When you open an encrypted email message in Microsoft Outlook 2016 by using a certificate that has only 3DES encryption capabilities, you receive the following error message:
Your Digital ID name cannot be found by the underlying security system
Starting in Outlook build 16.0.8518.1000, Microsoft upgraded the default fallback algorithm from 3DES to AES256. In the problem that is mentioned in the "Symptoms" section, the encrypted email message would be sent by a user who is using this Outlook build or a later build.
Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, back up the registry for restoration in case problems occur.
To resolve this problem, we recommend that you encrypt messages by using a certificate that has AES256 encryption capabilities or greater.
If you must use the 3DES encryption algorithm, you can add the following registry values on the sender's computer:
DWORD = UseAlternateDefaultEncryptionAlg
Value = 1
String = DefaultEncryptionAlgOID
Value = 1.2.840.113549.3.7
Note The provided string value shows the OID for the 3DES encryption algorithm.
The certificate that the sender used to encrypt the email message does not contain the SMIMECapabilities attribute. This means that Outlook was not able to determine the capabilities of the recipient in advance. Therefore, it chose a commonly accepted secure algorithm.
For more information, see the following section of Internet Engineering Task Force (IETF) RFC 5751:
2.5.2 SMIME Capabilities Attribute