Sour Cream Chili Bake - the encrypted and corrupted messages

DAVE

Dave cannot read the message received while using Outlook Express. When viewing the message it says "Message could not be displayed - Outlook Express (OE) encountered an unexpected problem while displaying this message. Check your computer for low memory or low disk space and try again". Dave knows that this is typical of OE when it encounteres any problems with secure email, so he sets out to discover the real problem. When he tries to read the message with Outlook 2003, he will find another universal secure-email-problems message:"Can't open this item. Your Digital ID name cannot be found by the underlying security system". Dave used to play a bit with secure email, so he is not confused, even though he has been asked to insert his private key and provide his password, which obviously means that the right Digital ID WAS FOUND by the system. Thunderbird at least does not try to pretend to know the source of the problem. It simply communicates: "Thunderbird cannot decrypt this message". The application that is closest to the truth is The BAT!, saying that -"Cannot decode the message. ASN1 unexpected end of data".

Bob

In the test environment Bob uses only OWA. He accesses corporate email and, as a mobile employee, OWA perfectly fits his needs. 

Opening the message in OWA of Exchange 2K3 with S/MIME control installed, he can decrypt the message without any problems.

The message in OWA E2k3

In fact, there is a problem, but Bob will not know this. Chopping off a final chunk of the message deleted a portion of the recipe scan, however Internet Explorer will not show that the image was cut in half. The last paragraph about what to do with Sour Cream and reserved cup of corn chips will not be shown to Bob and he will never know what he missed.

Here is how IE shows the recipe after decryption by OWA E2K3:

The recipe after decryption in OWA E2k3

ALICE

When viewing her mail in her office, Alice knows that Outlook displays this message: "Can't open this item. Your Digital ID name cannot be found by the underlying security system" whenever it cannot display a secure message, for any reason. She always uses p7mViewer in such an occasion. Not that it decrypts what cannot be decrypted but it does show the real cause of the problem.
If she viewed the message she has just sent in p7mViewer, she would see information that the message was corrupted. She would be also able to view as much of the message as it is possible. In many cases the default viewer of jpeg images is Windows Picture and Fax Viewer which would display the image as obviously damaged.
Here you can see how p7mViewer displays the damaged message:

The message decrypted in p7mViewer

Encrypted messages can be corrupted in many ways. Depending on the placement and type of corruption, the effect might be as small as some pixels in an image altered or as serious as the message being undecryptable. What is sure, is that mail programs should try to display the message and inform the users that it has been corrupted.

Conclusion
Out of several mail applications tested, only OWA could see decrypted content, unfortunately without informing about its incompleteness. Other mail applications display either inadequate or misleading error messages. In fact, the right way to handle message corruption is digital signature.

If Alice sent a signed and encrypted email to Bob, OWA would signal the following warning:

corrupted signed and encrypted message in OWA E2k3

Other applications give false and ambiguous warnings similar to those given in case of an encrypted message.

Encryption does not guarantee message integrity.

See also:

Alices's page shows how to Alice send a damaged secure message do OWA
Roberta Bragg's article in Redmond Channel Partner: Top 3 Encryption Myths