{"id":25,"date":"2009-02-08T01:34:10","date_gmt":"2009-02-08T07:34:10","guid":{"rendered":"http:\/\/www.digitallachance.com\/blog\/?p=25"},"modified":"2009-02-08T01:34:10","modified_gmt":"2009-02-08T07:34:10","slug":"how-to-use-a-smart-card-to-digitally-sign-your-e-mails-in-outlook","status":"publish","type":"post","link":"http:\/\/digitallachance.com\/blog\/2009\/02\/how-to-use-a-smart-card-to-digitally-sign-your-e-mails-in-outlook\/","title":{"rendered":"How to use a Smart Card to digitally sign your e-mails in Outlook"},"content":{"rendered":"<p>Where I currently work, we are using smart cards in order to secure Active Directory accounts with elevated privileges.\u00a0 That&#8217;s great way to do two-factor authentication because smart cards are integrated in AD natively.\u00a0 In order to force an account to use a smart card, you only have to click on a checkbox on the <a title=\"User and computer accounts\" href=\"http:\/\/technet.microsoft.com\/en-us\/library\/cc759279.aspx\" target=\"_blank\">user account<\/a>.<\/p>\n<p>In order to be able to digitally sign and encrypt your e-mails, you have to first take the following steps:<\/p>\n<ol>\n<li>Import the certificate on your smart card into the IE Store<\/li>\n<li>Configure Outlook to use the certificate<\/li>\n<li>Start signing\/encrypting your e-mail<\/li>\n<\/ol>\n<p>Sounds simple enough.\u00a0 Let&#8217;s get into the details of how we do all of that.<\/p>\n<p>The first step is to import the digital certificate that is on the smart card into what is sometimes called the IE store.\u00a0 Since I use <a title=\"Gemalto's web site\" href=\"http:\/\/www.gemalto.com\/\" target=\"_blank\">Gemalto<\/a>&#8216;s GemSafe drivers, it is fairly easy.<\/p>\n<ol>\n<li>I first go to the Certificates section of the Toolbox and click on my certificate.<\/li>\n<li>This enables the <em>Export&#8230;<\/em> button.\u00a0 Click on it to go to the export screen.<\/li>\n<li>Select <em>Export to IE store<\/em> and make sure that you select <em>Personal<\/em> as the certificate store.<\/li>\n<li>Click the Export button.<\/li>\n<\/ol>\n<p>This puts a copy of the certificate (private and public keys) into your personal store for your use.\u00a0 You can verify that the certificate was imported properly by opening up Internet Explorer, click on <em>Tools<\/em> | <em>Internet Options<\/em> |<em> Content<\/em> | <em>Certificates<\/em>.\u00a0 Your certificate should be listed in the Personal tab.\u00a0 Click on the certificate.\u00a0 This will fill the <em>Certificate intended purposes<\/em> section at the bottom of the dialog box.\u00a0 If <strong>Secure Email<\/strong> is not one of the intended purposes, then you will not be able to use this certificate to sign your e-mails.<\/p>\n<p>Now the last thing to do is to configure Outlook to use that certificate.<\/p>\n<ol>\n<li>In Outlook (I&#8217;m using Outlook 2003), click on <em>Tools<\/em> | <em>Options&#8230;<\/em> | <em>Security<\/em> tab| <em>Settings&#8230;<\/em> button in the <em>Encrypted e-mail<\/em> section.<\/li>\n<li>Here we need to choose our signing certificate and encryption certificate.\u00a0 Click on the <em>Choose&#8230;<\/em> button and select the same certificate in both cases.<\/li>\n<li>Your <em>Hash Algorithm<\/em> should be <strong><a title=\"More information about SHA1 from Wikipedia.org\" href=\"http:\/\/en.wikipedia.org\/wiki\/Sha1\" target=\"_blank\">SHA1<\/a> <\/strong>because it is stronger than the old <a title=\"More information about MD5 from Wikipedia.org\" href=\"http:\/\/en.wikipedia.org\/wiki\/MD5\" target=\"_blank\"><strong>MD5<\/strong><\/a>.<\/li>\n<li>Your <em>Encryption Algorithm<\/em> is probably defaulted to <a title=\"More information about 3DES from Wikipedia.org\" href=\"http:\/\/en.wikipedia.org\/wiki\/3DES\" target=\"_blank\"><strong>3DES<\/strong><\/a>, which is the strongest algorithm available.<\/li>\n<li>Make sure that the checkbox for the <em>Send these certificates with signed messages<\/em> option is checked.\u00a0 This will then allow your recipient to import your certificate (with your public key only) into their store.\u00a0 This way they will be able to encrypt e-mails to you and only you will be able to decrypt them.<\/li>\n<\/ol>\n<p>And there you go.\u00a0 The next time you write an e-mail, simply click on the <em>Options&#8230;<\/em> button and then the <em>Security Settings&#8230;<\/em> button to open the dialog box that will allow you to digitally sign and encrypt your e-mail.\u00a0 Make sure that your smart card is inserted.\u00a0 When you click on the <em>Send<\/em> button, you will be asked to enter your PIN before your e-mail is signed and encrypted in order to confirm your identity.<\/p>\n<p>I hope this was helpful to you.\u00a0 Let me know if you have any questions.<\/p>\n\n","protected":false},"excerpt":{"rendered":"<p>If you are using smart card in your network only for authentication, you are missing out on the other things you can do to secure your communication with others.  This post will show you how to enable your smart card to be used to digitally sign or encrypt your e-mails in Outlook 2003.<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[4],"tags":[19,20,24,37,45,48,51],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v15.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>How to use a Smart Card to digitally sign your e-mails in Outlook - IT A Digital Life<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/digitallachance.com\/blog\/2009\/02\/how-to-use-a-smart-card-to-digitally-sign-your-e-mails-in-outlook\/\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\">\n\t<meta name=\"twitter:data1\" content=\"3 minutes\">\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"https:\/\/digitallachance.com\/blog\/#website\",\"url\":\"https:\/\/digitallachance.com\/blog\/\",\"name\":\"IT A Digital Life\",\"description\":\"All things digital\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":\"https:\/\/digitallachance.com\/blog\/?s={search_term_string}\",\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/digitallachance.com\/blog\/2009\/02\/how-to-use-a-smart-card-to-digitally-sign-your-e-mails-in-outlook\/#webpage\",\"url\":\"https:\/\/digitallachance.com\/blog\/2009\/02\/how-to-use-a-smart-card-to-digitally-sign-your-e-mails-in-outlook\/\",\"name\":\"How to use a Smart Card to digitally sign your e-mails in Outlook - IT A Digital Life\",\"isPartOf\":{\"@id\":\"https:\/\/digitallachance.com\/blog\/#website\"},\"datePublished\":\"2009-02-08T07:34:10+00:00\",\"dateModified\":\"2009-02-08T07:34:10+00:00\",\"author\":{\"@id\":\"https:\/\/digitallachance.com\/blog\/#\/schema\/person\/8a2f0b2a18af80d71541deadfac4d02f\"},\"breadcrumb\":{\"@id\":\"https:\/\/digitallachance.com\/blog\/2009\/02\/how-to-use-a-smart-card-to-digitally-sign-your-e-mails-in-outlook\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/digitallachance.com\/blog\/2009\/02\/how-to-use-a-smart-card-to-digitally-sign-your-e-mails-in-outlook\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/digitallachance.com\/blog\/2009\/02\/how-to-use-a-smart-card-to-digitally-sign-your-e-mails-in-outlook\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"item\":{\"@type\":\"WebPage\",\"@id\":\"https:\/\/digitallachance.com\/blog\/2009\/02\/how-to-use-a-smart-card-to-digitally-sign-your-e-mails-in-outlook\/\",\"url\":\"https:\/\/digitallachance.com\/blog\/2009\/02\/how-to-use-a-smart-card-to-digitally-sign-your-e-mails-in-outlook\/\",\"name\":\"How to use a Smart Card to digitally sign your e-mails in Outlook\"}}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/digitallachance.com\/blog\/#\/schema\/person\/8a2f0b2a18af80d71541deadfac4d02f\",\"name\":\"Francois\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/digitallachance.com\/blog\/#personlogo\",\"inLanguage\":\"en-US\",\"url\":\"http:\/\/0.gravatar.com\/avatar\/ce2ee0649f3fb6a643ffff9a9f1e63e4?s=96&d=mm&r=g\",\"caption\":\"Francois\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","_links":{"self":[{"href":"http:\/\/digitallachance.com\/blog\/wp-json\/wp\/v2\/posts\/25"}],"collection":[{"href":"http:\/\/digitallachance.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/digitallachance.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/digitallachance.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/digitallachance.com\/blog\/wp-json\/wp\/v2\/comments?post=25"}],"version-history":[{"count":0,"href":"http:\/\/digitallachance.com\/blog\/wp-json\/wp\/v2\/posts\/25\/revisions"}],"wp:attachment":[{"href":"http:\/\/digitallachance.com\/blog\/wp-json\/wp\/v2\/media?parent=25"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/digitallachance.com\/blog\/wp-json\/wp\/v2\/categories?post=25"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/digitallachance.com\/blog\/wp-json\/wp\/v2\/tags?post=25"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}