Article ID: 168726 - View products that this article applies to.
This article was previously published under Q168726
This article describes how to configure and use the security features in Outlook Express to digitally sign and encrypt messages.
The following topics are discussed:
Configuring Security Features in Outlook ExpressTo use any of the security features in Outlook Express, you must first configure the program to use your digital ID (certificate). This article does not outline the procedure for obtaining a certificate. For information about obtaining a digital ID certificate, visit VeriSign's digital ID Web page.
After you have your private key (digital ID) installed, you need to configure Outlook Express to use the certificate by following these steps:
Digitally Signing a MessageTo digitally sign a message, you can use either of the following methods:
If you do not have your private key installed on your computer, Outlook Express displays the following message:
The recipient must have your public key to verify that the digital signature on your message is trustworthy. Others cannot use your public key to send messages with your digital signature.
The message could not be sent.
You cannot send digitally signed messages because you do not have any certificates. (OK)
You can include your public key with the message (see step 4 in the section titled "Configuring Security Features in Outlook Express") or you can send your certificate files as an attachment. If the recipient's e-mail client is not S/MIME aware, the public key certificate appears as a file attachment with a .p7s extension. If the e-mail client is S/MIME aware, there is no visible enclosure.
Verifying a Digitally Signed MessageThe recipient must have your public key to verify that the digital signature on your message is trustworthy. Others cannot use your public key to send messages with your digital signature.
When you view a digitally signed message and you have the sender's certificate (public key) imported into your address book and marked as Trusted By Me, the message can be viewed as expected.
If you do not have the sender's certificate (public key) imported into your address book, Outlook Express displays the following security warning message:
If you have the sender's public key imported into your address book and the certificate is marked as Not Trusted By Me, Outlook Express displays the following security warning message:
The certificate used to sign this message is either not listed in your Address Book or marked as not trusted by you.
Continue to open this message?
You do not trust the certificate used to sign this message.
Continue to open this message?
Adding a Certificate to the Address BookTo be able to verify a sender's digital signature or to send encrypted mail, you must obtain the other person's certificate (public key) and import it into your address book.
There are two ways to obtain a public key:
To add a person's certificate to your address book from a signed message you receive (method 2), follow these steps:
Encrypting a MessageTo encrypt a message so that only the recipient can decrypt the message, you need the recipient's certificate (public key) in your address book and the trust relationship set to Trusted By Me. See the section titled "Adding a Certificate to the Address Book" for information about these items.
One way to encrypt a message is to have Outlook Express automatically encrypt all messages each time you compose, reply to, or forward a message (see step 8 in the section titled "Configuring Security Features in Outlook Express").
Another way is to click the Encrypt Message button on the toolbar. This button displays an envelope with a padlock. You can also click Encrypt on the Tools menu.
When a message is encrypted, a round gray icon with a white padlock appears to the right of the Subject line. When you click send, Outlook Express encrypts the message using a secret key, encrypts that key with the recipient's public key, and sends the message.
Errors Received When Sending Encrypted MessagesIf you send an encrypted message and you do not have the public key for one or many of the recipients (including yourself, the sender), Outlook Express displays the following security warning message:
If you try to read a message when you do not have the private key for one of the recipients (including yourself, the sender), Outlook Express displays the following message:
You do not have a certificate. If you send this message, it will be sent properly, but you will not be able to read it in your sent items folder. Send anyway? (Yes/No)
When you click OK, Outlook Express displays one of the following messages:
Your certificate is not listed among those that can decrypt this message. You cannot read it.
This message failed to display correctly in the Preview Pane.
- or -
If you do not have the recipient's public key in your address book, Outlook Express displays the following message:
One or more of the messages could not be opened.
You do not have valid certificates in the Address Book for the following recipients:
<list of recipients>
You must resolve the certificate problems listed above before you can send this message (Try Again).
Additional NotesEach time you view a message that has been altered since it was sent, you receive a warning notification. The option to not notify you again applies to the current message only.
Some mail servers rewrite messages before sending them out. These messages are displayed as altered when received; it does not mean that someone has maliciously altered the message. If you receive many altered messages, check with your mail administrator to see if your mail server is causing the problem.
Article ID: 168726 - Last Review: July 23, 2007 - Revision: 4.0