Microsoft KB Archive/927469

= Information about why the size of a digitally signed or encrypted e-mail message increases in Exchange 2003 =

Article ID: 927469

Article Last Modified on 10/25/2007

-

APPLIES TO


 * Microsoft Exchange Server 2003 Enterprise Edition
 * Microsoft Exchange Server 2003 Standard Edition

-



INTRODUCTION
This article describes why the size of a digitally signed or encrypted e-mail message increases in Microsoft Exchange Server 2003.



MORE INFORMATION
When you create, reply to, or forward a digitally signed or encrypted message in Exchange 2003, the message size increases. If the message is both digitally signed and encrypted, the size increases even more. This increase occurs because of the change in the encoding method that is used when the message is digitally signed or encrypted. This increase also occurs because of the additional information that must be included with the message.

When you digitally sign or encrypt a message, the message is stored in MIME format instead of MAPI format. This causes attachments to be stored in Base64-encoded format. Additionally, two copies of the message body are stored. One copy is stored in HTML format. The other copy is stored in RTF format. Although this causes an increase in message size, the increase is not necessarily twofold. This behavior occurs because the plain text message is much smaller than the HTML message.

The information about the digital signature or the encryption data must be included with the message. For a digital signature, this information includes the certificate chain and the SMIME information. When the message is encrypted, the information includes the lockboxes for each person for whom the message is encrypted.

Note A lockbox can be opened only if you have the correct key. When a message is encrypted, the client generates a random secret key that is called a bulk encryption key. This is used to encrypt the message. The recipient's public encryption key is then used to encrypt the bulk encryption key in a lockbox. The lockbox enables the random bulk encryption key to be transmitted securely to the recipients. If an encrypted message is sent to several recipients, each recipient's public encryption key is used to generate a different lockbox. However, the contents of the message are encrypted only one time.

When you digitally sign a message, Base64 encoding causes a 137-percent increase in message size. If you then encrypt the message, Base64 encoding causes another 137-percent increase in message size. This results in a size increase of approximately 274 percent plus some additional overhead that is associated with the processes of signing and encrypting the message.



For more information about messaging security in Exchange 2003, see the Microsoft Exchange Server 2003 Message Security Guide. To obtain this guide, visit the following Microsoft Web site:

http://go.microsoft.com/fwlink/?LinkId=34666

For more information about the encoding methods in Exchange Server, click the following article number to view the article in the Microsoft Knowledge Base:

836555 Frequently asked questions about MIME and content conversion in Exchange 2000 Server and in Exchange Server 2003

Additional query words: XADM public private

Keywords: kbinfo kbdigitalsignatures kbdigitalcertificates kbexpertiseadvanced kbhowto KB927469

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.