Trustis
www.simplysign.co.uk
Key Links Site Map FAQs
Home | About SimplySign | Get a Certificate | Terms & Conditions | Information | Contact Details | Online Help
Chamber SimplySign - Online Help

Using MS Outlook Express 5 Secure Email

Who's reading your email?  Imagine that the only way you could communicate with your clients, colleagues, partners and suppliers was through the picture postcard. Would that affect what you put down in writing?  It should!  Why is it then, that most people and businesses continue to communicate sensitive and sometimes critical information via email?  Of course we all want the benefits of email: the ability to communicate swiftly, cheaply and without regard to location or time zone.  But can we afford to bet our business or our personal fortunes on the chance that the email might be read or forged by others.

With Secure Email, you can now do something about it.  Digital Certificates used with an email program designed to take advantage of them make it possible to digitally sign your e-mail and to receive encrypted messages.  This means that when you send e-mail, the recipients will know without a doubt that it came from you and was not modified by someone else in transit, and that when you get incoming mail, you will know that only you can read it.

Contents
Setting up your Default Security Settings for Secure E-mail
Digitally Signing Your E-mail with Outlook Express 5
Signing individual messages
Automatically signing all outgoing messages
Encrypting Your E-mail
Encrypting individual messages
Automatically encrypting all outgoing messages
Managing Contacts’ Digital Certificates
Storing Digital Certificates from a received signed message
Importing Digital Certificates into Contacts Folder
Setting up your Default Security Settings for Secure Email

Outlook Express 5 does not support the use of separate certificates for signing and encryption (otherwise known as Dual Certificate support).  This separation is widely regarded to be good practice, and should be taken advantage of  wherever possible through the use of email applications such as Outlook98 that do support dual certificate operation, together with certificates that are themselves restricted to either encryption or signing operations.

In the recognition that Outlook Express 5 uses the same certificate for both encryption and signing purposes, before you can use Outlook Express 5 for sending signed email and receiving encrypted e-mail, you need to indicate which digital certificate is to be used.  To do this:
  1. In Outlook Express 5, from the menus, choose "Tools, Accounts"
  2. Select the "Mail" tab and then select the email account you wish to work with
  3. Click on the "Properties" button
  4. Select the "Security" tab - a dialogue box like the one shown will appear
  5. Ensure that 'Use a digital ID when sending secure messages from: name@mail-address' is selected
  6. Click on the "Digital ID" button.
  7. This will bring up a new dialogue box
    Choose the certificate you want to use with this email account, then click on the "OK" button
    Note that only the digital certificates with the same e-mail address as the e-mail address for the account will be shown
  8. Click on the "OK" button in the email account properties dialogue box
 ChangeSettings.gif
  1. In Outlook Express 5, select Options from the Tools menu.
  2. Click on the Security tab.
  3. Click on the "Advanced" button - the dialogue box shown will appear
    1. Using the drop-down list, choose the minimum encryption strength for outgoing messages that can be sent without warning you (this is a matter of personal or corporate choice, but a selection of 128 bits would provide a good indicator of whether you were sending with stong security or not).
    2. Using the drop-down list, choose the encryption level you wish to receive, (at time of writing, recommend 3DES where available, otherwise in order of preference: RC2-128bit, DES, RC2-40bit)
    3. Check the box marked "Always encrypt to myself when sending encrypted mail"
    4. Check the box marked "Include my digital ID when sending signed messages"
    5. Checking the box marked "Encode message before signing (opaque signing)" will mean that recipients of your signed messages will not be able to read the message until their email program has checked your digital signature.  This means that any recipient who does not have a secure email program with S/MIME capabilities will not be able to read your messages, even though they may not be encrypted.  If you wish to allo anyone to read your signed messages, whether S/MIME enabled or not, leave this box clear.
    6. To have Outlook Express 5 automatically add a contact's digital certificate to your address book when they send you a secure email, check the box marked "Add senders' certificates to my address book"
    7. Under "Check for revoked Digital IDs", select "Only when online"
    8. Click on the "OK" button
  4. Click on the "OK" button
 ChangeSettings.gif (8069 bytes)

Return to table of contents

Digitally Signing Your E-mail with Outlook Express 5

Digitally signing a message lets the recipient know that the message and any attachments really came from you, and haven't been tampered with. When sending a digitally signed message, the recipient need not be using an S/MIME-enabled e-mail package. The recipient can still read the message-- your digital signature simply shows up as an attachment.

This "signed" icon indicates that a message has been signed. When a signed message is received in Outlook Express 5, this symbol appears to the left of the e-mail header in the inbox. When the signed message is opened, this icon is displayed in the upper right corner of the address pane.

You can sign individual messages or configure your e-mail security options to automatically sign all of the e-mail messages you send.

Signing Individual Messages

To sign an outgoing message:

  1. Click on the Digitally Sign Message button in the compose message window. iconSigned.gif

    Note: Clicking again on the Digitally Sign Message button will remove your digital signature from the message.

    signMessage.gif

Automatically Signing All Outgoing Messages

To configure your e-mail preferences to sign all messages:

  1. In Outlook Express 5, select Options from the Tools menu.
  2. Click on the Security tab.
  3. Enable the "Digitally sign all outgoing messages" checkbox.

    securityMail.gif

    However, digitally signing a message does not prevent it from being intercepted and read by someone other than the intended recipient. To ensure that only the intended recipient can read the message, you should also encrypt the message.

Return to table of contents

Encrypting Your E-mail

The second step to securing your e-mail is to encrypt the messages that you send. E-mail messages are relatively easy for other people to intercept and read. The only way you can be sure that an e-mail message is private is to encrypt it so that only the intended recipient can read it. Encrypting messages with Outlook ’98 is as easy as signing them.

To encrypt a message, you need to have a copy of the intended recipient's Digital Certificate used for encryption. When you receive a signed message, you can store the sender's Digital Certificates in your address book. You can also retrieve correspondents' Digital Certificates from online directories. For more information about storing and maintaining Digital Certificates in your address book, (see Managing Contacts' Digital Certificates below).

This "encrypted" icon indicates that a message has been encrypted. When you receive an encrypted message, Outlook Express 5 decrypts the message and displays the encrypted icon when the message is viewed and the correct private key password is entered.

You can encrypt individual messages or configure your e-mail security options to automatically encrypt all e-mail messages to recipients whose Digital Certificates are stored in your address book.

Encrypting Individual Messages

To encrypt an outgoing message:

  1. Click on the Encrypt Message button in the message window. iconEncrypt.gif
    Note: Clicking again on the Encrypt Message button will toggle the encryption setting.

    encryptMessage3.gif

Automatically Encrypting Outgoing Messages

To configure your e-mail preferences to automatically encrypt outgoing messages to recipients whose Digital Certificates are stored in your address book:

  1. In Outlook Express 5, select Options from the Tools menu.
  2. Click on the Security tab.
  3. Enable the "Encrypt contents and attachments for all outgoing messages" checkbox.

    securityMail.gif

Return to table of contents

Managing Contacts’ Digital Certificates

To send an encrypted message, you must have a copy of the recipient's Digital Certificate used for encryption in your address book. Outlook Express 5 enables you to view Digital Certificates stored in your Address Book and easily add and remove contacts' Digital Certificates.

Storing Digital Certificates from a received signed message
This is the simplest way to get somebody’s Digital Certificate so you can send them encrypted e-mail. When you receive a signed message from someone, you can easily store their Digital Certificates in your Address Book:
  1. Open the signed message with Outlook Express 5.
  2. On the File menu, click Properties.
  3. Click the Security tab, and then click "Add to Address Book".
    When a contact has a digital ID, a red ribbon is added to their entry in your Address Book
 addtoaddrbook.gif (6564 bytes)
Importing Digital Certificates into the Contacts Folders

To import a previously downloaded Digital Certificate into your Contacts folder:

  1. In Outlook Express 5, create a new contact or open an existing one in your Address Book
  2. Choose the  "Digital ID's" tab
  3. Click on the "Import" button
  4. Locate and select the Digital Certificate you just downloaded and click the Open button.
  5. Click on "Save and close".

Return to table of contents
Copyright © 2004 SimplySign - 4 Westwood House, Westwood Business Park, Coventry CV4 8HS