Microsoft Outlook: Find out recipient certificates for S/MIME encrypted mails

For troubleshooting e-mail messages encrypted using Secure/Multipurpose Internet Mail Extensions (S/MIME), the encrypted part of a message can be exported. See article "Microsoft Outlook: Extracting an encrypted S/MIME message from an email„.

To find out with which certificates a message has been encrypted, you can proceed as follows...

After the attachment "smime.p7m" has been unpacked, it can be examined using certutil:

On a German language system:

certutil smime.p7m | findstr serial number

On an English language system:

certutil smime.p7m | findstr Serial

The message is always encrypted with the certificate or public key of the sender. Therefore, its serial number is also always included.

In this way, for example, it is possible to find out whether the message was encrypted at all with a key of the recipient.

For example, if the sender sends the message to multiple recipients and his company uses an encryption gateway that does not know the public key of that particular recipient, it may well happen that the recipient receives such a message that cannot be decrypted.

Related links:

• Microsoft Outlook: Emails encrypted with S/MIME cannot be opened. The error message "Your digital ID name cannot be found by the underlying security system" appears.

External sources

• stephenegriffin / mfcmapi (GitHub)
• Outlook and smime - The name of your digital ID cannot be found in the underlying security system. (Hermann Schmidt)