"Your Digital ID name cannot be found" error when you try to decrypt a message by using a 3DES certificate in Outlook 2016

Gælder for: Outlook 2016Outlook for Office 365Outlook 2019

Symptoms


When you open an encrypted email message in Microsoft Outlook 2016 by using a certificate that has only 3DES encryption capabilities, you receive the following error message: 

Cause


Starting in Outlook build 16.0.8518.1000, Microsoft upgraded the default fallback algorithm from 3DES to AES256. In the problem that is mentioned in the "Symptoms" section, the encrypted email message would be sent by a user who is using this Outlook build or a later build.

Resolution


Important
Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, back up the registry for restoration in case problems occur.

To resolve this problem, we recommend that you encrypt messages by using a certificate that has AES256 encryption capabilities or greater.

If you must use the 3DES encryption algorithm, you can add the following registry values on the sender's computer:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Security

DWORD = UseAlternateDefaultEncryptionAlg

Value=1

String = DefaultEncryptionAlgOID

Value = 1.2.840.113549.3.7

Note The provided Value number is an example only. 

More Information


The certificate that the sender used to encrypt the email message does not contain the SMIMECapabilities attribute. This means that Outlook was not able to determine the capabilities of the recipient in advance. Therefore, it chose a commonly accepted secure algorithm.

For more information, see the following section of Internet Engineering Task Force (IETF) RFC 5751:

2.5.2 SMIME Capabilities Attribute