Digital Signature and Encryption in Outlook

This section describes how Microsoft Office Outlook supports digital signature and encryption when sending out email messages.

From previous sections, we learned how PKI S/MIME standard can make email messages more secure. Now we need to find out an email client program that supports the S/MIME standard.

Microsoft Office Outlook does support both digital signature and encryption. Here is the help text from Outlook:

Using certificates for cryptographic e-mail messaging in Outlook

Outlook uses certificates in cryptographic e-mail messaging to help provide more secure communications. To use cryptography when you send and receive e-mail messages, you must first obtain a digital ID (digital ID: Contains a private key that stays on the sender's computer and a certificate (with a public key). The certificate is sent with digitally signed messages. Recipients save the certificate and use the public key to encrypt messages to the sender.) from a certificate authority (certificate authority (CA): An entity, similar to a notary public, that issues digital certificates, keeps track of who is assigned to a certificate, signs certificates to verify their validity, and tracks which certificates are revoked or expired.) (CA). Digitally signing a message applies the sender's certificate and public key to the message. Your certificate is sent with the message to help authenticate you to the recipient. You also use a certificate in Outlook when you encrypt messages.

Certificates are validated by means of a certificate hierarchy. The root certificate authority (root authority: The certification authority (CA) at the top of a certification hierarchy (known as a "chain of trust") with several other certificate authorities; each verifying the authenticity of the next CA. The root CA has a self-signed certificate.) is at the top of a certification hierarchy (certification hierarchy: A structure whereby one certificate authority verifies another certification authority's certificates by digitally signing them. This establishes a "chain of trust" that increases confidence that a certificate is authentic.) and is the most trusted CA. The root CA has a self-signed certificate, so it is important to obtain certificates only from certificate authorities that are known and trusted.

You can learn more about the characteristics of one of your own certificates or a certificate that is attached to an e-mail message that you received). For example, you can:

View the certificate trust hierarchy and see who issued the certificate at the top of that hierarchy.

Determine the signature algorithm used by the certificate (for example, RSA/SHA1).

Determine the encryption algorithm used by the certificate (for example, 3DES (3DES: An encryption algorithm based on the Data Encryption Standard (DES). Triple DES (3DES) repeats DES three times. Consequently, 3DES runs slower than standard DES. However, it is more secure.)).

To view information about a certificate that has been used to encrypt or digitally sign an e-mail message that was sent to you, open the message and click the cryptographic button on the far right in the header, for example, Encrypted or Signed. For messages that are signed, or encrypted and signed, in the next dialog box, for example, the Digital Signature: Valid dialog box, click Details.

In the Message Security Properties dialog box, you see the properties of the message, including the security layers. You can click a security layer to see a description of that layer.

You can also view additional information about the certificate or make changes to a security layer. For example, you may want to find out why Outlook has determined that a certificate for an e-mail message is invalid (invalid: Refers to a certificate with a status that Outlook has checked against a certificate authority's database and found to not be legitimate or not current. The certificate might also be expired or revoked.) or not trusted. In some scenarios, you can also take steps to correct the status of the certificate. For example, you can choose to trust the CA that issued the certificate, if that is why a digital signature certificate is not trusted.

Table of Contents

 About This Book

 Introduction of PKI (Public Key Infrastructure)

 Introduction of HTTPS (Hypertext Transfer Protocol Secure)

 Using HTTPS with Google Chrome

 Using HTTPS with Mozilla Firefox

 HTTPS with Microsoft Edge

 Using HTTPS with Apple Safari

 HTTPS with IE (Internet Explorer)

 Android and Server Certificate

 iPhone and Server Certificate

 Windows Certificate Stores and Console

 RDP (Remote Desktop Protocol) and Server Certificate

 macOS Certificate Stores and Keychain Access

 Perl Scripts Communicating with HTTPS Servers

 PHP Scripts Communicating with HTTPS Servers

 Java Programs Communicating with HTTPS Servers

 .NET Programs Communicating with HTTPS Servers

 CAcert.org - Root CA Offering Free Certificates

 PKI CA Administration - Issuing Certificates

 Comodo Free Personal Certificate

 Digital Signature - Microsoft Word

 Digital Signature - OpenOffice.org 3

S/MIME and Email Security

 What Is S/MIME

 Digital Signature Scheme for Email Messages

 A Simple Email Message Example

 Email Messages with Attachments using MIME

 Email Messages with Digital Signatures using S/MIME

 Encrypted Email Messages using S/MIME

Digital Signature and Encryption in Outlook

 Email Security Settings in Outlook

 Valid Certificate Required in Outlook

 Message Security Properties in Outlook 2007

 Firefox Extension - Gmail S/MIME

 PKI (Public Key Infrastructure) Terminology

 Archived Tutorials

 References

 Full Version in PDF/EPUB