Yes folks, it is possible. Surely I’m not the first to document this but it just frustrated me when I realized how difficult it can be to incorporate the OpenPGP system into Microsoft Outlook. With that being said, I am happily using the Thunderbird email client with the Enigmail plugin which allows me to encrypt and decrypt emails using OpenPGP with relative ease. In fact, I don’t even consider myself a “power email” user and so to me, there really isn’t that big of a difference between Thunderbird and Outlook. However, because the former supports OpenPGP, I chose it over the other. While nothing is really wrong with using Thunderbird, I finally set out on a mission to incorporate OpenPGP into Outlook just because it pissed me off a bit. I was not to be denied! After many trials and installation screens later, I finally found a solution. It might not be perfect but it indeed works.
Outlook is the product offering in Microsoft’s Office productivity suite that allow power users to manage their email on their desktop. Basically, it’s a powerful email client. Many users do not even have a need for Outlook or Thunderbird because one can also manage their emails via their web browser. For example, to manage your Gmail account, you pretty much just log into Gmail’s web page. Reading, sending and sorting email is all done within the browser. Outlook mainly shines in businesses and enterprises that deploy their own email infrastructure. Anyways, chances are good that if you are looking for a way to integrate OpenPGP into Outlook, you know exactly what Outlook is. So with that being said, let’s just get started!I also wrote a extensive article on how to use the OpenPGP system with the Thunderbird email client.
Prerequisites and SetupUPDATE 01/25/13: I can no longer recommend this plugin as the newer versions just seems broken. Both email signing and verification fails. The plugin also have other significant issues that render it pretty useless. Options are also sparse and their Wiki help page lacks depth as well. At the time of this article write-up, I was using an older version of the plugin and while it worked to an extent, I still couldn’t get the plugin to both encrypt and sign an email correctly so that the recipient could properly decrypt and verify it. Not surprisingly, the plugin couldn’t both decrypt and verify emails sent from other clients as well. Therefore, I can no longer recommend this plugin until all issues have been resolved. Your miles may vary. UPDATE 02/05/13: I’ve done a review of gpg4o, a similar OpenPGP plugin for Outlook 2010. However, the big difference between gpg4o and the Outlook Privacy Plugin talked about here is that everything actually works! The bad news is that it is currently not a free solution, if indeed spending any amount of money is something you are absolutely not willing to do. The good news is that they are planning on releasing a Home/Student version hopefully by March 2013. This version will either be free of charge with limited capabilities or reduced in pricing.
– To use OpenPGP via the method I chose here requires you to have at least Microsoft Outlook 2010 or 2013. For my testing, I am using the Outlook 2013 preview release. Because this is not the final release of the product, I cannot guarantee that it will work when it does get released to the public. As the tool I am using states that it is supported for Outlook 2010, I am assuming it will work without problems even though I didn’t specifically use it on that platform. You can also download a 60-day trial version of Outlook 2010 from Microsoft here.
Gpg4win actually supports Outlook 2003 and Outlook 2007 via GPGOL.
– If you are testing this entirely by yourself, you will need two separate email accounts and preferably, two separate computers as well. For my testing purposes, I made two dummy email accounts called firstname.lastname@example.org and email@example.com. If you can’t duplicate this setup, I can always test the system with you. You simply download my public key for the contact email I use for this blog, send an encrypted email to me containing your public key and I will then send an encrypted email back to you.
– The utility that allows Outlook to use the OpenPGP system is called the Outlook Privacy Plugin. The unfortunate part with this utility is that it only supports a single email account within Outlook.
– Finally, we need GNUPG installed on our system. For Windows systems, the best way to do this is to install Gpg4win. Be sure to download the full version and not the lite version. The full version includes Kleopatra, which is the utility we use to manage our keys. It is certainly possible to manually manage your keyring but trust me, it’s not fun.
This is how I got everything working initially:
- Installed Office 2013. Once installed on each of my computer, I configured each with one of my dummy test accounts.
- I next installed the Outlook Privacy Plugin. If you encounter an error during install, make sure you installed the Microsoft .NET Framework version 4 from here and then proceed with the installation again.
- Finally, I installed Gpg4win using the default options.
Configuration and Setup
With everything installed and running, it is now time to get down to the hard part!
When you open Outlook after installing the Outlook Privacy Plugin, you’ll be presented with the plugin’s setting dialog box. It needs you to tell it where you have installed the Gpg.exe program. Gpg4win installed this for us and so we just need to browse to the correct location. By default, the location is located in:
Here, I am assuming you do not have a key pair. Therefore, I’ll go over how to create one and attach it to your email account in Outlook. This process involves using the command prompt but it’s really easy, trust me. What you need to do first is open a command prompt with administrator privileges. Next, navigate to the directory where the gpg.exe executable is installed. I’ve listed the location above.
Now we can create our key pair. If you enter in the exact commands as shown here, everything should work as expected. First we enter in: gpg –gen-key
For general uses, it’s best to just select the first option (RSA). Type in the number 1 and hit Enter. You’re then asked to select a key length for your key pair. Technically, the longer the keysize, the more secure it is although it takes more processing power to encrypt and decrypt. I typed in 1024.
You’re then asked for the validity period for your key pair. If you are positive that you can keep your private key safe, you can set a longer validity period. For my test scenario, I chose my key validity period to not expire.
Next we need to fill in our personal information. First up is our Real Name. Of course you don’t really have to give your real name but if you are to use OpenPGP for business or professional purposes, you want the other party member to be able to correctly and easily identify you via your public key.
Next is your email address information. Here, you must give it the real email address you wish to associate with the generated key pair!
Finally, you can type in a comment. This usually gives a bit more information as to who you are. This field is purely optional.
One you hit Enter, you will be asked to confirm your entries. You can easily change the information by pressing the corresponding letter (N to change Name field, etc). Once you are finished, type the letter O to proceed.
A “pinentry” dialog box should appear. Here you will need to type in your secret passphrase to protect your private key. You should always remember this passphrase because it is how you access your private key to help decrypt and sign emails! You should also make it relatively strong.
Once done so, gpg will then proceed to generate our key pair. Here is the final output screen.
Now that we have our keypair generated for our email address, we need to next export our public key so that we can share it with other people. Whenever someone wants to send an encrypted email to you, they must use this public key which of course you give to them ahead of time. You can also send your public key to me for testing purposes. To export our public key, we type in this command:
gpg –export -a “youremailaddress” > public.asc
This command will export our public key to a file called public.asc. We can then give this public key to any who wishes to communicate with us securely. In my scenario, I will simply transfer it to my USB thumb drive and import it to my second computer.
The exported public key will be in the same directory as the directory we were working in: C:\Program Files\GNU\GnuPG\pub
Now that I have my keypair for my first dummy email account, I need to repeat the same procedures for my second dummy test account. In the end, I will have a public/private keypair for both email accounts. Of course, this is only a test scenario and so that is why I had to perform this procedure twice. In the real world, you only generate the keypair for your own email account and not that of others!
Please continue on to the next page to put everything into action!