Step-by-Step Guide to Public Key Features in Outlook Express 5.0 and Above

  • Article

This step-by-step guide explains basic features related to Public Key Infrastructure (PKI) in Microsoft® Outlook® Express messaging and collaboration software version 5.0 and above. In particular, it describes how to configure Outlook Express to send signed and encrypted e-mail messages using the Secure Multipurpose Internet Mail Extensions (S/MIME) secure mail standard.

On This Page

Requirements
Configuring Outlook Express
Sending Digitally Signed Messages Using Outlook Express
Obtaining a Copy of Someone's Public Encryption Key or Certificate
Sending Digitally Encrypted Messages Using Outlook Express
Related Links

Requirements

You must be running the Windows 2000 operating system. The most current information about hardware requirements and compatibility for servers, clients, and peripherals is available at the Windows 2000 product compatibility site https://www.microsoft.com/windows2000/server/howtobuy/upgrading/compat/default.asp.

Configuring Outlook Express

This guide assumes that you have already configured Outlook Express to send and receive mail through your mail server. Here are the steps needed to configure Outlook Express to generate S/MIME Secure Mail messages.

  1. From the Tools menu, click Accounts, and then click the Mail tab. Select your mail account, and click the Properties button. Click the Security tab to display security-related properties for your mail account.

  2. In the Signing certificate area, click Select. The Select Default Account Digital ID dialog box appears.

  3. Click the certificate you'd like to use. Outlook Express recognizes only those certificates for S/MIME use that include your e-mail address in the certificate's Subject field.

  4. Click Apply, and then click OK to close the Select Default Account Digital ID dialog box.

  5. Click OK to close the Properties dialog box for your mail account.

  6. Click Close to close the Internet Accounts dialog box.

  7. On the Tools menu, click Options. Then click the Security tab.

  8. If you want to digitally sign all e-mail that you send, select the Digitally sign all outgoing messages option. (You can also add digital signatures to messages on a per-message basis as described below.)

  9. If you want to encrypt all e-mail that you send, select the Encrypt contents and attachments for all outgoing messages option. (You can also encrypt individual messages on a per-message basis as described below.)

  10. Click the Advanced Settings button. The Advanced Security Settings dialog box appears (see Figure 1).

    Figure 1: Advanced Security Settings

    Figure 1: Advanced Security Settings

  11. Confirm that the Always encrypt to myself when sending encrypted mail option is selected in the Encrypted messages section. (Selecting this option ensures that you are able to decrypt the encrypted messages you send.)

    Confirm that the following options are selected in the Digitally Signed messages section:

    • Include my digital ID when sending signed messages.

    • Add senders' certificates to my address book.

  12. If you'd like to enable certificate revocation checking when online, select the Only when online option in the Revocation Checking section. Revocation checking is not enabled by default. (Revocation is the process of undoing the digitally signed statement contained within a digital certificate. When revocation checking is enabled and a digitally signed message is received, Outlook Express attempts to verify that none of the certificates that validate the public key used to sign the message have been revoked.)

  13. Click OK to close the Advanced Security Settings dialog box.

  14. Click Apply, and then click OK to close the Security Options property page.

Sending Digitally Signed Messages Using Outlook Express

  1. Click on the New Mail button, or, click New Message on the Message menu to create a blank message.

  2. In the To field, type in your e-mail address or another person's e-mail address.

  3. Add text to the Subject and body areas of the message window.

  4. Click the Digitally sign message icon to request that the message be digitally signed. The icon has a picture of an envelope with a red ribbon over it (the ribbon turns red when your mouse hovers over the toolbar button).

  5. Click Send to send the signed message.

  6. If you are using a smart card, the Select Card dialog box appears if the requested card is not present in the reader. Select the reader where the card is inserted, and click OK.

    When you are prompted for your PIN, type your PIN and click then OK.

  7. If the message does not disappear from your Outbox, click the Send and Receive button to manually send the message to your outbound mail server.

Obtaining a Copy of Someone's Public Encryption Key or Certificate

An encryption certificate belonging to your intended recipient contains a copy of his or her public encryption key. One way to get a copy of a public encryption key is to have your intended recipient send you a digitally signed message. To save copies of the digital certificates sent with a signed message:

  1. Open a signed message (as denoted by the red ribbon attached to the envelope icon in your Inbox).

  2. Right-click on the name of the sender in the From field and select Add to Address Book. Then click OK to add the user and his or her public-key certificate to your Outlook Express Contacts lists.

Sending Digitally Encrypted Messages Using Outlook Express

To send an encrypted message, you must first have a copy of the intended recipient's public encryption key or encryption certificate (the certificate contains a copy of the public key). In this section, we assume that you have already obtained the recipient's public key certificate and that the recipient is in your Contacts list.

To send an encrypted mail message:

  1. Click the New Mail button to create a blank message.

  2. In the To field, type in your e-mail address or another person's e-mail address.

  3. Add text to the Subject and body areas of the message window.

  4. Click the Encrypt message icon to request that the message be digitally signed. The icon has a picture of an envelope with a blue lock over it (the lock turns blue when your mouse hovers over the button).

  5. Optional: If you also want to digitally sign the message, then select the Digitally sign message icon in addition to the Encrypt message icon.

  6. Click Send to send the encrypted message.

  7. If you are using a smart card, the Select Card dialog box appears if the requested card is not present in the reader. Select the reader where the card is inserted and click OK.

    When you are prompted for your PIN, type your PIN and click OK.

Step-by-Step Guide to a Common Infrastructure for Windows 2000 Server Deployment:
Installing a Windows 2000 Server as a Domain Controller
https://www.microsoft.com/windows2000/techinfo/planning/server/serversteps.asp
Windows 2000 Server Online Help
https://windows.microsoft.com/windows2000/en/server/help/
Windows 2000 Planning and Deployment Guide
https://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/w2rkbook/dpg.asp