Sending and Receiving Signed Messages

When you've installed and configured your digital ID, you can have Outlook automatically attach your digital ID to all messages you send, or manually attach the digital ID to specific messages you send. There's usually nothing wrong with attaching a digital ID to every message you send, but there are a few circumstances in which you might not want to do so:

• If you routinely send email to recipients who can't decode digitally signed email (such as to a cellular phone or PDA), there's really no benefit to sending an email with a digital ID.

• If the size of an email is ever an issue, consider not including your digital ID unless you absolutely need to. An email with an attached digital ID is at least 6KB larger than an identical email sent without the digital ID. Although this isn't a large amount, the extra KB can add up if you send many emails.

Outlook's default setting is to not automatically attach a digital ID to every outgoing email. To change this, select Tools, Options, and click the Security tab. Check the box marked Add Digital Signature to Outgoing Messages. Doing so automatically adds a digital signature to every outgoing message you send. If you need to send a message without a digital signature, you can always click the Digitally Sign button on the toolbar of the message while composing it to remove the digital signature on a per-message basis. The digitally sign icon looks like an envelope with a red certificate attached.

Sending a Signed Message

After you've configured your security settings, you can use them to send and receive signed messages. The recipient of your email can examine the digital signature attached to your message to verify that you are who you say you are.

A digitally signed message actually contains two separate copies of the message. The first is an unencrypted copy of the message. The second part is an encrypted version of the same message. When the recipient opens the message, the encrypted version and the unencrypted version are compared. If they match, the certificate is valid and the item is opened normally. If the two versions do not match, the recipient receives a warning that the digital signature is invalid and the message has been changed.

Using the Digitally Sign toolbar button is the easiest way to sign an outgoing message. However, you can also view your security settings through the Message Options dialog box. From this dialog box, you can customize your security settings for the individual message.

To customize the security settings for a message, click the Options button on the message toolbar to display the Message Options dialog box. Click the Security Settings button to display Figure 25.13.

If you've configured Outlook to automatically add a digital signature to all outgoing messages, the Add Digital Signature to This Message box should already be checked. You can choose the default value, Send This Message as Clear Text Signed, if you want recipients who don't have S/MIME security to be able to read your messages. To verify that your digital signature is being validated by recipients and to request confirmation that the message was received unaltered, select the Request S/MIME Receipt for This Message check box. This check box also provides notification telling you who opened the message and when it was opened. If you have multiple certificates installed on your computer, you can use the Security setting drop-down list to choose a specific certificate or you can accept the default automatic setting. This setting uses the values you specified in the Security tab of the Options dialog.

Click OK to save your security settings. Click Close to close the Message Options dialog box and return to your email message. When you send your email message, a digital signature will be attached to the message.

Receiving a Signed Message

Several things happen when you receive a signed message. When you receive the message, the Reading Pane displays an additional line in the message header, as shown in Figure 25.14.

To view a digital signature attached to a message, click the red certificate on the right of the Reading Pane to display Figure 25.15.

You can view the holder of the digital certificate and the certificate's current status. For more information about the digital certificate, click the Details button to view the Message Security Properties dialog box shown in Figure 25.16.

This dialog box shows extended information about the security layers attached to the message. One message can have multiple signature layers depending on the level of security used to send the message. For each signer, you can view the date and time the message was signed. If you want to edit the level of trust for this certificate, click Edit Trust. You can choose from Inherit Trust from Issuer, Explicitly Trust This Certificate, or Explicitly Don't Trust This Certificate. Use the other tabs in this dialog to view detailed information about the certificate.

You can also click the View Details button to view additional status information about the digital certificate, as shown in Figure 25.17. You can view the message format, signer, signing time, digest algorithm, signature algorithm, and certificate status.

Click Close three times to return to the original email message.