Description of the security features that allow you to send e-mail messages over the Internet (286159)


The information in this article applies to:

  • Microsoft Office Outlook 2003
  • Microsoft Outlook 2002
This article was previously published under Q286159
For a Microsoft Outlook 2000 version of this article, see 195477.
For a Microsoft Outlook 98 version of this article, see 182356.

SUMMARY

Outlook includes security features that allow you to send and receive secure messages over the Internet. To accomplish this, Outlook incorporates support for the Secure Multi-Purpose Internet Messaging Extensions (S/MIME) protocol. Using this standard enables you to send and receive signed or sealed (encrypted) Internet e-mail.

This article describes how the following information:
  • How to get a digital ID for sending secure messages.
  • How to back up or copy a digital ID.
  • How to move a digital ID to another computer.
  • How to send a signed message.
  • How to add a digital ID to your Contacts list.
  • How to send an encrypted (sealed) message.
  • How to Sign or encrypt all messages that you send.

MORE INFORMATION

You can sign your messages with a digital ID, also called a certificate, so that the intended recipient can be sure that the message actually came from you and that it has not been tampered with. You can seal your messages, also known as encrypting, by using a special mathematical formula so that only the intended recipient can read your message and attachments.

To send secure messages you need a digital ID. A digital ID provides a means for proving your identity on the Internet. You can obtain a digital ID from a certification authority, such as Verisign, Inc. With some types of e-mail servers, your network administrator can also issue you a digital ID.

A digital ID has two parts, a private key and a public key. The replaceable private key is usually stored on your computer. You can export and import this private key to other computers in order to move your e-mail security settings from one computer to another. You can also make a backup copy of your private key. The other component of your digital ID is a public key. You send this key to people from whom you want to receive encrypted messages, as well as to those that you want to be able to verify your signed messages.

How to Get a Digital ID for Sending Secure Messages

  1. On the Tools menu, click Options, click the Security tab, and then click Get a Digital ID.
  2. In Outlook, click to select Get a S/MIME certificate from an external Certification Authority, and then click OK.

    This launches your browser and displays information about how to obtain a digital ID from Microsoft's preferred provider, Verisign.
  3. Click Get your ID now.
  4. Follow the instructions on the Web page, and then click Accept.
The certifying authority will send you a message, to the address you specified, that contains your digital ID and further instructions.

How to Back up or Copy a Digital ID

  1. On the Tools menu, click Options, and then click the Security tab.
  2. Click Import/Export Digital ID.
  3. Click to select Export your Digital ID to a file, and then click Select.
  4. Click to select the certificate that you want to back up, and then click OK.
  5. To remove the digital ID from this computer, click to select the Delete Security Information Digital ID from system check box.
  6. In the Password box, type the password for this certificate.
  7. Type or browse to the path and file name for your digital ID, and then click OK.
Outlook saves your digital ID as a .pfx file.

How to Move a Digital ID to Another Computer

  1. Copy the .pfx file that you created to the new computer.
  2. On the new computer in Outlook, on the Tools menu, click Options, and then click the Security tab.
  3. Click Import/Export Digital ID.
  4. Click to select Import existing Digital ID from a file.
  5. Type or browse to the .pfx file that you created, and then type the password.
  6. In the Password box, type the digital ID password.
  7. In the Digital ID Name box, type your ID Name, and then click OK.
The digital ID is now available on the new computer.

How to Send a Signed Message

  1. Open a new message.
  2. On the View menu, click Options.
  3. Click to select the Add digital signature to outgoing message check box, and then click Close.
  4. Complete and send the message.
The message received is marked with a certificate icon in the lower-right corner of the header. The recipient can click this icon to see the validation information about your digital signature.

How to Add a Digital ID to Your Contacts List

To send someone an encrypted message, you need a copy of that person's digital ID. Have the person send you a digitally signed message, and then use the following steps when you receive the message:
  1. Open the digitally signed message.
  2. Right-click the name in the From field, and then click Add To Contacts on the shortcut menu.
  3. If you have an entry for this person on your contacts list, click Update This Address.
The digital ID is stored with your contact entry for this person. You can now send encrypted messages to this person. To view the certificates for a contact, double-click the person's name, and then click the Certificates tab.

How to Send an Encrypted (Sealed) Message

  1. Open a new message.
  2. On the View menu, click Options.
  3. Click to select the Encrypt message contents and attachments check box, and then click Close.
  4. Complete and send the message.
The message received is marked by a Lock icon in the lower-right corner of the header. The recipient can click this icon to see the validation information about the encryption certificate.

Note: When you send an encrypted message, you may receive the following "Non-Secure Recipients" message:

None of the recipients can process an encrypted message. You can either proceed with an unencrypted message or cancel the operation.

This is because you addressed the message by using the Global Address List or other non-contact address source. You must use the contact record that contains the recipient's digital ID to address the message.

How to Sign or Encrypt All Messages That You Send

  1. On the Tools menu, click Options.
  2. On the Security tab, click to select Encrypt contents and attachments for outgoing messages or Add digital signature to outgoing messages, and then click OK.
NOTE: To specify that recipients whose e-mail clients do not support S/MIME signatures are allowed to read the message without verification of the digital signature, click to select Send clear text signed message.
Modification Type:MinorLast Reviewed:10/7/2004
Keywords:kbdigitalcertificates kbdigitalsignatures kbSecurity kbhowto kbinfo KB286159
©2004 Microsoft Corporation. All rights reserved.