Using a digital ID, you can digitally sign your e‑mail to prove your identity. You can also use a digital ID to encrypt messages, keeping them private. Here are answers to some common questions about using digital IDs with Windows Mail.
Digital IDs, sometimes referred to as certificates, allow recipients to verify that an e‑mail was actually sent by you. It's very easy to forge e‑mail return addresses, and using a digital ID helps a recipient know that a message actually came from you. Also, when traveling across the Internet, standard e‑mail messages are the digital equivalent of postcards—they can be read, or even altered, along the way. Digital IDs can be used to encrypt messages, hiding their contents, and they indicate whether a message has been altered in transit to the recipient.
In many businesses, your system administrator will provide you with a digital ID. To obtain a digital ID for personal use, you'll need to obtain one from a certification authority, which is an organization that offers digital IDs.
To set up your digital ID
1.
Open Windows Mail by clicking the Start button , clicking All Programs, and then clicking Windows Mail.
2.
Click the Tools menu, and then click Options.
3.
Click the Security tab, and then, under Secure Mail, click Digital IDs.
4.
Click Import, and then follow the instructions to import your digital ID.
Typical unencrypted e‑mail messages are sent across the Internet in a plain text format, and as they travel to their recipients, they can potentially be read by prying individuals or automated programs. Encrypted messages are messages signed with a digital ID that are sent in a scrambled format that can only be read by your recipient. However, both the sender and recipient must have copies of each other's digital ID to be able to send and read encrypted messages.
Encryption format information for advanced users
Windows Mail is compatible with the Secure/Multipurpose Internet Mail Extensions (S/MIME) version 2 and 3 specifications, and supports the following encryption algorithms: RC2 (40-bit and 128-bit), DES (56-bit), and 3DES (168-bit). Windows Mail can decrypt RC2 (64-bit) encrypted e‑mail, but cannot send messages using this algorithm.
Windows Mail can use only SEA-1 as the hashing algorithm when signing messages. The bit length of your private key varies, depending on the certification authority from which you obtain it and the process used in generating the key.
The private keys are stored on your computer and are only as secure as your computer. Private keys installed using Microsoft cryptographic system components will not be transmitted to the certification authority that issues the digital ID; the keys are not stored in escrow with any government agency.
While composing a message, click the Tools menu, and then click Encrypt.
NoteBefore sending an encrypted message, you must have a digital ID in Windows Contacts for each intended recipient. If you need a digital ID for your recipient, have your recipient send you a digitally signed message. Whenever you receive a digitally signed e‑mail message, Windows Mail automatically adds the sender's digital ID to your Windows Contacts.
You can read a digitally signed message the same way you would read any other message. To provide further assistance, Windows Mail displays a help screen the first time you open or preview a digitally signed message.
After you send a digitally signed message to a contact, you can read an encrypted message from that person the same way you would read any other message.
To provide further assistance, Windows Mail displays a help screen the first time you open or preview an encrypted message.
If you receive a secure message that has a problem (for example, the message was tampered with or the digital ID of the sender is expired), you will see a security warning that details the problem before you are allowed to view the contents of the message. Based on the information in the warning, you can decide whether to view the message.
If you read a digitally signed message while connected to the Internet, Windows Mail will verify the validity of the message by requesting information on the digital ID from the appropriate certification authority. The certification authority sends back information on the status of the digital ID, including whether the ID has been revoked. Certification authorities keep track of certificates that have been revoked due to loss or termination.
To view the validity status of a digital ID while reading a message, click the File menu, click Properties, and then click the Security tab.
Digital IDs used by Windows Mail are stored in Windows Contacts. Whenever you receive a digitally signed e‑mail message, Windows Mail automatically adds the sender's digital ID to your Windows Contacts. In some circumstances, you may want to manually add a digital ID to a contact. For example, if the contact listed in the e‑mail message doesn't exactly match the name of the existing contact in Windows Contacts, the digital ID will be stored in a new contact instead of being associated with the existing contact.
To manually add a digital ID to a contact from a digitally signed e‑mail message
1.
Open Windows Mail by clicking the Start button , clicking All Programs, and then clicking Windows Mail.
2.
Open a digitally signed message.
3.
Click the File menu, and then click Properties.
4.
Click the Security tab, and then click Add digital ID to Contacts.
To manually add a digital ID to a contact from another source
1.
Open Windows Contacts by clicking the Start button , clicking All Programs, and then clicking Windows Contacts.
2.
Create a new contact or double-click an existing contact.
3.
Click the Digital IDs tab, and then click Import.
4.
Click the digital ID file that contains the digital ID you want to add to the contact, and then click Open.
Certificate
__elbasuer__
Certificate
A digital document that verifies the identity of a person or indicates the security of a website. Certificates are issued by trusted companies known as Certification Authorities.
System administrator
__elbasuer__
System administrator
A person responsible for planning, configuring, and managing the day-to-day operation of a computer network. Typically, a system administrator assigns user accounts and passwords, establishes security access levels, allocates storage space, and monitors systems to prevent unauthorized access and attacks by malicious software.
Private key
__elbasuer__
Private key
One of a pair of keys used for file encryption (the other is a public key). People typically use a private key to decrypt information (such as a file or message) that was encrypted using the corresponding public key, or to digitally sign a message. People keep their private keys secret.
Contact
__elbasuer__
Contact
A collection of information about a person or oganization. Contacts are stored in the Contacts folder and can contain information such as the contact's name, e‑mail address, phone number, and street address.
Encrypted
__elbasuer__
Encrypted
The condition of information being scrambled so that it can be read only by someone who has the appropriate key to unscramble it. Encryption can be applied to files or to information exchanged over a network connection.
Help and How-to
