Outlook is the product offering in Microsoft’s Office productivity suite
that allow power users to manage their email on their desktop.
Basically, it’s a powerful email client. Many users do not even have a
need for Outlook or Thunderbird because one can also manage their emails
via their web browser. For example, to manage your Gmail account, you
pretty much just log into Gmail’s web page. Reading, sending and sorting
email is all done within the browser. Outlook mainly shines in
businesses and enterprises that deploy their own email infrastructure.
Anyways, chances are good that if you are looking for a way to integrate
OpenPGP into Outlook, you know exactly what Outlook is. So with that
being said, let’s just get started!
If you are testing this entirely by yourself, you will need two separate email accounts and preferably, two separate computers as well. For my testing purposes, I made two dummy email accounts called Test01@gmail.com and Test02@gmail.com.
The lab was between Outlook 2007 & 2010
The utility that allows Outlook to use the OpenPGP system is called the Outlook Privacy Plugin. The unfortunate part with this utility is that it only supports a single email account within Outlook.
For Outlook 2007 & 2010 i used Beta-2 and for Outlook 2013 Beta-34
Finally, we need GNUPG installed on our system. For Windows systems, the best way to do this is to install Gpg4win. Be sure to download the full version and not the lite version. The full version includes Kleopatra, which is the utility we use to manage our keys. It is certainly possible to manually manage your keyring but trust me, it’s not fun.
When you open Outlook after installing the Outlook Privacy Plugin, you’ll be presented with the plugin’s setting dialog box. It needs you to tell it where you have installed the Gpg.exe program. Gpg4win installed this for us and so we just need to browse to the correct location. By default, the location is located in:
C:\Program Files\GNU\GnuPG\pub
Here, I am assuming you do not have a key pair. Therefore, I’ll go over how to create one and attach it to your email account in Outlook. This process involves using the command prompt but it’s really easy, trust me. What you need to do first is open a command prompt with administrator privileges. Next, navigate to the directory where the gpg.exe executable is installed. I’ve listed the location above.
COMMAND PROMPT:
What you need to do first is open a command prompt with administrator privileges. Next, navigate to the directory where the gpg.exe executable is installed. I’ve listed the location above.
Now we can create our key pair. If you enter in the exact commands as
shown here, everything should work as expected. First we enter in: gpg --gen-key
For general uses, it’s best to just select the first option (RSA). Type
in the number 1 and hit Enter. You’re then asked to select a key length
for your key pair. Technically, the longer the keysize, the more secure
it is although it takes more processing power to encrypt and decrypt. I
typed in 1024.
Next we need to fill in our personal information. First up is our Real
Name. Of course you don’t really have to give your real name but if you
are to use OpenPGP for business or professional purposes, you want the
other party member to be able to correctly and easily identify you via
your public key.
Next is your email address information. Here, you must give it the real
email address you wish to associate with the generated key pair!
Finally, you can type in a comment. This usually gives a bit more information as to who you are. This field is purely optional.
One you hit Enter, you will be asked to confirm your entries. You can
easily change the information by pressing the corresponding letter (N to
change Name field, etc). Once you are finished, type the letter O to
proceed.
Once done so, gpg will then proceed to generate our key pair. Here is the final output screen.
Now that I have my keypair for my first dummy email account, I need to
repeat the same procedures for my second dummy test account. In the end,
I will have a public/private keypair for both email accounts. Of
course, this is only a test scenario and so that is why I had to perform
this procedure twice. In the real world, you only generate the keypair
for your own email account and not that of others!
I am now on my second computer and will proceed to import the public key I exported earlier from my first dummy account to my second computer. This is similar to what you will have to do when you receive a public key from another individual. You will have to import the key into your keyring before it can be utilized. Luckily, Gpg4win includes a nifty key management utility called Kleopatra that will make this whole import/export process very easy to perform. Here, I will perform a import.
Once I have Kleopatra opened, it will show you every key in your key ring. Here, you can see that I only have one key and that is the public/private key pair for my second email account, Test01@gmail.com. I am now going to import the public key for Test02@gmail.com.
At this point, we are almost ready to begin sending encrypted emails with Outlook.
We just need to configure one more thing.
Back in Outlook, we need to set one more configuration setting for the Outlook Privacy Plugin and that is to tell it which private key belongs to us. Within Outlook, click on the Add-Ins tab and you will see the mini toolbar for the plugin.
Click on the Settings button and then select the Compose tab. Under the
Default Key selection box, we should see our newly created private key.
In my case, this would be my first email account of Test01@gmail.com. Select it, hit OK and we are done!
After that you must trust the others certificate
You can do that from Imported Certificates right click on the Certificate and click "Certify Certificate"
Leave default options [ Certify only for myself ] and click Certify
Now the Certificate is on your "Trusted Certificates"
By signing the email, this proves to Test01 (the email being sent
to) that it was indeed Test02 that sent the email and no one else
because the signature can only be decrypted using its public key. By
encrypting the email with Test01′s public key, we can be sure that
only that recipient is able to read the email because only that party
member have the corresponding private key to decrypt the public key.
When I hit the send button, the plugin will ask me for the passphrase
for my private key (Test02). This is because I am signing the
email which in turn needs access to my private key. You do not need to
type in a password if you are only encrypting the email. You just need
the recipient’s public key. Once done so, the email will get sent along
its way!
When you receive the email only you have to do is to Decrypt the message from the same menu
If you are testing this entirely by yourself, you will need two separate email accounts and preferably, two separate computers as well. For my testing purposes, I made two dummy email accounts called Test01@gmail.com and Test02@gmail.com.
The lab was between Outlook 2007 & 2010
The utility that allows Outlook to use the OpenPGP system is called the Outlook Privacy Plugin. The unfortunate part with this utility is that it only supports a single email account within Outlook.
For Outlook 2007 & 2010 i used Beta-2 and for Outlook 2013 Beta-34
Finally, we need GNUPG installed on our system. For Windows systems, the best way to do this is to install Gpg4win. Be sure to download the full version and not the lite version. The full version includes Kleopatra, which is the utility we use to manage our keys. It is certainly possible to manually manage your keyring but trust me, it’s not fun.
When you open Outlook after installing the Outlook Privacy Plugin, you’ll be presented with the plugin’s setting dialog box. It needs you to tell it where you have installed the Gpg.exe program. Gpg4win installed this for us and so we just need to browse to the correct location. By default, the location is located in:
C:\Program Files\GNU\GnuPG\pub
 |
 |
Here, I am assuming you do not have a key pair. Therefore, I’ll go over how to create one and attach it to your email account in Outlook. This process involves using the command prompt but it’s really easy, trust me. What you need to do first is open a command prompt with administrator privileges. Next, navigate to the directory where the gpg.exe executable is installed. I’ve listed the location above.
COMMAND PROMPT:
What you need to do first is open a command prompt with administrator privileges. Next, navigate to the directory where the gpg.exe executable is installed. I’ve listed the location above.
You’re then asked for the validity period for your key pair. If you are
positive that you can keep your private key safe, you can set a longer
validity period. For my test scenario, I chose my key validity period to
not expire.
Finally, you can type in a comment. This usually gives a bit more information as to who you are. This field is purely optional.
A “pinentry” dialog box should appear. Here you will need to type in
your secret passphrase to protect your private key. You should always
remember this passphrase because it is how you access your private key
to help decrypt and sign emails! You should also make it relatively
strong.
Now that we have our keypair generated for
our email address, we need to next export our public key so that we can
share it with other people. Whenever someone wants to send an encrypted
email to you, they must use this public key which of course you give to
them ahead of time. You can also send your public key to me for testing
purposes. To export our public key, we type in this command:
gpg ––export -a “youremailaddress” > test01.asc
This command will export our public key to a
file called public.asc. We can then give this public key to any who
wishes to communicate with us securely. In my scenario, I will simply
transfer it to my USB thumb drive and import it to my second computer.
I am now on my second computer and will proceed to import the public key I exported earlier from my first dummy account to my second computer. This is similar to what you will have to do when you receive a public key from another individual. You will have to import the key into your keyring before it can be utilized. Luckily, Gpg4win includes a nifty key management utility called Kleopatra that will make this whole import/export process very easy to perform. Here, I will perform a import.
Once I have Kleopatra opened, it will show you every key in your key ring. Here, you can see that I only have one key and that is the public/private key pair for my second email account, Test01@gmail.com. I am now going to import the public key for Test02@gmail.com.
I simply click on the Import Certificate button, browse to the
certificate location and that’s it! The certificate for Test02@gmail.com will then be successfully imported into the key
ring and it will be listed in the “Imported Certificates” tab.
We just need to configure one more thing.
Back in Outlook, we need to set one more configuration setting for the Outlook Privacy Plugin and that is to tell it which private key belongs to us. Within Outlook, click on the Add-Ins tab and you will see the mini toolbar for the plugin.
You can do that from Imported Certificates right click on the Certificate and click "Certify Certificate"
Select the Certificate [ in my case Test02@gmail.com ] select [ I have verified the fingerprint ] and then click Next.
Sending Encrypted Email
Finally, we are able to test the encryption system by composing encrypted emails! This test is very simple. I will be composing a email from my second email account [ Test02@gmail.com ] to my primary account [ Test01@gmail.com ] using its public key. Sadly, we currently can only compose plain text emails using this system. HTML emails are not supported at the moment. Within Outlook, I press and hold down the Shift key while clicking on the New Email button. This lets Outlook know that I am composing a plain text email. I compose my email as usual. However, before sending, I select both the Sign and Encrypt setting located in the upper right corner.
When you receive the email only you have to do is to Decrypt the message from the same menu
