With user certificates, you can digitally sign and encrypt your e-mails. The digital signature of an e-mail provides the following advantages:

E-mails without digital signatures can be manipulated very easily and the addresser would not be identifiable.

S/MIME (Secure/Multipurpose Internet Mail Extensions) is the standardised procedure for digitally signing e-mails.

To sign your e-mails digitally, you have to import your user certificate and possibly the certificate chain in the certificate memory of the e-mail client, respectively the Microsoft certificate memory.

The following describes the configuration of MS Outlook for the digital signature of e-mails.

 

  1. To digitally sign your e-mails, first select your e-mail account in Outlook. Then go to "File" and afterwards to "Options" in the top menu.

    Explanatory screenshot to the previous description with a marker on "Options"
    Screenshot MS Outlook: File menu

  2. Now click on "Trust Center" and then on "Trust Center Settings".

    Explanatory screenshot to the previous description with a marker on "Trust Center Settings"
    Screenshot MS Outlook: Outlook Options

  3. Now click "Import/Export".

    Explanatory screenshot to the previous description with a markers on the checkmark and on the button "Import/Export"
    Screenshot MS Outlook: Trust Center "Import/Export"

  4. Now select your certificate file via "Browse" and enter the password. Confirm this by clicking "OK".

    Explanatory screenshot to the previous description with a marker on the button "OK"
    Screenshot MS Outlook: Import/Export Digital ID

  5. Check the boxes "Encrypt contents and attachments for outgoing messages" and "Add digital signature to outgoing messages". You can adjust these settings as required when composing a message. Now click on "Settings".

    Explanatory screenshot of the previous description with marker on "Settings"
    Screenshot MS Outlook: Trust Center "Settings"

  6. Outlook uses the hash algorithm "SHA1" by default. Change this value to at least "SHA256". The encryption algorithm must be "AES (256-bit)". Click on "OK".

    Explanatory screenshot of the previous description
    Screenshot MS Outlook: Change Security Setting

  7. Confirm the Trust Center settings with "OK". From now on, you can digitally sign your e-mails in Outlook.

    Explanatory screenshot of the previous description
    Screenshot MS Outlook: Trust Center

  8. If you now write a new e-mail, it will be signed and encrypted by default. If the recipient does not have a certificate, you can deactivate the "Encrypt" and/or "Sign" settings under "Options" by clicking on the respective buttons and send the e-mail unencrypted.
    Note: If the message 'Encryption problems' appears when you send a message using the new certificate, send yourself a one-off 'signed only' e-mail.

    Explanatory screenshot to the previous description with a marker on the "Encrypt/Sign" buttons
    Screenshot MS Outlook: Write Message