Sign & Encrypt E-Mail - Outlook 2013
This article will walk you through Signing & Encrypting e-mail in Outlook 2013.
Note: Provided you have a client digital certificate, you can digitally sign an e-mail to any recipient. Digitally signing a message with the settings specified in prerequisite #3 will also send the recipient your public key. The recipient can then use your public key to send you an encrypted message. This message can only be decrypted with your private key which should never leave your system. In order to send an encrypted message to someone else, you will first need a signed e-mail from them; in turn you can use their public key to send them an encrypted message that only they can read.
Before you are able to sign and/or encrypt e-mails in Outlook, you must first:
- Download a PersonalSign certificate
- Import your PersonalSign certificate to the Windows Certificate Store
- Configure your certificate in Outlook 2013.
- Compose a new E-Mail
- Switch to the Options tab and click Sign E-Mail
- Press send, the message will be digitally signed.
Saving a Contact's Public Key
- Before you can send an encrypted message, you must first save the public key of the recipient. Request that they send you a signed e-mail. A red ribbon will appear on an e-mail to indicate it is signed:
- Right click on the sender's name and click Add to Outlook Contacts
(Do this even if they are already a contact)
- Enter the details of the new contact, click Save. If they are an existing contact, choose Yes to update the contact details.
Note: When you add or update a contact directly from a signed e-mail, Outlook will pull in the sender's public key and associate it with the contact details. Now when you try and send an encrypted e-mail, it will know what certificate to use for the recipient.
Now that you have the public key of the intended recipient saved, you can compose an e-mail and use the Encrypt feature.
- Compose an e-mail in Outlook.
- On the Options tab, click Encrypt and Sign.
- Press Send. The message will be both signed and encrypted. A lock icon will appear on messages that are encrypted.
When you reissue or renew your GlobalSign certificate, you will get a unique keypair each time. This means that the new certificate will not be able to decrypt past e-mails that were encrypted with your old certificate. For this reason, make sure you keep your old certificates installed on your computer. Even if they are expired, they still have the functionality to decrypt your old e-mails.