About digital signing, encryption, and smart cards

Digital signing, encryption, and smart cards help protect the privacy of your e-mail messages. These security measures are frequently used by corporations or government agencies that have a heightened security standard.

To better understand security and privacy concepts, refer to the following table of important terms and definitions.

Term

Definition

Certificate

Also known as a "digital ID" or "digital certificate." A certificate is a small file that is issued and verified by a third-party certification authority and is used when a message is digitally signed or encrypted.

For information about how to request a digital certificate from a certification authority, see Mac Help.

Digital signing

The process of using a certificate to send a message. Digitally signing a message helps the recipient verify that you are the authentic sender and that the contents of the message were not altered in transit.

To send a digital signature, you must have a certificate.

Encryption

A process of scrambling message text to help protect the privacy of the message. Only intended recipients can unscramble the text and read the contents of the message.

To encrypt a message, you must have your recipient's certificate saved in Outlook. Or, if your recipient is listed on an LDAP directory service, such as the global address list (GAL) with Microsoft Exchange Server, the recipient's certificate is published to the directory service and available to you together with other contact information.Or, if your recipient is listed on an LDAP directory service, the recipient's certificate is published to the directory service and available to you together with other contact information.

Your encryption certificate is used by other people to send encrypted messages to you. Outlook also uses your encryption certificate for encrypted messages that are stored in your Sent Items and Drafts folders.

S/MIME

A security standard that is built into many e-mail applications, including Outlook. To use digital signing and encryption, both the sender and recipient must have a mail application that supports the S/MIME standard.

Signing algorithm

A method for helping to protect the integrity of a digital signature. Outlook can create a digital signature with any of the following algorithms: SHA-512, SHA-384, SHA-256, and SHA-1. Of these four algorithms, SHA-1 is the most compatible with other S/MIME applications, and SHA-512 is the most secure.

Encryption algorithm

A method for encrypting a message and its attachments. Outlook can encrypt messages with any of the following algorithms: AES-256, AES-192, AES-128, and 3DES. Of these four algorithms, 3DES is the most compatible with other S/MIME applications, and AES-256 is the most secure.

Clear text

A method for sending digitally signed messages so that the contents of the message are readable for all recipients. A recipient without an S/MIME mail application can read a clear text message but can't verify the digital signature.

Smart card

An additional security-related layer for your messages. A smart card is a pocket-size digital identification card that stores your certificate. When you insert a smart card into a reader that is attached to your computer, the certificate temporarily becomes available to Outlook. You can use a smart card to digitally sign or encrypt your messages just as you would with a certificate that is stored on your computer. When the smart card is removed, the certificate is no longer available. Then, if your computer is lost or stolen, no one can use your certificate to digitally sign or encrypt a message.

See also

Send a digitally signed or encrypted message

About security in Outlook

About certificate key size

Share Facebook Facebook Twitter Twitter Email Email

Was this information helpful?

Great! Any other feedback?

How can we improve it?

Thank you for your feedback!

×