Office & Productivity Software forum

General discussion

Encryption and signing in Outlook 2010

by Bill Osler / August 1, 2010 11:26 AM PDT

I'm migrating to a new computer with Outlook 2010. I'm not connected to Exchange server. The PC runs Win 7 Pro.
I'm used to using Thunderbird for secure email and I don't know if I understand all the ins/outs with Outlook 2010.
When I receive a digitally signed email in Thunderbird I can save/export the certificate from the email and IIRC the program automagically associates the certificate with the sender of the email. I can view the public certificates that are available fairly easily.
In Outlook 2010 I can import my own certificates via the Trust Center but I have not figured out what to do about getting public certificates for my correspondents. As far as I can tell, just reading a signed email is not enough to associate the public certificate with the source email address.
I have not found a way to archive the digital certificates from received email messages, but I did eventually figure out how to import one of the certificates that I used in Thunderbird on my old PC.
Does anybody know of a good, minimally technical resource I can use to sort out the process?
Thanks.

Post a reply
Discussion is locked
You are posting a reply to: Encryption and signing in Outlook 2010
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Encryption and signing in Outlook 2010
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
No real answer from me
by MarkFlax Forum moderator / August 1, 2010 8:16 PM PDT

but may I ask whether you have considered continuing to use Thunderbird on your new system?

I have a Win 7 laptop with Thunderbird installed and it works well.

Mark

Collapse -
I have considered Thunderbird ...
by Bill Osler / August 1, 2010 8:28 PM PDT
In reply to: No real answer from me

Thunderbird works OK as an email client, but I don't like Open Office (too many annoying incompatibilities) and Outlook integrates better than Thunderbird with programs I use frequently.
I guess I'm losing whatever geek credentials I used to have.

Collapse -
No real answer from me, either
by FHG07093 / August 3, 2010 11:55 AM PDT

Sorry, Bill. Another "helpful suggestion" but not a direct answer to your question!

Since you're using Outlook, have you considered trying ePostal Services? It's not free, but nearly so (15 cents 'postage') and you can pre-pay the return postage if you want your recipient to reply to you with another encrypted email and don't want to make them incur the cost. It fully integrates into Outlook -- just a different Send button. And it does email tracking and differentiation, too. You just choose what you want when you send the message, if you want anything -- you only use it when you need it. It's pretty cool. Personally, I use it to share web server login creds with clients and to send MYSELF all my various site passwords (you can encrypt to store, too).

Collapse -
I hadn't heard of that service
by Bill Osler / August 3, 2010 12:23 PM PDT

It's an interesting idea. I'm not sure I want to pay for the privilege but it bears consideration.

Collapse -
I learned a lot in this process ...
by Bill Osler / August 5, 2010 10:18 AM PDT

It turns out that it's not hard to access the public certificate of an email received by Outlook 2010. I just don't think it's completely intuitive. There's an icon showing that the message is signed. The user has to click the icon and work through several menus to 'copy' a certificate (not 'save' or 'export' as I would have expected) so that the certificate can be stored on disk and then imported into the properties of the appropriate contact in the address book. I wonder if they could have made it any less user friendly?

I also discovered that by default it is not possible to send an encrypted email from Outlook 2010 to Thunderbird. The Mozilla developers and MS developers have each blamed the other group, and MS has offered a workaround but as a user it just leaves me frustrated.

Collapse -
Good to see you have managed to go forward with this
by MarkFlax Forum moderator / August 5, 2010 7:52 PM PDT

despite the disagreements between Microsoft and Mozilla. Sad that such an important part of the email system is complicated by rivalry and non-cooperation.

Mark

Collapse -
I'm surprised it is not a bigger deal.
by Bill Osler / August 5, 2010 8:41 PM PDT

I know that setting up secure email is a hassle, and maybe I'm just paranoid, but I am really careful about what I put into email. Email is far and away the easiest way to exchange information between home and office since I don't always carry my flash drive, but email is inherently insecure. The threat is probably small, but why run risks at all?

Apparently I am in the minority regarding this. I am frequently astounded by what people are willing to put into email messages. Emails with personal information? Sure, why not. Messages that contain passwords? I get them all the time. It's unbelievable! If the majority of people used secure email then interoperability problems like this would be huge and both the MS and Mozilla folks would be receiving a lot of pressure to fix it. As it is, I don't know when the two products will talk to each other by default. I don't count the registry edit as a fix (even though I used it and it works) because the majority of users don't have any business grubbing around in their registry. If the companies were serious about a fix they would make it easier.

For that matter, if developers were serious about making secure email available to average users they would make the whole process easier. Setting up encrypted email is FAR too difficult for the average user in every email program I have ever used. Setting aside the hassle of figuring out how to get a certificate (for EVERY person in the process) why should it take large numbers of steps to install the certificate and associate it with the correct email addy? But that's another subject.

FWIW: I know convincing people about email security is a losing battle. I can't even convince my wife not to store our children's social security numbers in her smart phone.

Collapse -
Simpler way
by papa_vector / September 17, 2010 5:34 AM PDT

Right-click on the sender and "Add to Outlook Contacts". If you already have the contact in your Contacts folder, it will offer to update when you click "Save & Close". Certificates are automatically included / updated when you do this.

Collapse -
Yeah, I eventually figured that out ...
by Bill Osler / September 17, 2010 6:10 AM PDT
In reply to: Simpler way

It's not quite intuitive since there is no option listed to update the contact to begin with, but it does work. Thankfully.

Collapse -
Solved
by papa_vector / September 17, 2010 5:59 AM PDT

Here's the issue. MS implemented another part of the RFC that isn't commonly implemented yet. There's a registry hack for Outlook 2010 to cause it to revert to previous behavior:
http://support.microsoft.com/kb/2142236

Collapse -
Well, solved for me but not in the way you meant.
by Bill Osler / September 17, 2010 6:23 AM PDT
In reply to: Solved

The problem is NOT really solved, but there is a sort of workaround. You linked to the registry hack I alluded to in a previous post. It works but it requires a couple of things:
Access to the Registry (not a given in a corporate environment)
and
Cooperation from the guy who is using Outlook. IOW it only 'solves' the problem for the Thunderbird user if the OTHER person applies the fix. That's not quite a solution.
What you did not mention is that there was yet another obstacle (a bug in Thunderbird's implementation of encryption) that has since been fixed. When I first posted about the problem, Thunderbird could not read ANY of the affected messages. Since the bug fix, Thunderbird can read SOME of the affected messages, depending on some arcane details in the security certificates.
Unfortunately, the Thunderbird developers and the MS developers are both (at least somewhat) blaming the other group for the problem, and the Thunderbird developers are so confident that MS is wrong that they DO NOT plan to fix Thunderbird's behavior. Their feeling is that it's Microsoft's problem to fix. I'm not holding my breath on that one. As a non-cryptography person I only partially understand what they are arguing about and I certainly don't know who is 'right' about the standards. As a user I don't really care, I just want it to work. It doesn't.

I chose a simpler solution. I stopped using Thunderbird. Problem solved.

Collapse -
Just as a side note.
by Reaping666 / April 18, 2012 4:20 AM PDT

I know the last post is from 2010 but I found a nice little tool for en-/decryption in OUtlook 2010 called "gpg4o".

For more information visit gpg4o Homepage

Popular Forums
icon
Computer Help 51,224 discussions
icon
Computer Newbies 10,453 discussions
icon
Laptops 20,090 discussions
icon
Security 30,722 discussions
icon
TVs & Home Theaters 20,937 discussions
icon
Windows 10 1,295 discussions
icon
Phones 16,252 discussions
icon
Windows 7 7,684 discussions
icon
Networking & Wireless 15,215 discussions

CNET's Oh, Snap! Sweepstakes

Enter for a chance to win* a 360-degree camera

Do you Snapchat? We want you to snap for this sweepstakes and give you the chance to get your hands on the Theta S so you can make your very own 360-degree videos.