Overview of certificates and cryptographic e-mail messaging in Outlook
You can help prevent impersonation and tampering of e-mail messages in Microsoft Office Outlook 2007 by using cryptographic features such as S/MIME, digital signatures, and encryption.
The following introduces the basic terminology of cryptography and explains some of the common methods used.
In this article
Using cryptography for more secure communications
Cryptography is a set of standards and protocols for encoding data and messages, so that they can be stored and transmitted more securely. Even when the transmission medium (for example, the Internet) is untrustworthy, you can use cryptography to encrypt your sensitive files — so that an intruder is less likely to understand them — and ensure data integrity as well as maintain secrecy.
You can verify the origin of encrypted data and messages by using digital signatures and certificates. When you use cryptographic methods, the cryptographic keys must remain secret. However, the algorithms, key sizes, and file formats can be made public without compromising security.
The two fundamental operations of cryptography are encryption and decryption. Encryption involves scrambling the data in such a way that it is impossible to deduce the original information. While in decryption, scrambled data is turned back into the original text by using a cryptographic key.
In order to encrypt and decrypt, you need an encryption algorithm and a key. Many encryption algorithms exist, including Data Encryption Standard (DES), Rivest/Sharmir/Adleman (RSA) encryption, RC2, and RC5. In each of these options, a key is used in conjunction with the algorithm to convert the plaintext (readable by people) into cipher text (scrambled and unreadable by people).
DES, RC2, and RC5 are known as symmetric key technologies, or secret key cryptographies, because the key used to encrypt the data is used to decrypt it as well. Hence, the key must be a shared secret between the party encrypting the data and the party decrypting it.
RSA is known as public key cryptography, or asymmetric cryptography, because it uses two keys: a public key and a private key. The keys are mathematically related, but you cannot figure out one without knowing the other. The private key is kept private — only the party generating the key pair should have access to it. The public key can be freely shared over an insecure medium such as the Internet. With public key systems, there is no shared secret between the two parties. If the public key is used to encrypt the data, then only the private key can decrypt it. Similarly, if the private key is used to encrypt the data, then only the public key can decrypt it.
Using certificates for cryptographic e-mail messaging in Outlook
Outlook uses certificates in cryptographic e-mail messaging to help provide more secure communications. To use cryptography when you send and receive e-mail messages, you must first obtain a digital ID from a certificate authority (CA). Digitally signing a message applies the sender's certificate and public key to the message. Your certificate is sent with the message to help authenticate you to the recipient. You also use a certificate in Outlook when you encrypt messages.
Certificates are validated by means of a certificate hierarchy. The root certificate authority is at the top of a certification hierarchy and is the most trusted CA. The root CA has a self-signed certificate, so it is important to obtain certificates only from certificate authorities that are known and trusted.
You can learn more about the characteristics of one of your own certificates or a certificate that is attached to an e-mail message that you received). For example, you can:
View the certificate trust hierarchy and see who issued the certificate at the top of that hierarchy.
Determine the signature algorithm used by the certificate (for example, RSA/SHA1).
Determine the encryption algorithm used by the certificate (for example, 3DES).
To view information about a certificate that has been used to encrypt or digitally sign an e-mail message that was sent to you, open the message and click the cryptographic button on the far right in the header, for example, Encrypted or Signed . For messages that are signed, or encrypted and signed, in the next dialog box, for example, the Digital Signature: Valid dialog box, click Details.
In the Message Security Properties dialog box, you see the properties of the message, including the security layers. You can click a security layer to see a description of that layer.
You can also view additional information about the certificate or make changes to a security layer. For example, you may want to find out why Outlook has determined that a certificate for an e-mail message is invalid or not trusted. In some scenarios, you can also take steps to correct the status of the certificate. For example, you can choose to trust the CA that issued the certificate, if that is why a digital signature certificate is not trusted. You can also do the following:
To make changes to the trust status of the certificate, click the signature layer or encryption layer, and then click Edit Trust.
To see additional information about the encryption of a message or the digital signature on a message, click the signature or encryption layer, and then click View Details.
To trust all messages signed by a certificate authority, click the signature layer, and then click Trust Certificate Authority.