Now that you know how to secure the individual items within Outlook and secure your computer, you can take security one step further by learning to send secure messages. Sending secure messages is a bit like requiring a driver's license when making a credit card purchase. A digital certificate guarantees that you are who you say you are much like your driver's license assures a retail store that you're really the same person whose name is on the credit card. A digital certificate is an electronic driver's license, in a way. Composed of a public and private key, a certificate can accomplish two things. First, it can assure the recipient of your email that it really did come from you. Second, it can guarantee that the email wasn't changed between the sender's machine and the recipient's machine. Using CertificatesAs alluded to previously, a certificate can provide two very valuable services: authentication and encryption. You can use a certificate for authentication to verify that the person sending you email is the same person who owns the email address the email was sent from. In other words, I can't send an email from john@doe.com unless my email account actually is john@doe.com. I can't spoof an email address and attach a digital certificate to the email at the same time. Encryption involves taking your plain text email messages and encoding the data so that only the intended recipient can decode the data. Your recipient must have a copy of your public key to decrypt the email message. Anyone else who might try to intercept the email message and open it would see only garbage where the text should be. NOTE A certificate works by using the Secure Multipurpose Internet Mail Extensions (S/MIME) protocol that Outlook supports. You can exchange secure messages with anyone who uses an email client that supports S/MIME. A certificate is made up of two parts: a private key and a public key. The private key is stored on your computer, in the Windows Registry. It isn't known or distributed to anyone. You can use your private key to sign the messages you send. The public key is a file that you can send to others who want to send you encrypted messages. You can attach the public key to your contact record and share it with others by sending them your contact record. When someone wants to send you an encrypted email, they must use your public key. When you receive the email, you use your private key to decrypt that email. If you want to receive encrypted messages from someone with a digital certificate, you must have a copy of her public key available and attached to her contact record in your Contacts folder. Obtaining a CertificateYou can obtain a certificate from a certificate authority (CA). Two of the most popular CAs are VeriSign and Thawte. VeriSign offers a free trial digital certificate that's valid for 60 days. If you want to continue using that digital certificate, the price at the time this book was written was $14.95 per year. Thawte offers a free personal digital certificate. To obtain a digital certificate from either of these companies, you need to connect to its Web site and register with a valid email address. You'll receive a confirmation email that requires you to validate your email address before you receive your digital certificate. After you receive your digital certificate, you can set up Outlook to use that digital certificate to send and receive signed and encrypted email. Setting Up CertificatesWhen you sign up for a digital certificate from a certificate authority, it will send you a confirmation email, usually with a PIN that you must enter on the CA's Web site to download and install your digital certificate. After you've downloaded the digital certificate, use the following steps to install that certificate in Outlook 2003:
You've now completed the setup for your digital certificate and you're ready to send and receive signed messages. Backing Up Your Digital CertificateAfter you've installed and configured your digital certificate, you can use the following procedure to make a backup copy. A backup copy can be helpful in case of a hard drive failure or if you need to change computers.
You should keep the backup copy of your digital ID in a safe place. It's a good idea to back up the file to a CD or disk and keep that copy in a fire safe or somewhere secure. Importing a Digital ID from a BackupIt is relatively simple to import a digital ID from a backup copy. Use the following steps to import a digital ID:
NOTE After you install your digital ID, Outlook automatically adds two buttons to your email toolbar: Sign and Encrypt. You can use these buttons to sign messages you send to others. |