Digitally sign an email using Microsoft Outlook

From idenprotect Knowledge Base
Jump to: navigation, search

A user certificate managed by idenprotect (uploaded to the Windows Certificate Store) can be used to digitally sign email using Microsoft Outlook.


Before Microsoft Outlook can be used to sign an email, the following must have been completed.

  1. idenprotect For Desktop must have been installed on the Windows PC. See Installing idenprotect For Desktop
  2. A user must have enrolled the Windows PC as a device on an idenprotect Core Platform. See Login to Windows using idenprotect For Mobile app
  3. A user certificate must have been uploaded to the Windows Certificate Store. See Uploading to the Certificate Store
  4. Microsoft Outlook must be configured to use the certificate that has been uploaded to the Certificate Store. See below section.

Configuring Microsoft Outlook

A certificate that has been uploaded to the user's Personal Certificate Store can be used by Microsoft Outlook for digital signature operations.

  1. The Email Security Settings in the Trust Center must be configured with the idenprotect user certificate.
    • Navigate to Outlook Options via File->Options.
    • Access The Trust Center Settings by selecting the Trust Center Settings... button.
    • The Email Security area on the left can then be selected to configure the user certificate.
    Outlook email security settings navigation.png
  2. In the Encrypted email area, select the Settings... button to view the certificate settings.
    Change Security Settings.png
  3. In the Change Security Settings dialog, change the Signing Certificate by selecting the Choose... button.
  4. The uploaded certificate will now be shown to be selected as the signing certificate. Press OK to confirm the selection.
    Select a Certificate.png
  5. The certificate will now appear as the signing certificate.
    Signing Certificate.png
  6. The settings should then be saved by naming the setting in the Security Settings Name field and pressing the OK button.

Microsoft Outlook has now been configured to be used to sign email using the idenprotect user certificate.

Signing an email

Sending an email with a digital signature is a simple operation once the user certificate has been configured with Microsoft Outlook.

  1. When an email is being composed there is a Sign and Encrypt selection that is available in the Options tab. Select the Sign option and then press Send. This will begin the process to generate the digital signature for the email.
    Sign an email select sign option.png
  2. A QR Code image will be displayed for the associated idenprotect For Mobile app to be used to scan the QR Code image and generate the signature which will be returned to Microsoft Outlook.
    Outlook sign email qr code displayed.png
    Windows login smartphone display.png
  3. The email will then be sent with the digital signature. The recipient of the email will receive a signature as an attachment.
  4. The contents of the signature can then be viewed by the recipient so they can be sure the email has originated from the correct person.
    Outlook sign email received view signature.png