The Advanced Encryption Standard (AES) encryption algorithm is available for S/MIME communications only on Windows Vista and on Windows 7. AES is not available for email encryption when the email client is running on Windows XP.
If you are using an email program that is running on Windows 7 and send an AES-encrypted email message to a recipient who is running Microsoft Outlook on a Windows XP workstation, the recipient receives the following error message when they try to open the encrypted email message:
Your digital ID name cannot be found by the underlying security system.
The strongest encryption algorithm available for encrypting email on a Windows XP client is triple DES (3DES). If you install Outlook on a Windows XP workstation, when you configure Outlook to use a certificate that includes AES support, AES is not available as an encryption algorithm. Outlook lists only encryption algorithms that your computer system supports. AES is not supported on Windows XP. Additionally, messages that are encrypted by using AES cannot be read on computers that are running Windows XP.
For more information about a similar limitation when you use Outlook Web App (OWA) for Exchange, go to the following Microsoft TechNet website:
Information Technology (IT) professionals can create, update, and use custom cryptography algorithms. Some third-party applications may use custom algorithms that are based on Cryptography Next Generation (CNG). IT professionals who want more information can go to the following Microsoft TechNet website: