advise of a solution or possibly what I need to check next? Do I need to install the senders public key in the GAL not

    just the local address book?  All help will be greatly appreciated.  Below is Message header detail fyi. ABC is receiver and 123 is sender -  

    has been added to deidentify addressing.  This format exactly the same for both successful and failing secure messages.

    Microsoft Mail Internet Headers Version 2.0
    Received: from ABC-exch01.ABC.local ([]) by
    ABC-exch01.ABC.local with Microsoft SMTPSVC(6.0.3790.3959);
                 Thu, 19 Jul 2007 08:36:15 +0930
    Received: from 123mail.123.gov.au [] by
     ABC-exch01.ABC.local -
    SurfControl E-mail Filter (5.5.0); Thu, 19 Jul 2007 08:36:14 +1030
    Received: from 123.123net (quake.123.123net) by 123mail.123.gov.au
     (Content Technologies SMTPRS 4.3.20) with SMTP id
    <T80ea21dd19c0a8fd25894@123mail.123.gov.au> for <jason@ABC.com.au>;
     Thu, 19 Jul 2007 09:05:01 +1000
    Message-ID: <T80ea21dd19c0a8fd25894@123mail.123.gov.au>
    To: jason@ABC.com.au
    From: ebus@123.gov.au
    Return-Receipt-To: ebus@123.gov.au
    Date: 19 Jul 2007 09:04:55
    Subject: XXX Outbound Message [18/07/2007]
    Organization: 123
    Mime-Version: 1.0
    Content-Type: Multipart/Mixed; boundary="19:Jul:07:09:04:55_Boundary_"
    X-SEF-Processed: 5_5_0_210__2007_07_19_08_36_15
    Return-Path: ebus@123.gov.au
    X-OriginalArrivalTime: 18 Jul 2007 23:06:15.0674 (UTC)

    Content-Type: message/rfc822; name="XXX50001.236.eml"
    Content-Transfer-Encoding: base64
    Content-Disposition: attachment; filename="XXX50001.236.eml"

    MIME-Version: 1.0
    Message-Id: <469E9A9F.00003E.81260>
    To: jason@ABC.com.au
    From: ebus@123.gov.au
    Content-Type: application/x-pkcs7-mime; smime-type="enveloped-data";
    Content-Disposition: attachment;
    Content-Transfer-Encoding: base64


    Wednesday, July 25, 2007 12:21 PM