Jack Wallen explains how to set up email encryption in Outlook 2007, including how to obtain digital certificates and share digital IDs.
There are many reasons why you might want to encrypt your email. Be it to keep company secrets from unwanted eyes, privacy requirements of your job, or a general fear of someone gaining too much information about you. For whatever reason you have, you need to be able to sign and encrypt your email. There are many ways to do this, but Outlook does a very poor job of making this task user friendly. So, for those that are in need of encryption in Outlook 2007, I present to you the steps to take care of this task.
What you will need:
- Outlook 2007.
- A Digital ID from one of many sources (check this site for a list of sources of digital IDs). NOTE: Most of these source do charge for keys. CoSign has a desktop key for $9.95 per month.
- The shared certificate from the contact you wish to send encrypted mail to.
Get and set up your certificate
The first step you need to take is to get your Digital ID. The process for this will depend upon which ID you purchase. But more than likely your ID will come in the form of an executable installation that will add your ID to your Windows 7 machine. Once added, that ID will become available to Outlook.To make sure your ID is available in Outlook click Tools | Trust Center and then E-mail Security. In this window, click on Settings, which will open up the Change Security Settings window (see Figure A).
Make sure the Cryptography Format is set to S/MIME.
For this new window click on the Choose button in the Encryption Certificate section and then select the certificate you want to use. You will also want to make sure the Hash Algorithm is set to SHA1 for Signing Certificates. Your Encryption algorithm will be set by your Digital ID, so you can't change that option.
With your certificate in place, you are almost ready to send an encrypted email. But first, you have to share digital IDs with the recipient of the encrypted email. Let's see how this is done.
Sharing digital IDs
All you have to do is exchange digitally signed emails with the person you want to send encrypted email with. When each person receives the digitally SIGNED (not encrypted) email it will have a signed icon. From this digitally-signed message right-click the user's name in the From field and add the user to your contacts. When this user is added to the contacts, their Digital ID will be added along with it.
You can also obtain Digital Certificates from a directory service or the Exchange Global Address Book.
Once you have the Digital ID of the user added to your contacts you are now able to send encrypted email to that user.You will also want to send your Digital ID to the user who will receive your encrypted email. To do this, compose an email to the recipient and then click the Digitally Sign Message icon (see Figure B).
The sign icon is the yellow envelope with the red pin.
Encrypting an email
Now it's time to encrypt an email. It's very similar to signing an email, only when you compose the mail you will click the Encrypt icon (the yellow envelope with the blue pin). When you do this you will be prompted for your Digital ID passphrase. Once you authenticate against the key, the mail will be sent.
Encryption between Outlook and non-Outlook clients
Outlook does take a rather cumbersome approach to encryption. With other clients there are much simpler tools. Say, for example, you are wanting to encrypt email to a Linux user who uses Evolution. For this you will have a hard time using the Digital ID you have downloaded. Instead you can use a tool like GPG4WIn. With this tool you can easily create an encryption key, export that encryption key, and attach that key to an email for the intended target. When the target receives the email they will need to save the key to a file and then import the key in with a tool like Seahorse. One point of note: The intended user MUST verify the key sent from the user, otherwise the sending of encrypted email will fail.Final thoughts
Encryption is a very important tool for many users. For those who need it, the process can be a challenge, but it's not impossible. With this walk-through, you should be able to get encryption working quickly and easily.
Have you found a more efficient way of encrypting email in Outlook? If so, share it with your fellow TechRepublic readers.