OL2000: Encryption and Message Security Overview

This article was previously published under Q195477
This article has been archived. It is offered "as is" and will no longer be updated.
Microsoft Outlook 2000 includes security features that allow you to sendand receive secure e-mail messages over the Internet. To accomplish this,Outlook incorporates support for the Secure Multi-Purpose InternetMessaging Extensions (S/MIME) protocol. Using this standard enables you tosend and receive signed or sealed (encrypted) Internet mail.

This article describes how to:

  • Get a Digital ID for sending secure messages
  • Backup or copy a Digital ID
  • Move a Digital ID to another computer
  • Send a signed message
  • Add a Digital ID to your Contacts list
  • Send an encrypted (sealed) message
  • Sign or encrypt all messages you send
More information
You can sign your messages with a digital ID, also called a certificate, sothe intended recipient can be sure that the message actually came from youand no one has tampered with it. You can seal your messages, also known asencrypting, using a special mathematical formula so that only the intendedrecipient can read your message and attachments.

To send secure messages you need a digital ID. A digital ID provides ameans for proving your identity on the Internet. You can obtain a DigitalID from a certification authority, such as Verisign Inc. With some types ofe-mail servers, your network administrator can also issue a digital ID.

A digital ID has two parts, a private key and a public key. Theirreplaceable private key is usually stored on your computer. You canexport and import this private key to other computers in order to move youre-mail security settings from one computer to another. You can also make abackup copy of your private key. The other component of your digital ID isa public key. You send this key to people from whom you want to receiveencrypted messages as well as those you want to be able to verify yoursigned messages.

To Get a Digital ID for Sending Secure Messages

  1. On the Tools menu, click Options, click the Security tab and then. click "Get a Digital ID."
  2. If you are using the Corporate or Workgroup installation of Outlook, click to select "Get a S/MIME certificate from an external Certification Authority." and then click OK.

    This will launch your browser and display information about obtaining a Digital ID from Microsoft's preferred provider, Verisign.
  3. Click "Get your ID now."
  4. Follow the instructions on the Web page and then click Accept.
The certifying authority will send you an e-mail message, to the addressyou specified, containing your digital ID and further instructions.

To Backup or Copy a Digital ID

  1. On the Tools menu, click Options, and then click the Security tab.
  2. Click "Import/Export Digital ID."
  3. Click to select "Export your Digital ID to a file" and then click Select.
  4. Click to select the certificate you want to back up, and then click OK.
  5. To remove the digital ID from this computer, click to select the "Delete Security Information Digital ID from system" check box.
  6. In the Password box, type the password for this certificate.
  7. Type or browse to the path and file name for your digital ID and then click OK.
Outlook saves your digital ID as a .pfx file.

To Move a Digital ID to Another Computer

  1. Copy the .pfx file you created to the new computer.
  2. On the new computer in Outlook, on the Tools menu, click Options and then click the Security tab.
  3. Click Import/Export Digital ID.
  4. Click to select "Import existing Digital ID from a file."
  5. Type or browse to the .pfx file created above and type the password.
  6. In the Password box, type the digital ID password.
  7. In the Digital ID Name box, type your ID Name and then click OK.
The digital ID is now available on the new computer.

To Send a Signed Message

  1. Open a new message.
  2. On the View menu, click Options.
  3. Click to select the "Add digital signature to outgoing message" check box, and then click Close.
  4. Complete and send the message.
The message received is marked with a certificate icon in the lower-rightcorner of the header. The recipient can click this icon to see validationinformation about your digital signature.

To Add a Digital ID to Your Contacts List

To send someone an encrypted message, you need a copy of that person'sdigital ID. Have the person send you a digitally signed message; when youreceive the message, follow these steps:

  1. Open the digitally signed message.
  2. Right-click the name in the From field, and on the shortcut menu click Add To Contacts.
  3. If you have an entry for this person on your contacts list, click Update This Address.
The digital ID is stored with your contact entry for this person. You cannow send encrypted e-mail messages to this person. To view the certificatesfor a contact, double-click the person's name, and then click theCertificates tab.

To Send an Encrypted (Sealed) Message

  1. Open a new message.
  2. On the View menu, click Options.
  3. Click to select the "Encrypt message contents and attachments" check box, and then click Close.
  4. Complete and send the message.
The message received is marked by a Lock icon in the lower-right corner ofthe header. The recipient can click this icon to see validation informationabout the encryption certificate.

NOTE: When sending an encrypted message you may receive the following "Non-Secure Recipients" message:

   None of the recipients can process an encrypted message. You can   either proceed with an unencrypted message or cancel the operation.				

This is because you addressed the message using the Global Address Listor other non-contact address source. You must use the contact recordcontaining the recipient's digital ID to address the message.

To Sign or Encrypt All Messages You Send

  1. On the Tools menu, click Options.
  2. On the Security tab, click to select "Encrypt contents and attachments for outgoing messages" or "Add digital signature to outgoing messages" and then click OK.
NOTE: To specify that recipients whose e-mail clients do not support S/MIMEsignatures are allowed to read the message without verification of thedigital signature, click to select "Send clear text signed message."
2000 OL2K

Article ID: 195477 - Last Review: 10/26/2013 15:03:00 - Revision: 4.0

  • Microsoft Outlook 2000 Standard Edition
  • kbnosurvey kbarchive kbinfo KB195477