About certificate key size

certificate for digitally signing or encrypting e-mail messages are measured in terms of "key size," with the larger key sizes generally offering an increased level of security. We recommend that certificates have a key size of 1,024 bits or more. Using a certificate of this size makes it extremely difficult to forge a digital signature or decode an encrypted message.

When you send a digitally signed message, Outlook uses the signing certificate that you have identified for that mail account. If you identify a certificate with a key size that is smaller than 1,024 bits and then send a digitally signed message, Outlook warns you that the certificate's key size is smaller than what is recommended.

When you send an encrypted message, Outlook uses your contact's digital certificate that is saved in your address book. Or, if your recipient is listed on an LDAP directory service, such as the global address list (GAL) with Microsoft Exchange Server, the recipient's certificate is published to the directory service and available to you together with other contact information.Or, if your recipient is listed on an LDAP directory service, the recipient's certificate is published to the directory service and available to you together with other contact information.

If your recipient's certificate key size is smaller than what is recommended, Outlook will notify you. But because your recipient has chosen that certificate, it would be up to him or her to get a new certificate with a larger key size.

See also

Send a digitally signed or encrypted message

About digital signing, encryption, and smart cards

Share Facebook Facebook Twitter Twitter Email Email

Was this information helpful?

Great! Any other feedback?

How can we improve it?

Thank you for your feedback!

×