Securing E-Mail with Digital IDs

Digital IDs are a form of security that brings confidentiality, integrity, and authentication to e-mail. The authentication part refers to the fact that when someone gets a digitally signed message from you, they know for a fact that it’s from you and not some imposter posing as you. This is accomplished by digitally signing your e-mail message with your digital ID. You can digitally sign any and all messages if you like. The confidentiality and integrity parts mean that both you and the sender are assured that nobody has seen or tampered with the message in transit. This is accomplished through encryption. When you send the message, it gets encrypted into a secret code before it leaves your computer. If someone manages to grab hold of the message before it reaches the intended recipient, it won’t do them any good. The message will look like meaningless gobbledygook and there’s no way they can decrypt it back to the original text. But, when the intended recipient gets the message, it’s automatically decrypted back to its original form. So that person sees exactly what you sent. To use encryption, both sender and recipient must have digital IDs. Getting a digital ID If you work for an organization that requires secure e-mail, your security administrator will likely acquire and install a digital ID for you. So you can skip this section if someone has already taken care of that for you. Otherwise, you’ll have to get your own digital ID.

The steps involved depend on the type of ID you get and who you get it from, so I can’t really help you there. I should warn you, however, that this requires some technical expertise beyond the basic day-to-day stuff and beyond the scope of this article. You may need some help from a person who has a background in computer security. The first step is to choose Tools  ->  Options from the Windows Mail menu bar. Click the Security tab in the Options dialog box, then click Get Digital ID. You’ll see the options described previously in this article. You won’t be handed one. Instead you’ll be presented with links to various certificate authorities (CAs) that sell (or maybe even give away) digital IDs. You need to find one that’s specifically for e-mail. Then follow their instructions to download and install the ID. When you’ve completed all the steps required by your certificate authority, click the Digital IDs button on the Security tab of the Options dialog box. The Certificates window opens. You should see your certificate listed there. If not, you may have to Import it. But again, it all depends on who you get your certificate from. There’s really nothing I can say here that applies to all certificate authorities. At the bottom of the Security tab you’ll see two options related to digital IDs:

- Encrypt contents and attachments for all outgoing messages: Do not select this option unless you only send e-mail to people who can decrypt your messages. Better to leave this option unselected and encrypt messages on a case-by-case basis as described later in this article.

-Digitally sign all outgoing messages: You can choose this option to digitally sign all messages. Recipients don’t need anything special to read digitally signed messages. Optionally, you can leave that option un-selected and sign messages on a case-by-case basis. Click OK to leave the Options dialog box. You’ll use your digital ID when composing messages to send to people. Using your digital ID To secure an e-mail message with your digital ID, compose your e-mail message as you normally would. But before you click Send, decide if you want to digitally sign and/or encrypt the message. You can also opt to request a digital receipt. (Only people who have their own digital ID will be able to send a secure receipt.) Use the Digitally Sign Message and Encrypt toolbar buttons to sign and/or encrypt the message. Or choose Tools from the menu bar and choose whichever options you want. Remember, you can send encrypted messages only to other people who have digital IDs. Furthermore, you must have a copy of that person’s public encryption key. If you have trouble encrypting a message to such a person, have them send you a digitally signed e-message. When you get the message, open it. If you haven’t already done so, add that person to your Contacts (right-click the message header and choose Add to Contacts). The sender’s public encryption key will be added to Windows Mail so you can send encrypted messages to that person from that point on. If you’re still unable to send an encrypted message to the person, open the digitally signed message they sent you by double-clicking its message header. In the open message, choose File  ->  Properties from the menu bar. Click the Security tab, click View Certificates, and then click Add to Contacts. Click OK in all open dialog boxes, close the message, and try again.

A public encryption key is a file that allows you to send encrypted messages to a digital ID holder. When the recipient gets the message, their private key decrypts it. That’s what keeps the messages confidential and tamper-proof. The holder of the digital ID is the only person who has the private key required to decrypt the message. Checkmarks on the Tools menu show which options I’ve selected. The icons pointed out in the figure also show the message is digitally signed and encrypted. Use the Receipts tab of the Windows Mail Options dialog box to configure secure receipt defaults.

When you receive digitally signed messages, the only difference you’ll notice is a small ribbon symbol to the left of the Subject in the message headers. When you click the message header, the Preview pane header will show a similar ribbon. That symbol is your guarantee that the message is from the person who digitally signed the message and not from an imposter.

Importing Messages from Other Programs

If you were already using some other e-mail program prior to using Windows Mail, you may want to bring its messages into Windows Mail. This is called importing messages. You can also import account information if you haven’t already set up Windows Mail to use an account. There are limits to the types of message you can import. For example, it may not be possible to import messages from Web mail accounts that you manage through your Web browser. But it all depends on your ISP and e-mail client. So I can’t tell you how to do this in a step-by-step manner. You may need to contact your ISP or e-mail service provider for help. All I can really show you is how to get the ball rolling:

1. Open Windows Mail (if you haven’t done so already). - To import e-mail messages from another program, choose File  ->  Import Messages. - Or, to import e-mail account information from another program, choose File  ->  Import  -> Mail Account Settings.

2. A wizard opens. Follow the instructions presented by the wizard to import messages. How you proceed through the wizard depends on what you’re importing. As with any wizard, it’s simply a matter of reading and responding to whatever appears on the wizard page and clicking Next. Do so until you get to the last page, and click Finish.

Exporting Messages to Other Programs To copy messages from Windows Mail to another program, you export them. There’s a limit to which programs you can export to, and no single set of rules applies to all. I can’t take you step-by-step through the process for every e-mail client on the planet. There’s just too many of them and not enough pages in this article to cover all the possibilities. If you have any problems with this, you might need to get some support from the manufacturer or Web site of the program to which you’re exporting. But the basic idea is

1. Open Windows Mail (if it isn’t already open).

2. Choose File  ->  Export  ->  Messages.

3. Follow the instructions in the wizard that opens.