OpenPGP Support in Outlook 2010 and 2013

Yes folks, it is possible. Surely I’m not the first to document this but it just frustrated me when I realized how difficult it can be to incorporate the OpenPGP system into Microsoft Outlook. With that being said, I am happily using the Thunderbird email client with the Enigmail plugin which allows me to encrypt and decrypt emails using OpenPGP with relative ease. In fact, I don’t even consider myself a “power email” user and so to me, there really isn’t that big of a difference between Thunderbird and Outlook. However, because the former supports OpenPGP, I chose it over the other. While nothing is really wrong with using Thunderbird, I finally set out on a mission to incorporate OpenPGP into Outlook just because it pissed me off a bit. I was not to be denied! After many trials and installation screens later, I finally found a solution. It might not be perfect but it indeed works.

Outlook is the product offering in Microsoft’s Office productivity suite that allow power users to manage their email on their desktop. Basically, it’s a powerful email client. Many users do not even have a need for Outlook or Thunderbird because one can also manage their emails via their web browser. For example, to manage your Gmail account, you pretty much just log into Gmail’s web page. Reading, sending and sorting email is all done within the browser. Outlook mainly shines in businesses and enterprises that deploy their own email infrastructure. Anyways, chances are good that if you are looking for a way to integrate OpenPGP into Outlook, you know exactly what Outlook is. So with that being said, let’s just get started!

I also wrote a extensive article on how to use the OpenPGP system with the Thunderbird email client.

Prerequisites and Setup

UPDATE 01/25/13: I can no longer recommend this plugin as the newer versions just seems broken. Both email signing and verification fails. The plugin also have other significant issues that render it pretty useless. Options are also sparse and their Wiki help page lacks depth as well. At the time of this article write-up, I was using an older version of the plugin and while it worked to an extent, I still couldn’t get the plugin to both encrypt and sign an email correctly so that the recipient could properly decrypt and verify it. Not surprisingly, the plugin couldn’t both decrypt and verify emails sent from other clients as well. Therefore, I can no longer recommend this plugin until all issues have been resolved. Your miles may vary. UPDATE 02/05/13: I’ve done a review of gpg4o, a similar OpenPGP plugin for Outlook 2010. However, the big difference between gpg4o and the Outlook Privacy Plugin talked about here is that everything actually works! The bad news is that it is currently not a free solution, if indeed spending any amount of money is something you are absolutely not willing to do. The good news is that they are planning on releasing a Home/Student version hopefully by March 2013. This version will either be free of charge with limited capabilities or reduced in pricing.

– To use OpenPGP via the method I chose here requires you to have at least Microsoft Outlook 2010 or 2013. For my testing, I am using the Outlook 2013 preview release. Because this is not the final release of the product, I cannot guarantee that it will work when it does get released to the public. As the tool I am using states that it is supported for Outlook 2010, I am assuming it will work without problems even though I didn’t specifically use it on that platform. You can also download a 60-day trial version of Outlook 2010 from Microsoft here.

Gpg4win actually supports Outlook 2003 and Outlook 2007 via GPGOL.

– If you are testing this entirely by yourself, you will need two separate email accounts and preferably, two separate computers as well. For my testing purposes, I made two dummy email accounts called pgptester808@gmail.com and pgptester8082@gmail.com. If you can’t duplicate this setup, I can always test the system with you. You simply download my public key for the contact email I use for this blog, send an encrypted email to me containing your public key and I will then send an encrypted email back to you.

– The utility that allows Outlook to use the OpenPGP system is called the Outlook Privacy Plugin. The unfortunate part with this utility is that it only supports a single email account within Outlook.

– Finally, we need GNUPG installed on our system. For Windows systems, the best way to do this is to install Gpg4win. Be sure to download the full version and not the lite version. The full version includes Kleopatra, which is the utility we use to manage our keys. It is certainly possible to manually manage your keyring but trust me, it’s not fun.

This is how I got everything working initially:

  1. Installed Office 2013. Once installed on each of my computer, I configured each with one of my dummy test accounts.
  2. I next installed the Outlook Privacy Plugin. If you encounter an error during install, make sure you installed the Microsoft .NET Framework version 4 from here and then proceed with the installation again.
  3. Finally, I installed Gpg4win using the default options.

Configuration and Setup

With everything installed and running, it is now time to get down to the hard part!

When you open Outlook after installing the Outlook Privacy Plugin, you’ll be presented with the plugin’s setting dialog box. It needs you to tell it where you have installed the Gpg.exe program. Gpg4win installed this for us and so we just need to browse to the correct location. By default, the location is located in:

C:\Program Files\GNU\GnuPG\pub

Browse

Here, I am assuming you do not have a key pair. Therefore, I’ll go over how to create one and attach it to your email account in Outlook. This process involves using the command prompt but it’s really easy, trust me. What you need to do first is open a command prompt with administrator privileges. Next, navigate to the directory where the gpg.exe executable is installed. I’ve listed the location above.

Directory

Now we can create our key pair. If you enter in the exact commands as shown here, everything should work as expected. First we enter in: gpg –gen-key

Generate Key

For general uses, it’s best to just select the first option (RSA). Type in the number 1 and hit Enter. You’re then asked to select a key length for your key pair. Technically, the longer the keysize, the more secure it is although it takes more processing power to encrypt and decrypt. I typed in 1024.

Key Length

You’re then asked for the validity period for your key pair. If you are positive that you can keep your private key safe, you can set a longer validity period. For my test scenario, I chose my key validity period to not expire.

Key Validity

Next we need to fill in our personal information. First up is our Real Name. Of course you don’t really have to give your real name but if you are to use OpenPGP for business or professional purposes, you want the other party member to be able to correctly and easily identify you via your public key.

Name

Next is your email address information. Here, you must give it the real email address you wish to associate with the generated key pair!

Email Info

Finally, you can type in a comment. This usually gives a bit more information as to who you are. This field is purely optional.

Comment

One you hit Enter, you will be asked to confirm your entries. You can easily change the information by pressing the corresponding letter (N to change Name field, etc). Once you are finished, type the letter O to proceed.

Confirm

A “pinentry” dialog box should appear. Here you will need to type in your secret passphrase to protect your private key. You should always remember this passphrase because it is how you access your private key to help decrypt and sign emails! You should also make it relatively strong.

Pass Phrase

Once done so, gpg will then proceed to generate our key pair. Here is the final output screen.

Generate

Now that we have our keypair generated for our email address, we need to next export our public key so that we can share it with other people. Whenever someone wants to send an encrypted email to you, they must use this public key which of course you give to them ahead of time. You can also send your public key to me for testing purposes. To export our public key, we type in this command:

gpg –export -a “youremailaddress” > public.asc

This command will export our public key to a file called public.asc. We can then give this public key to any who wishes to communicate with us securely. In my scenario, I will simply transfer it to my USB thumb drive and import it to my second computer.

Export Public Key

The exported public key will be in the same directory as the directory we were working in: C:\Program Files\GNU\GnuPG\pub

Now that I have my keypair for my first dummy email account, I need to repeat the same procedures for my second dummy test account. In the end, I will have a public/private keypair for both email accounts. Of course, this is only a test scenario and so that is why I had to perform this procedure twice. In the real world, you only generate the keypair for your own email account and not that of others!

Please continue on to the next page to put everything into action!

Continue on to Page 2 –>

VN:F [1.9.22_1171]
Rating: 4.3/5 (10 votes cast)
OpenPGP Support in Outlook 2010 and 2013, 4.3 out of 5 based on 10 ratings

Pages: 1 2

Comments

  1. Darren Leno says:

    Hi Guys,
    We struggled setting up GPG in Outlook. Since we are a software development company that focuses on MS Office/Outlook, we have been working on it off and on for about 6 months, and would love your feedback. It works great for us, and we’d like to share it free for personal/non-profit/journalist use.
    Download it from our site,
    https://www.encryptomatic.com/openpgp/

    Its a clean install, code signed single installer. Works with Outlook 2016 thru 2007, supports imap/pop/exchange, key servers, signing, etc. I’m sure you’ll have some ideas for us, so pass them along. I hope it helps you all.

    • Michael F. Angelo says:

      Great work. I had been struggling with pgp (including multiple re-builds of my systems), and gave up. When I heard about this page and the tools, I thought give it another shot.. And well it worked… Thanks for the great work.

  2. rony009 says:

    Hey I had the same issue with my computer. I wasted my time on it for
    many days but finally I got a solution from this link
    http://www.microsoftliveassist.com/cant-verify-the-signature-install-error-in-office-2013/

  3. By the way, a new version (Beta 38) is available. I tested today and it seems to verify emails OK now. Have not tried the other functions yet.

  4. Hello, this morning I decided to install the plugins in Outlook 2013 using this tutorial however when running Outlook got some error messages …
    1 – Kbuildsycoca4.exe and Klepatra.exe “The program can’t start because” libkdeui.dll and libkleo.dll bolt returned “is missing from your computer. Try reinstalling the program to fix this problem”
    Fix… C:\Program Files (x86)\GNU\GnuPG\kleopatra.exe (run compatibility XP SP3)”
    2 – GpgOL error…”The user interface server is not available or could not be started in time. You may want to try again”
    Fix… Create a shortcut executave
    “C: \ Program Files (x86) \ GNU \ GnuPG \ kleopatra.exe” to
    “% AppData% \ Microsoft \ Windows \ Start Menu \ Programs \ Startup”
    after that edit the shortcut and go to the tab “shotcut” in order to add the field “target” …. “/ s” without quotes

  5. Paul Hein says:

    How about reviewing the outlook privacy plugin again. The changelog for june states finally support for outlook 2013, not only 2010 and just installing it on outlook 2013.

    • Thanks Paul for the heads up. I see that their newest version has just been released about 19 hours ago as I typed this comment to you. I will definitely take a look at it maybe sometime this weekend or so when I have time. I’m not sure if I will write another review though. If everything works as expected, I will obviously remove the comment in the article about the plugin being broken.

      • Paul Hein says:

        Have tested it. It seems to run smoothly. Finds automatically your gpg version, (maybe if it is a standard folder). Presents you with your keys to decrypt it after pressing send, and actually does quite well.
        I have only tested it on a mail to myself, but was worth a try.

  6. Steffen says:

    I successfully got it to work with the instructions given here:
    https://code.google.com/p/outlook-privacy-plugin/wiki/InstallationIssues

    First you have to install GPG4WIN, create your keys, then install the plugin. Works like a charm, even with multiple email addresses.

  7. Paul Reed says:

    I installed the plugin in Outlook 2010 but when I do the settings for the plugin there is nothing there for setting the location for gpg.exe file. The decript will not work. What did I do wrong or maybe it just will not work with the 2010 Outlook

    • *sigh* Don’t worry Paul, I’m pretty sure it’s not just you. I’ve concluded that this plugin is just broken and doesn’t work as intended. I’ve just been too lazy to write a note in the article stating so but I’m going to do that right now after typing this reply. I’ve tried just about everything to get one of the newer versions of this plugin to work but to no avail. It’s just either broken or I’m doing something wrong, although I don’t know what that could be considering how sparse this plugin’s options are. The plugin help page isn’t much help either.

      The funny thing is that at the time I wrote this article, I actually had it working but that was using an older version of the plugin. The major issue I had was not being able to both encrypt + sign an email along with both decrypting + verifying an email. It was either or but at least the plugin was partially working. With the newer version, just signing an email fails miserably and verification of an email (signed with Thunderbird and Enigmail) fails as well. If you want to, feel free to try older versions of the plugin and see if you have better luck than I.

      http://code.google.com/p/outlook-privacy-plugin/downloads/list

      For now, I will still keep an eye on this plugin but will not recommended it until all issues are resolved. Sadly, for Outlook, there’s not much free OpenPGP implementations out there.

    • Hi,

      tested today with Outlook 2010 on Win7 64bit. Newest version didn’t work for me aswell. Tested a few of the older ones et voila
      http://code.google.com/p/outlook-privacy-plugin/downloads/detail?name=OutlookPrivacyPlugin-BETA-19.zip&can=2&q=
      this one worked.

      • I’m glad you’re interested in using OpenPGP with Outlook. My suggestion is to not rely too much on this plugin. It seems the project has been abandoned by the developers. If not, then it seems that they are not pointing it on their priority list because like I mentioned in the article, the plugin is just broken to be of any use and without the ability to be able to both encrypt and sign an email, you’re severely limited in what you can do.

  8. Hi,
    thanks for the great article. I had one question though: how do you import a keyset generated on an other computer for the same user, instead of creating a new set of keys?

    Thanks

    • Hello Majid. Technically, you can import your personal keys onto another computer with the Kleopatra software and the OpenPGP plugin should recognize it within Outlook. Also, I made a slight mistake in the article by showing the key generation process using the command line method. Instead, it is much easier for users to use Kleopatra instead for all of their key management tasks which includes generating new sets of keys along with exporting and importing keys, which is what you are after. Hopes this answers your question!

      • Hi Simon,
        thanks for the feedback. From within the outlook plugin, when i try to set the key to the one to use by default to decrypt inbound messages, sign, verify etc, the plugin (under Add-ins->Settings) does not show me my key, although Kleopatra already imported it. Have you seen that before?

        thanks
        Majid

        • After talking with another reader who also wished to implement OpenPGP in Outlook, I am simply giving up on this plugin. It just seems broken. I was going to write a note of this in the article but I simply forgot but I will add it shortly after this. This plugin just has too many problems and quite honestly, I myself don’t know how to solve it. After upgrading to a recent version, everything just doesn’t seem to work anymore. In my original write up, I noted that I couldn’t get the plugin to verify a digital signature and that alone is not acceptable. I made a note of this to the developers when I first wrote the article but have yet to get a response from them.

          It does seem that they are continually trying to improve this plugin as they’ve just released a new version (BETA-24). I’m going to give this plugin one more try and hopefully I will get better results. If not, I’m abandoning the plugin altogether. I’m sorry for not being able to answer your original question!

  9. Michael McShane says:

    Nice work. I had been missing my Outlook openPGP once I upgraded to Windows 8 and Office 2013 rtm. Once I jumped through the cert and unlock steps in the privacy plugin, it just worked like a charm. Do you mind if I link to your blog post in my FAQ security section?
    Thanks again.
    Mike

  10. Thank you, Simon, for your excellent write-up!!!

  11. Fantastic write-up! I was looking for a way to integrate pgp for outlook 2010 and stumbled across the outlook privacy plugin. Further searching for any reviews or issues with the plugin lead me to your page and this write up. Just went through the process and it all worked fairly seamlessly! A few small comments: For the two gpg commands, I had to look at the screenshot to get it right, as the dashes don’t appear properly in the article. It looks like gpg-gen-key and gpg-export vs gpg –gen-key, etc. Taking a closer look at your screen capture resolved.

    Also, and this may be because I’m on an AD domain with exchange, the first time i started outlook and pointed the plugin to the gpg location, it hung. The second time I started Outlook, I went to the exchange server tab and entered my domain name, then back to the general tab to point the location, all went fine from there.

    Thanks again!

    • Hey David, your welcome and thank you for taking the time to give your feedback especially about the dash problem. However, I think that is attributed to my either WordPress itself or my theme because I can assure you that I wrote the double dashes. In fact, if you look at your own comment, it also shows your double dashes as just a singular dash as well! Although it showed as two separate dashes while you typed our your comment in the comment box, I saw the same thing when I wrote my article. This issue also appears when I type in directory or registry locations. It removes the backslash character.

      I will make a note at the beginning of the article detailing this issue.

      EDIT: I fixed the actual issue by specifying the HTML representation of the dash and backslash character in my post.

  12. Microsoft Outlook 2010 is the latest and advanced version of Microsoft’s email client. Being an IT pro, I like Outlook 2010 mainly because of its whole new set of features like bitness registry keys and MailTips etc. However, like other previous mail clients, Outlook 2010 is also prone to problems. Find here,how to Setup a POP3 Email Account in Microsoft Outlook 2010.

Speak Your Mind

*


(humans only, please) *