Digital certificate requirements for sending and receiving messages

Office for Mac 2011 will reach end of support on October 10, 2017. To stay supported, you will need to upgrade. For more information, see these resources.

 

Applies to: Office for Mac 2011

Topic Last Modified: 2015-03-09

The Outlook for Mac 2011 cryptography model uses public key encryption to send and receive digitally signed and encrypted e-mail messages. Encryption makes a message unreadable to anyone other than the intended recipient. To send an encrypted message, the sender must have a copy of the recipient’s digital certificate. The message is encrypted specifically for each recipient by using the recipient’s public key; it can be decrypted only by using the associated private key, which is stored on the recipient's computer. Outlook for Mac uses the sender’s keys to read and write encrypted messages in the Drafts and Sent Items folders, which allows users to review encrypted messages that they have created. If the sender has no digital certificate, this review is not possible.

A digital signature helps the recipient verify the sender’s identity and the message integrity. Digitally signing a message helps the recipient verify that you are the authentic sender and that the contents of the message were not altered in transit.

Tip

We recommend that digital certificates have a key size of 1,024 bits or more. Using a digital certificate of this size makes it extremely difficult to decode an encrypted message or forge a digital signature. For more information about the digital certificate key size, see Outlook for Mac Help.

Table 1. Digital certificate requirements

To The digital certificate requirement is

Send an encrypted message

The sender must have a copy of each recipient’s digital certificate. The sender does not need to have a digital certificate of his or her own. However, if the sender does not have a digital certificate, he or she will not be able to read the saved message in the Drafts and Sent Items folders, and will not be able to receive an encrypted response from a recipient.

Receive an encrypted message

The recipient must have a digital certificate of his or her own. The sender must have a copy of the recipient's digital certificate in order to encrypt the message.

Outlook for Mac can encrypt messages with any of the following encryption algorithms: AES-256, AES-192, AES-128, and 3DES. Of these four algorithms, 3DES is the most compatible with other S/MIME applications and AES-256 is the most secure.

Outlook for Mac supports the following signing algorithms for digital signatures, which are listed from strongest to weakest: SHA-512, SHA-384, SHA-256, and SHA-1. Of these four algorithms, SHA-1 is the most compatible with other S/MIME application, and SHA-512 is the most secure.

For a list of supported cryptographic algorithms, see “Table 2. Compare the cryptographic support”.

Send a digitally signed message

The sender must have a digital certificate of his or her own.

Receive a digitally signed message

The recipient does not need a digital certificate of his or her own.

The following table compares the cryptographic support in different versions of Entourage, the new Outlook for Mac 2011, and Outlook 2010 for Windows.

Table 2. Compare the cryptographic support

Cryptographic Algorithms Outlook for Mac 2011 and Entourage 2008 Entourage 2004 Outlook 2010 for Windows

AES [128, 192, 256]

Encrypt/Decrypt

Not Supported

Encrypt/Decrypt

3DES [168]

Encrypt/Decrypt

Encrypt/Decrypt

Encrypt/Decrypt

DES

Decrypt only

Decrypt only

Encrypt/Decrypt

RC2 [40, 64, 128]

Decrypt only

Encrypt/Decrypt

Encrypt/Decrypt

SHA-2 [256, 384, 512]

Sign/Verify

Not Supported

Sign/Verify

SHA-1

Sign/Verify

Sign/Verify

Sign/Verify

MD5

Verify only

Sign/Verify

Sign/Verify

Suite-B

No

No

Yes

DSA

Sign/Verify

Sign/Verify

Sign/Verify

RSA (sign/encrypt)

Sign/Verify

Encrypt/Decrypt

Sign/Verify

Encrypt/Decrypt

Sign/Verify

Encrypt/Decrypt

For information on digital certificates in Outlook for Mac 2011, see How users manage digital certificates in Outlook for Mac 2011.