[ Team LiB ] Using Digital Signatures

[ Team LiB ] Using Digital Signatures When email is signed with a digital signature, it provides a level of proof that the person using the email address sent the message. More importantly, it also ensures that no one tampered with the message. A digital signature is a digital code that can be attached to an email message to uniquely identify the sender. Like a written signature, the purpose of a digital signature is to guarantee that the individual sending the message really is who he claims to be. To be effective, we need to be assured that a digital...
Nội dung trích xuất từ tài liệu:
[ Team LiB ] Using Digital Signatures [ Team LiB ] Using Digital Signatures When email is signed with a digital signature, it provides a level of proof that the person using the email address sent the message. More importantly, it also ensures that no one tampered with the message. A digital signature is a digital code that can be attached to an email message to uniquely identify the sender. Like a written signature, the purpose of a digital signature is to guarantee that the individual sending the message really is who he claims to be. To be effective, we need to be assured that a digital signature is not forged, and there are a number of different encryption techniques that guarantee this level of security. Encryption is a more secure form of a digital signature, and encodes the message so that only someone with the sender's secret key or password can read the message. Encrypted data is also referred to as cipher text. Every digital signature has two levels of signing: a simple digital signature that identifies messages that have been tampered with, and an encrypted signature that encodes the message and attachments so that only the person the message is sent to can read it. Before you can digitally sign your email, you must obtain a digital certificate. Although many corporations provide digital certificates to their employees, anyone can get one free or at a low cost from several Internet sites. Most certificates are issued for one year and must be renewed or reissued when they expire. If you use Outlook at work, your employer might issue a digital certificate for you to use. The certificate is valid only when you send email using the address that's included in the certificate. If you use several email addresses, you'll need a certificate for each address you want to use to send digitally signed messages. Don't routinely sign all of your messages, especially on personal messages or those sent to mailing lists. Not all email clients can read signed messages. Reserve the use of digital signatures for important messages. Task: Set Up a Digital Signature Before you can use a digital signature, it must be installed and set up in Outlook. 1. Open the Tools, Options, Security dialog. 2. If you already have a current digital certificate, use Import/Export to install your digital ID. 3. If you need a digital signature, choose Get a Digital ID. This opens your Internet browser to a list of digital ID providers who partner with Microsoft. The steps necessary to get your digital ID vary with each service, but most will install the certificate for you at the end of the process. 4. Once your digital ID is installed, select the Settings button in the Encryption section of the Security tab. 5. Type a name for your security settings in the Security Setting Name field (see Figure 8.6). Select the Choose button to select the certificate to use. You should leave the other settings at their default. Click OK when you're done. Figure 8.6. Configure the setting for your digital signature on the Change Security Settings dialog. Don't change the default security settings when you install certificates. Using the wrong setting prevents others from reading your messages. If you have more than one certificate or need to configure alternative security settings, choose the New button and type a new name in the name field. Your digital signature is ready to use. Task: Send Signed and Encrypted Messages After you've obtained a digital certificate, signing a message is as easy as pressing a toolbar button to enable signing and or encryption. Figure 8.7. The Digitally Sign and Encrypt Message buttons are automatically added to the toolbar when you install a digital certificate. Before you can send encrypted messages, you must have the recipient's digital certificate associated with his contact record. If the person hasn't sent you signed email yet, ask her to send you a digitally signed message. Right-click on the sender's display name and choose Add to Outlook Contacts to add the digital certificate to her contact record. Confirm that the digital signature was added to the contact by looking on the contact's Certificates tab (see Figure 8.8). Figure 8.8. Your contact's digital IDs are listed on the Certificates tab of her contact record. When the recipient's certificate isn't associated with her contact record, Outlook won't allow you to send encrypted messages. Instead, you'll receive a message like the one shown in Figure 8.9. You can still send a digitally signed message. Figure 8.9. You need to have the recipient's digital ID associated with her contact before you can send her encrypted messages. When someone sends you a signed message, you'll see a red ribbon on the envelope icon and a larger red ribbon icon on the right side of the header area on a message form, as shown in Figure 8.10. Select a button to display information about the certificate used to sign or encrypt the message. A signed and encrypted message won't display in the Reading Pane; you have to open the message to read it. Figure 8.10. Signed messages have a red ribbon button and encrypted messages include a blue padlock button. When there's a problem with the digital ID, the message header includes a warning message that the signature has a problem, as shown in Figure 8.11. Many times the problem is caused by an expired digital ID, or the company issuing the certificate is not in your trusted Certificate Authority (CA) list. This often happens when the sender' ...