Microsoft® Office Outlook® 2003 provides ways for users to manage their digital IDs- the combination of a user's certificate and public and private encryption key set. Digital IDs help to keep users' e-mail messages secure by letting them exchange cryptographic messages. Managing digital IDs can include:
In order to exchange cryptographic e-mail messages with another user, you must have each other's public keys. You provide access to your public key through a certificate. There are several ways to provide your digital ID to others. For example, you can:
Note If you export a Contacts list, the corresponding certificates are not included. You must add the certificates from a received e-mail message on each computer that you use.
Another alternative might be for users to automatically retrieve your certificate from an LDAP directory (on a standard LDAP server) when they send an encrypted e-mail message. To gain access to a certificate this way, users must be enrolled in S/MIME security with digital IDs for their e-mail accounts. Or users can obtain certificates from the Global Address Book. To do this, users must be enrolled in Microsoft Exchange Server Advanced Security.
Digital IDs can be stored in three locations:
Users who enroll in Exchange Advanced Security have their certificates stored in their organization's Global Address Book. Alternatively, users can open the Global Address Book by using their LDAP provider. Only certificates generated by Microsoft Exchange Server Advanced Security or by Microsoft Exchange Key Management Server are automatically published in the Global Address Book. However, externally generated certificates such as the TrustMail Certificates can be manually published to the Global Address Book (by using the Publish to GAL button in Tools | Options | Security).
Internet directory service (LDAP)
External directory services, certificate authorities, or other certificate providers can publish their users' certificates through an LDAP directory service. Outlook 2003 allows access to these certificates through LDAP directories.
Components for your digital ID can be stored on your computer. You export your digital ID to a file by using Import/Export in Tools | Options | Security. You can encrypt the file when you create it by providing a password.
Importing digital IDs
You can import a digital ID from a file. This is useful, for example, if you want to send cryptographic e-mail messages from a new computer you have just begun using. Each computer from which you send cryptographic e-mail messages must have your certificates installed. You import digital IDs from a file by using Import/Export in Tools | Options | Security.
Renewing keys and certificates
A time limit is associated with each certificate and private key. When the keys given by the Microsoft Exchange Key Management Server or another certificate authority approach the end of the designated time period, Outlook displays a warning message and offers to renew the keys. Outlook prompts the user, offering to send the renewal message to the server or to the CA on each user's behalf.
If users do not choose to renew a certificate before it expires, they must contact the certificate authority to renew the certificate.