Trustis
www.simplysign.co.uk
Key Links Site Map FAQs
Home | About SimplySign | Get a Certificate | Terms & Conditions | Information | Contact Details | Online Help
Chamber SimplySign - Online Help

Using MS Outlook 98 Secure Email

Who's reading your email?  Imagine that the only way you could communicate with your clients, colleagues, partners and suppliers was through the picture postcard. Would that affect what you put down in writing?  It should!  Why is it then, that most people and businesses continue to communicate sensitive and sometimes critical information via email?  Of course we all want the benefits of email: the ability to communicate swiftly, cheaply and without regard to location or time zone.  But can we afford to bet our business or our personal fortunes on the chance that the email might be read or forged by others.

With Secure Email, you can now do something about it.  Digital Certificates used with an email program designed to take advantage of them make it possible to digitally sign your e-mail and to receive encrypted messages.  This means that when you send e-mail, the recipients will know without a doubt that it came from you and was not modified by someone else in transit, and that when you get incoming mail, you will know that only you can read it.

Contents

Setting up your Default Security Settings for Secure E-mail
Setting Up Your Toolbar for Secure E-mail
Digitally Signing Your E-mail with Outlook '98
Signing individual messages
Automatically signing all outgoing messages
Encrypting Your E-mail
Encrypting individual messages
Automatically encrypting all outgoing messages
Managing Contacts’ Digital Certificates
Storing Digital Certificates from a received signed message
Importing Digital Certificates into Contacts Folder
Setting up your Default Security Settings for Secure Email

Before you sign and encrypt your e-mail, you need to indicate which digital certificates are to be used.  Outlook98 supports the use of separate certificates for signing and encryption (otherwise known as Dual Certificate support).  This separation is widely regarded to be good practice, and should be taken advantage of   wherever possible through the use of certificates that are themselves restricted to either encryption or signing operations.

  1. In Outlook98, from the menus, choose "Tools, Options"
  2. Select the "Security" tab
  3. Click on the "Change Settings" button
  4. A new window appears (see attached image)
  1. Ensure S/MIME is selected for "Secure Message Format"
  2. Under Digital Signature
    1. click on the "Choose" button and select the certificate to be used for Digital Signatures
    2. Choose a signing algorithm to be used (recommend SHA1 where available)
  3. Under Encryption
    1. click on the "Choose" button and select the certificate to be used for encrypted emails to be sent to you
    2. Choose an encryption algorithm to be used (recommend 3DES where available, otherwise in order of preference: RC2-128bit, DES, RC2-40bit)
  4. Select "Send these certificates with signed messages"
  5. Type a meaningful name e.g. "My Company Secure Email" in the box labelled "Security Settings Name"
  6. Click on the "Create New" button
  7. Click on the "OK" button which will take you back to the previous window
 ChangeSettings.gif (9578 bytes)
  1. In the box labelled "Default Security Setting", choose the name you just defined for the Security Settings you just created, e.g. "My Company Secure Email" in the example above.
  2. Click on "Ok"
 securityMail.gif (11302 bytes)

Return to table of contents

Setting Up Your Toolbar for Secure E-mail

Before you sign and encrypt your e-mail, you should add signing and encrypting icons to your toolbar:

  1. Open a new mail message (File menu, New)
  2. In the message window, go to View, Toolbars, Customize
  3. Select the "Commands" tab and click on "Standard" under categories
  4. Scroll down the list under Commands and drag and drop the "Encrypt Message Contents" and "Digitally Sign Message" icons into the toolbar. (Note: Drop the icons anywhere to the left of the office assistant icon.)
  5. Click the "Close" button.

Return to table of contents

Digitally Signing Your E-mail with Outlook ’98

Digitally signing a message lets the recipient know that the message and any attachments really came from you, and haven't been tampered with. When sending a digitally signed message, the recipient need not be using an S/MIME-enabled e-mail package. The recipient can still read the message-- your digital signature simply shows up as an attachment.

This "signed" icon indicates that a message has been signed. When a signed message is received in Outlook '98, this icon appears to the left of the e-mail header in the inbox. When the signed message is opened, this icon is displayed in the lower right corner of the address pane.

You can sign individual messages or configure your e-mail security options to automatically sign all of the e-mail messages you send.

Signing Individual Messages

To sign an outgoing message:

  1. Click on the Digitally Sign Message button in the compose message window.
    Note: If you do not see this button, go to Setting Up Your Toolbar for Secure E-mail.

      This Digitally Sign Message button should now be highlighted.

    Note: Clicking again on the Digitally Sign Message button will remove your digital signature from the message.

Automatically Signing All Outgoing Messages

To configure your e-mail preferences to sign all messages:

  1. In Outlook ‘98, select Options from the Tools menu.
  2. Click on the Security tab.
  3. Enable the "Add digital signature to outgoing messages" checkbox.

    However, digitally signing a message does not prevent it from being intercepted and read by someone other than the intended recipient. To ensure that only the intended recipient can read the message, you should also encrypt the message.

Return to table of contents

Encrypting Your E-mail

The second step to securing your e-mail is to encrypt the messages that you send. E-mail messages are relatively easy for other people to intercept and read. The only way you can be sure that an e-mail message is private is to encrypt it so that only the intended recipient can read it. Encrypting messages with Outlook ’98 is as easy as signing them.

To encrypt a message, you need to have a copy of the intended recipient's Digital Certificate used for encryption. When you receive a signed message, you can store the sender's Digital Certificates in your address book. You can also retrieve correspondents' Digital Certificates from online directories. For more information about storing and maintaining Digital Certificates in your address book, (see Managing Contacts' Digital Certificates below).

This "encrypted" icon indicates that a message has been encrypted. When you receive an encrypted message, Outlook ‘98 automatically decrypts the message and displays the encrypted icon when the message is viewed.

You can encrypt individual messages or configure your e-mail security options to automatically encrypt all e-mail messages to recipients whose Digital Certificates are stored in your address book.

Encrypting Individual Messages

To encrypt an outgoing message:

  1. Click on the Encrypt Message button in the message window.
    Note: If you do not see this button, go to Setting Up Your Toolbar for Secure E-mail.

      This Encrypt Message button should now be highlighted.

    Note: Clicking again on the Encrypt Message button will toggle the encryption setting.

    encryptMessage2.gif (20115 bytes)

Automatically Encrypting Outgoing Messages

To configure your e-mail preferences to automatically encrypt outgoing messages to recipients whose Digital Certificates are stored in your address book:

  1. In Outlook ’98, select Options from the Tools menu.
  2. Click on the Security tab.
  3. Enable the "Encrypt contents and attachments for outgoing messages" checkbox.

Return to table of contents

Managing Contacts’ Digital Certificates

To send an encrypted message, you must have a copy of the recipient's Digital Certificate used for encryption in your address book. Outlook '98 enables you to view Digital Certificates stored in your Contacts folder and easily add and remove contacts' Digital Certificates.

Storing Digital Certificates from a received signed message

This is the simplest way to get somebody’s Digital Certificate so you can send them encrypted e-mail. When you receive a signed message from someone, you can easily store their Digital Certificates in your Contacts folder:

  1. Open the signed message from Outlook '98.
  2. Right mouse-click on the Sender's name in the address field.
  3. Select "Add to Contacts".
  4. If the Sender is not yet in your Contacts folder, a Contact window will appear. Enter any information you want to include, then click on the "Save and close" button. This automatically adds the Sender's Digital Certificates to your Contacts folder.
  5. If the Sender is already in your Contacts folder, you will get another dialog box where "Update this Contact" is selected. Click on OK, which will then bring up the Contact window. Just click on "Save and close", and this will add your contact's Digital Certificates to this contact in your contacts folder.
Importing Digital Certificates into the Contacts Folders

To import a previously downloaded Digital Certificate into your Contacts folder:

  1. Open "Contacts" from Outlook '98 (Click on the Contacts icon).
  2. If this is an existing contact, double click on your contact's name from the existing list. If this is a new contact, select New, then Contact from the File menu in your toolbar and enter your contact information in the Contact window.
  3. Select the Certificates tab in the Contact window.
  4. Click on the "Import" button
  5. Locate the Digital Certificate you just downloaded and click the Open button.
  6. Click on "Save and close".

Note that if the certificate is enabled for signature-only or for encrypting-only, you will only be able to use that certificate in conjunction with signature verification or for sending encrypted messages to the recipient.  If you require both capabilities, then you need to import both certificates for the contact.

Return to table of contents
Copyright © 2004 SimplySign - 4 Westwood House, Westwood Business Park, Coventry CV4 8HS