Scribd Logo
Upload

Welcome to Scribd!

  • S-MIME in MSOutlook

    Uploaded by

    Raviraj Deshmukh
    10 views6 pages

    Original Title

    2. S-MIME in MSOutlook

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    10 views6 pages

    S-MIME in MSOutlook

    Uploaded by

    Raviraj Deshmukh

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 6

    BITS Pilani Work Integrated Learning Programme

    SSZG513 - Network Security


    S/MIME Implementation in Microsoft Outlook
    Instructor: Vineet Garg

    Objective: The objective of this worksheet is to provide an exposure to a real world


    implementation of S/MIME security through Microsoft® Office Outlook.

    Platform: The content shown below is taken from Outlook-2007 running on Windows-8.1
    operating system. This is expected to be similar or with minimum differences across
    different Windows and
    Outlook releases.

    Observations Steps:
    (1) Outlook is running on your
    PC/Laptop.

    (2) In Outlook, go to Tools ->


    Trust Center->E-Mail Security.

    (3) There are two sections of


    interest here:
    I. Encrypted e-mail
    II. Digital IDs
    (Certificates)

    The first section - Encrypted


    e-mail has four checkboxes
    for the following items out of
    which none or more can be
    selected or deselected:

    a) Encrypt contents and attachments for outgoing messages: This is Enveloped-Data


    function of S/MIME.

    b) Add digital signature to outgoing messages: This is Signed-Data functions of


    S/MIME.

    c) Send clear text signed message when sending signed messages: This is Clear-
    Signed-Data function of S/MIME.

    Page 1 of 6
    BITS Pilani Work Integrated Learning Programme
    SSZG513 - Network Security
    S/MIME Implementation in Microsoft Outlook
    Instructor: Vineet Garg

    d) Request S/MIME receipt for all S/MIME signed messages: It is an email security
    feature that is used to request confirmation that an email message was received
    unaltered. It also includes information about who opened the message and when it
    was opened. This verification information is returned as a message in sender's Inbox.
    This is part of the Enhanced Security Services for S/MIME in RFC 2634.

    If the Settings button is pressed (located below four checkboxes), the following window will
    appear:

    The description of different options available is provided below:

    Security Settings Name: One can provide a name and create a profile which will be
    applicable to outgoing messages and different settings will be saved under this name.

    Cryptography Format: One can choose S/MIME or Exchange Server Security. The latter is
    applicable for the security services when it is controlled at the sever level. E.g. Domain Keys
    Identified Mail (DKIM). Our area of interest is S/MIME.

    Next two checkboxes can be selected/deselected if all the settings under this window will be
    applicable to the selected cryptographic message formats and/or all the cryptographic
    messages.

    Page 2 of 6
    BITS Pilani Work Integrated Learning Programme
    SSZG513 - Network Security
    S/MIME Implementation in Microsoft Outlook
    Instructor: Vineet Garg

    Then there are four buttons below:

    Security Labels: A security label is an optional property of a digitally signed message. It lets
    one add information to the message header about the sensitivity of the message content
    that is protected by S/MIME encapsulation. Security labels can be used to enforce a user's
    authorization to access the contents of the message. The label can also restrict which
    recipients can open, forward, or send the message.

    E.g. based on an organization's needs, one can define one or more security policies and
    implement them programmatically. For example, an Internal Use Only label might be
    implemented as a security label to apply to mail that should not be sent or forwarded
    outside of one's company. This is also part of the Enhanced Security Services for S/MIME in
    RFC 2634.

    New, Delete and Password: This is meant for new Security Setting creation (for which a
    name was provided above), deleting an old one or associating a password for it.

    Then there are provisions for selecting the certificates and algorithm for Hash (digest for
    digital signature) and encryption. Review that we need separate keys for creating a digital
    signature and encryption of the session key. These certificates are for those two keys.
    Algorithms for creating a hash digest and encryption can be also selected.

    Finally, there is a checkbox if sender wants to send the selected certificates with the signed
    messages. This may be required, if receiver wants to be ensured. Once a security setting is
    created, it can be saved pressing the OK button. It will take to the main section of Trust
    Center under E-mail Security as described in the beginning of this document.

    Page 3 of 6
    BITS Pilani Work Integrated Learning Programme
    SSZG513 - Network Security
    S/MIME Implementation in Microsoft Outlook
    Instructor: Vineet Garg

    The second section in Trust Center - Digital IDs (Certificates) is shown below:

    Import/Export allows one to import the previously received certificate to a file. While the
    second option Get Digital ID takes the user to Microsoft Office website to choose options to
    procure a digital id from different vendors as shown below:

    The above sections explained how the S/MIME security services are configured in Outlook.

    Page 4 of 6
    BITS Pilani Work Integrated Learning Programme
    SSZG513 - Network Security
    S/MIME Implementation in Microsoft Outlook
    Instructor: Vineet Garg

    The section below shows the steps to enable the S/MIME security while sending an e-mail.
    When one writes a new E-mail, access the following settings through Options->Message
    Options.

    Pressing the button for security settings, the following window will appear:

    The following checkboxes can be selected/deselected for the particular message being
    composed.

    Page 5 of 6
    BITS Pilani Work Integrated Learning Programme
    SSZG513 - Network Security
    S/MIME Implementation in Microsoft Outlook
    Instructor: Vineet Garg

    i. Encrypt messages contents and attachments


    ii. Add digital signature to this message
    iii. Send this message as clear text signed
    iv. Request S/MIME receipt for this message

    In addition to the above,

    Security setting profile can be retrieved which was configured using the description earlier
    in this document and Security Label can be selected which was configured using the
    description earlier in this document. Pressing OK, will take the control to the E-mail message
    where Security Settings was accessed. This completes the S/MIME settings for the new E-
    mail that is being sent.

    When an encrypted email is received it will be shown as below:

    Note: All trademarks are acknowledged. All or some of the features may not be available depending the
    organization's email policy for configuring the email encryption using S/MIME.

    Page 6 of 6

    You might also like