How to encrypt email in Outlook 2007

Jack Wallen explains how to set up email encryption in Outlook 2007, including how to obtain digital certificates and share digital IDs.

There are many reasons why you might want to encrypt your email. Be it to keep company secrets from unwanted eyes, privacy requirements of your job, or a general fear of someone gaining too much information about you. For whatever reason you have, you need to be able to sign and encrypt your email. There are many ways to do this, but Outlook does a very poor job of making this task user friendly. So, for those that are in need of encryption in Outlook 2007, I present to you the steps to take care of this task.

What you will need:

  • Outlook 2007.
  • A Digital ID from one of many sources (check this site for a list of sources of digital IDs). NOTE: Most of these source do charge for keys. CoSign has a desktop key for $9.95 per month.
  • The shared certificate from the contact you wish to send encrypted mail to.

Get and set up your certificate

The first step you need to take is to get your Digital ID. The process for this will depend upon which ID you purchase. But more than likely your ID will come in the form of an executable installation that will add your ID to your Windows 7 machine. Once added, that ID will become available to Outlook.

To make sure your ID is available in Outlook click Tools | Trust Center and then E-mail Security. In this window, click on Settings, which will open up the Change Security Settings window (see Figure A).

Figure A

Make sure the Cryptography Format is set to S/MIME.

For this new window click on the Choose button in the Encryption Certificate section and then select the certificate you want to use. You will also want to make sure the Hash Algorithm is set to SHA1 for Signing Certificates. Your Encryption algorithm will be set by your Digital ID, so you can't change that option.

With your certificate in place, you are almost ready to send an encrypted email. But first, you have to share digital IDs with the recipient of the encrypted email. Let's see how this is done.

Sharing digital IDs

All you have to do is exchange digitally signed emails with the person you want to send encrypted email with. When each person receives the digitally SIGNED (not encrypted) email it will have a signed icon. From this digitally-signed message right-click the user's name in the From field and add the user to your contacts. When this user is added to the contacts, their Digital ID will be added along with it.

You can also obtain Digital Certificates from a directory service or the Exchange Global Address Book.

Once you have the Digital ID of the user added to your contacts you are now able to send encrypted email to that user.

You will also want to send your Digital ID to the user who will receive your encrypted email. To do this, compose an email to the recipient and then click the Digitally Sign Message icon (see Figure B).

Figure B

The sign icon is the yellow envelope with the red pin.

Encrypting an email

Now it's time to encrypt an email. It's very similar to signing an email, only when you compose the mail you will click the Encrypt icon (the yellow envelope with the blue pin). When you do this you will be prompted for your Digital ID passphrase. Once you authenticate against the key, the mail will be sent.

Encryption between Outlook and non-Outlook clients

Outlook does take a rather cumbersome approach to encryption. With other clients there are much simpler tools. Say, for example, you are wanting to encrypt email to a Linux user who uses Evolution. For this you will have a hard time using the Digital ID you have downloaded. Instead you can use a tool like GPG4WIn. With this tool you can easily create an encryption key, export that encryption key, and attach that key to an email for the intended target. When the target receives the email they will need to save the key to a file and then import the key in with a tool like Seahorse. One point of note: The intended user MUST verify the key sent from the user, otherwise the sending of encrypted email will fail.

Final thoughts

Encryption is a very important tool for many users. For those who need it, the process can be a challenge, but it's not impossible. With this walk-through, you should be able to get encryption working quickly and easily.

Have you found a more efficient way of encrypting email in Outlook? If so, share it with your fellow TechRepublic readers.


Jack Wallen is an award-winning writer for TechRepublic and He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website


Thanks for the clear instructions. I wish you would have mentioned the process of adding a certificate received from others to Outlook. MS has made the entire process of setting up email encryption miserable, beginning with hiding the toolbar buttons from users.  It's clear MS doesn't want to help Outlook users encrypt their email.  I'm also skeptical about the getting a certificate from an "authority," ostensibly so they can verify who you are, but this opens up a huge store pile of private keys for the NSA to go in and force the authority to turn over.  So we're paying lots of money, to an authority, so they can hold our private keys and make them available to the Government. That's kind of a not-so-great deal, don't you think?

Setting up GPG is also not an easy process. Looks like great software but the integration to Outlook 2010 was just too much for me, and I never did get it to work quite right.  For now, I'm using the Outlook add-on. It eases the burden on my recipients/clients, most of whom I will only email once a month or less.

I hope you'll continue writing about this subject in the wake of the NSA scandals. People really need to take some precautions to protect their privacy.


Hi there, The "Change Security Settings" is not there. It's only showing the "Welcome to E-Mail Security" pop windows with two buttons below; "Get Digital ID..." and "OK". How do i get the "Change Security Settings" window? Thanks, Eam


An interesting article and strange that nobody has anything to say :). I was just wondering whether people use any other technology that is not built in, say openPGP keys or something else?. I remember about 10 years ago that the old PGP that used to be free had solutions for Outlook that worked quite well.


This is a three-year-old article. Try reposting this in the 'Q&A' forum. The 'Discussion' forum is for matters of general discussion, not specific problems in search of a solution. The 'Water Cooler' is for non-technical discussions. You can submit a question to 'Q&A' here:;content There are TR members who specifically seek out problems in need of a solution. Although there is some overlap between the forums, you'll find more of those members in 'Q&A' than in 'Discussions' or 'Water Cooler'. Be sure to use the voting buttons to provide your feedback. Voting a '+' does not necessarily mean that a given response contained the complete solution to your problem, but that it served to guide you toward it. This is intended to serve as an aid to those who may in the future have a problem similar to yours. If they have a ready source of reference available, perhaps won't need to repeat questions previously asked and answered. If a post did contain the solution to your problem, you can also close the question by marking the helpful post as "The Answer".

Editor's Picks