UniToken Integration Outlook Express

From SecuTech Wiki
Jump to: navigation, search

Install the PKI package

This section explains how to install the PKI package that can be found inside the UniToken SDK. The End User package can be found inside the folder "Redist/Enduser/".

1 Right-click on the PKI package installation file and choose [Run as administrator].Execute the file with an account that has administrator rights on this computer. Bitlocker img01.jpg
2 Click on [Next] in the InstallShield Wizard welcome screen. Bitlocker img02.jpg
3 Input your User Name and Company Name and click on [Next]. Bitlocker img03.jpg
4 Select [Complete] and click on [Next]. Bitlocker img04.jpg
5 Click on [Install] to begin the installation of the PKI package. Bitlocker img05.jpg
6 Verify that the InstallShield Wizard completed successfully and click on [Finish]. Bitlocker img06.jpg

Request a VeriSign Certificate

1 Open your internet browser of your choice and navigate to the page https://digitalid.verisign.com/client/class1MS.htm With VeriSign, you have the option of either buying a digital certificate, or obtaining a free evaluation digital certificate usable for 60 days. Adobepdf img01.jpg
2 In the field "Cryptographic Service Provider Name", choose [UniToken PRO CSP v2.0]. Adobepdf img02.jpg
3 Click on [Accept] to request the certificate. Adobepdf img03.jpg
4 Type the corresponding User PIN for the UniToken PRO device and click [OK]. Adobepdf img04.jpg
5 An email containing a Digital ID PIN and explaining how to continue the request procedure will be sent to the email address specified earlier. Copy the Digital ID PIN from the email and navigate to the URL specified in the email, https://digitalid.verisign.com/enrollment/mspickup.htm . Adobepdf img05.jpg
6 Paste the Digital ID PIN copied from the email in the corresponding field and click on [Submit]. Adobepdf img06.jpg
7 Click on [INSTALL] to import the certificate inside your UniToken PRO. If UniToken Monitor is running, a "Certificate Imported Successfully" message will appear. The request procedure is complete. You can now use this certificate to protect documents, sign and encrypt emails and related applications. Adobepdf img07.jpg

Sign and Encrypt Emails

In the case an evaluation certificate from VeriSign was used, you must add it to the list of trusted certificates in it in Outlook Express (and other associated programs, if necessary). Please find in the attachments the certificates to install. Certificates to install:

  • VeriSign Class 1 Individual Subscriber CA - G3.cer
  • VeriSign Class 1 Public Primary Certification Authority - G3.cer
1 User 1's Mailbox (receiver.secutech)In Microsoft Outlook 2003, select [New] to compose a new email. Outlookexpress img01.jpg
2 Below the main menu in the tool bar, click [Options]. Outlookexpress img02.jpg
3 On the [Message Options] page, click [Security Settings]. Outlookexpress img03.jpg
4 On the [Security Properties] page, check [Add digital

signature to this message] and click on [Change Settings].

Outlookexpress img04.jpg
5 Click on [Choose] to select the certificate stored inside

the UniToken and click on [OK] consecutively until you get back to [New Message] window.

Outlookexpress img05.jpg
6 In the new mail window, click on [Send] to send the

signed mail. You will be asked for the UniToken password.

Outlookexpress img06.jpg
7 User 2's Mailbox (helper.secutech) Go the mail account that you’ve just sent the signed mail to, and click on [Send/Recv]. Open the signed mail, right-click on the sender name and choose [Add to Outlook Contacts] Outlookexpress img07.jpg
8 Click on [Save and Close] to save the information about User 1 (receiver.secutech) as well as his certificate. Outlookexpress img08.jpg
9 Back to the main window of Microsoft 2003, select the signed email and click on [Reply]. Now that you have received that user’s digital signature, you can send encrypted mails to that user (The public key of that user is included in the signature) Outlookexpress img09.jpg
10 Click on the [ ] icon on the top right of the windows and click on [Send] to send the encrypted message. If the signature and encryption icon doesn’t appear, you can configure message encryption from [Options…] [Security settings] [Encrypt message and attachment] Outlookexpress img10.jpg

Open an encrypted mail

1 User 1 mailbox (receiver.secutech) Go back to User 1’s mailbox and check your mail. You should have received the encrypted mail from User 2. Double-click on it to open it.
Outlookexpress img17.jpg
2 A warning security will display “This message has been encrypted by the sender”. Click on [Continue] to see the mail. Outlookexpress img18.jpg
3 If your UniToken is inserted, you will be able to see the content of the mail. Note: If you’ve just inserted UniToken, you will be asked for the user password to decrypt the mail. Otherwise, there is no need to input the password once again. Outlookexpress img19.jpg
4 If you remove the UniToken and try to open the encrypted mail, you will get the error “Error Decrypting Message” Outlookexpress img20.jpg


Digital Signature: a mathematical scheme for demonstrating the authenticity of a digital message or document. A valid digital signature gives a recipient reason to believe that the message was created by a known sender, and that it was not altered in transit.

Public Key Infrastructure (PKI): a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates.

Microsoft Cryptography API, MS-CAPI: an application programming interface included with Microsoft Windows operating systems that provides services to enable developers to secure Windows-based applications using cryptography.

PKCS: refers to a group of public-key cryptography standards devised and published by RSA Security.