How can I send an encrypted email to someone using Microsoft Exchange and Outlook?
I am running Thunderbird 38.3.0 on OS X 10.11.1. I have Enigmail 1.8.2 installed. I have generated my public and private keys.
I come from a Microsoft Exchange background so I was used to putting my CAC in the reader, clicking the 'Digitally Sign Email' button, sending the email to my recipient, then having them send an encrypted email back to me.
Conversely I was used to receiving a digitally signed email from a user, saving that user's info in Outlook's Contacts folder, then composing an email to them, clicking the 'Encrypt Email' button, and sending it.
If I want to send an encrypted email to an Outlook Exchange user, and they send me a digitally signed email first; will that allow me to send them an encrypted email? I received a digitally signed email from them, but I didn't know how to import their public key. I didn't see anything to import.
All Replies (3)
I suspect you have been using s/mime with Outlook. You can use it in Thunderbird too, but as far as I am aware, you need to get keys generated by a third party. The last time I tried this I went to Comodo for a free key pair. The trouble was that they offer the keys for download to your browser, so you have to find how to export them from the browser then import them into Thunderbird.
Gpg/Enigmail is all well and good but it's not as widely used as s/mime, so you'll have trouble finding correspondents who are able and willing to make use of it, whereas s/mime is effectively the default encryption mechanism in many email clients.
Signing isn't quite the same as encrypting. You need them to send their public key in order to encrypt to them. Signing doesn't necessarily attach the public key. Likewise you'll need to make your public key available to your correspondents. With gpg we can use public keyservers; I don't know what the equivalent is in the s/mime world.
I'm surprised and disappointed by the low uptake on encryption and signing. I remember signing a message to my bank and the message caused them issues because the signature component triggered their anti-virus system. Because it wasn't plain text, it was assumed to be something hostile and binary. Yet you'd think that banks would be keen on any system to help reduce fraud.
So if someone is using S/MIME with Outlook, and I want to encrypt emails with them using Thunderbird Enigmail; I can't do it?
Enigmail is a front end for gpg and both parties (you and your correspondent) need to have gpg (at least) installed and configured. Enigmail is optional but it makes it so much easier to use gpg in Thunderbird.
But you have s/mime built in. All you need is your key pair. And your correspondent's public key.