Categories World Wide Web

Continued from Securing E-Mail

Of course, each mail client sends and receives signed mail somewhat differently. Microsoft Outlook, for example, relies heavily on Exchange for securing messages and uses software from Entrust Technologies. The corresponding Message Class for signed mail is IPM.Note.SMIME instead of (typically) just IPM.Note. Outlook Express is better able to deal with S/MIME attachments and certificates. For instance, Outlook Express stores the certificates it receives from other individuals in the Addressbook store and makes it easy to access these certificates to encrypt outgoing messages. You can list these certificates using certmgr -s addressbook.

To sign outgoing messages using Outlook Express (and Outlook 98 as well), first you have to associate your mail account with a corresponding signature certificate. You do this by opening the Accounts dialog from the Tools menu, choosing the Mail tab, and configuring either a new or existing account. To sign messages, open the Properties dialog for that account, select the Security tab, enable the option to "Use a digital ID when sending secure messages," and click the Digital ID button to choose which ID (certificate) you want to use. If you don't already have a signature certificate, the dialog contains a link to a page on Microsoft's Web site that tells you how to obtain one. You can get a limited free certificate from either VeriSign (www.verisign.com) or Thawte (www.thawte.com). The process is straightforward: The certificate is returned as an S/MIME attachment to a confirmation Web page. You can also use CertSrv 1.0 to generate any type of certificate. Successfully installed signature certificates are commonly stored in the "my" store and can be listed using the command certmgr -s my.

You can also delete certificates from a store. The interface for doing this varies by tool (some don't even support it), but you can also use commands like these:

certmgr -del -s my -all
certmgr -del -s my -c -n "Keith Pleas (keithp)"

The first command deletes all the certificates in the "my" store. The second deletes only a single certificate with the specified name.

Once you have a valid signature certificate, you can open the Options dialog from the Tools menu, select the Security tab, and turn on "Digitally sign all outgoing messages." Or, if you prefer, you can selectively sign a particular message by selecting "Digitally Sign" from the Tools menu of the message editor or by clicking on the equivalent toolbar button. Note: If you wish to receive signed e-mail, your mail server must also be able to understand S/MIME attachments. If you're using Exchange, you need to turn on "Clients support S/MIME signatures" in the Internet Mail tab of the properties for the "Internet Mail Service" connection.

Next: Software Publishing

Published as PC Tech Feature in the 4/20/99 issue of PC Magazine.

Related Links
• Making E-Mail Secure -- PC Tech
• Internet Security Standards -- PC Tech