Microsoft KB Archive/182356

= OL98: Encryption and Message Security Overview =

Article ID: 182356

Article Last Modified on 7/30/2001

-

APPLIES TO


 * Microsoft Outlook 98 Standard Edition

-



This article was previously published under Q182356





SUMMARY
Microsoft Outlook 98 includes security features that allow you to send and receive secure e-mail messages over the Internet. To accomplish this, Outlook incorporates support for the Secure Multi-Purpose Internet Messaging Extensions (S/MIME) protocol. Using this standard enables you to send and receive signed or sealed (encrypted) Internet mail.

This article describes how to:
 * Get a Digital ID for sending secure messages
 * Backup or copy a Digital ID
 * Move a Digital ID to another computer
 * Send a signed message
 * Add a Digital ID to your Contacts list
 * Send an encrypted (sealed) message
 * Sign or encrypt all messages you send



MORE INFORMATION
The certifying authority will send you an e-mail message, to the address you specified, containing your digital ID and further instructions.

To Backup or Copy a Digital ID

 * 1) On the Tools menu, click Options, and then click the Security tab.
 * 2) Click Import/Export Digital ID.
 * 3) Click to select "Export your Exchange or S/MIME Security Information." and then click Select.
 * 4) Click to select the certificate you want to back up, and then click OK.
 * 5) To remove the digital ID from this computer, click to select the "Delete Security Information Digital ID from system" check box.
 * 6) In the Password box, type the password for this certificate.
 * 7) Type or browse to the path and file name for your digital ID and then click OK.

Outlook saves your digital ID as a .pfx file.

To Move a Digital ID to Another Computer

 * 1) Copy the .pfx file you created to the new computer.
 * 2) On the new computer in Outlook, on the Tools menu, click and then click the Security tab.
 * 3) Click Import/Export Digital ID.
 * 4) Click to select "Import existing Exchange or S/MIME Security Information."
 * 5) Type or browse the path location to the .pfx file created above and type the password.
 * 6) In the Keyset box, enter your keyset (this is usually your mailbox name) and then click OK.

The digital ID is now available on the new computer.

To Send a Signed Message

 * 1) Open a new message.
 * 2) Click the View menu and then click Options.
 * 3) Click to select the "Add digital signature to outgoing message" check box, and then click Close.
 * 4) Complete and send the message.

The message received is marked with a certificate icon in the lower right corner of the header. The recipient can click this icon to see validation information about your digital signature.

To Add a Digital ID to Your Contacts List
To send someone an encrypted message, you need a copy of that person's digital ID. Have the person send you a digitally signed message; when you receive the message, follow these steps:
 * 1) Open the digitally signed message.
 * 2) Right-click the name in the From field, and on the shortcut menu click Add To Contacts.
 * 3) If you have an entry for this person on your contacts list, click Update This Address.

The digital ID is stored with your contact entry for this person, however, to send and receive encrypted mail with this contact, you will need to exchange public keys with them within a digitally signed message.

To view the certificates for a contact, double-click the person's name, and then click the Certificates tab.

To Send an Encrypted (Sealed) Message

 * 1) Open a new message.
 * 2) Click the View menu and then click Options.
 * 3) Click to select the "Encrypt message contents and attachments" check box, and then click Close.
 * 4) Complete and send the message.

The message received is marked by a Lock icon in the lower right corner of the header. The recipient can click this icon to see validation information about the encryption certificate.

NOTE: When sending an encrypted message you may receive the following "Non-Secure Recipients" message:

None of the recipients can process an encrypted message. You can either proceed with an unencrypted message or cancel the operation.

This is because you addressed the message using the Global Address List or other non-contact address source. You must use the contact record containing the recipient's digital ID to address the message.

To Sign or Encrypt All Messages You Send

 * 1) Click the Tools menu and then click Options.
 * 2) On the Security tab, click to select "Encrypt contents and attachments for outgoing messages" or "Add digital signature to outgoing messages" and then click OK.

NOTE: To specify that recipients whose e-mail clients do not support S/MIME signatures are allowed to read the message without verification of the digital signature, click to select "Send clear text signed message."

Digitally signed messages can be sent either clear signed or opaque signed. The default setting is opaque signed.

Clear signed messages may be read by any MIME client, whether it is S/MIME aware or not. With Opaque signing, the message is sent, but clients that do not understand S/MIME receive it as an attachment named Smime.p7m.

NOTE: Some Internet mail gateways strip out the signing information.

Additional query words: 98

Keywords: kbhowto kbsecurity KB182356

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.