PKI Tutorials - Herong's Tutorial Examples - v2.20, by Dr. Herong Yang
Digital Signature and Encryption in Outlook
This section describes how Microsoft Office Outlook supports digital signature and encryption when sending out email messages.
From previous sections, we learned how PKI S/MIME standard can make email messages more secure. Now we need to find out an email client program that supports the S/MIME standard.
Microsoft Office Outlook does support both digital signature and encryption. Here is the help text from Outlook:
Using certificates for cryptographic e-mail messaging in Outlook
Outlook uses certificates in cryptographic e-mail messaging to help provide more secure communications. To use cryptography when you send and receive e-mail messages, you must first obtain a digital ID (digital ID: Contains a private key that stays on the sender's computer and a certificate (with a public key). The certificate is sent with digitally signed messages. Recipients save the certificate and use the public key to encrypt messages to the sender.) from a certificate authority (certificate authority (CA): An entity, similar to a notary public, that issues digital certificates, keeps track of who is assigned to a certificate, signs certificates to verify their validity, and tracks which certificates are revoked or expired.) (CA). Digitally signing a message applies the sender's certificate and public key to the message. Your certificate is sent with the message to help authenticate you to the recipient. You also use a certificate in Outlook when you encrypt messages.
Certificates are validated by means of a certificate hierarchy. The root certificate authority (root authority: The certification authority (CA) at the top of a certification hierarchy (known as a "chain of trust") with several other certificate authorities; each verifying the authenticity of the next CA. The root CA has a self-signed certificate.) is at the top of a certification hierarchy (certification hierarchy: A structure whereby one certificate authority verifies another certification authority's certificates by digitally signing them. This establishes a "chain of trust" that increases confidence that a certificate is authentic.) and is the most trusted CA. The root CA has a self-signed certificate, so it is important to obtain certificates only from certificate authorities that are known and trusted.
You can learn more about the characteristics of one of your own certificates or a certificate that is attached to an e-mail message that you received). For example, you can:
View the certificate trust hierarchy and see who issued the certificate at the top of that hierarchy.
Determine the signature algorithm used by the certificate (for example, RSA/SHA1).
Determine the encryption algorithm used by the certificate (for example, 3DES (3DES: An encryption algorithm based on the Data Encryption Standard (DES). Triple DES (3DES) repeats DES three times. Consequently, 3DES runs slower than standard DES. However, it is more secure.)).
To view information about a certificate that has been used to encrypt or digitally sign an e-mail message that was sent to you, open the message and click the cryptographic button on the far right in the header, for example, Encrypted or Signed. For messages that are signed, or encrypted and signed, in the next dialog box, for example, the Digital Signature: Valid dialog box, click Details.
In the Message Security Properties dialog box, you see the properties of the message, including the security layers. You can click a security layer to see a description of that layer.
You can also view additional information about the certificate or make changes to a security layer. For example, you may want to find out why Outlook has determined that a certificate for an e-mail message is invalid (invalid: Refers to a certificate with a status that Outlook has checked against a certificate authority's database and found to not be legitimate or not current. The certificate might also be expired or revoked.) or not trusted. In some scenarios, you can also take steps to correct the status of the certificate. For example, you can choose to trust the CA that issued the certificate, if that is why a digital signature certificate is not trusted.
Table of Contents