p≡p for Outlook

Overview

This section covers the system requirements, feature list, installation- and user-guide of p≡p for Outlook.

System Requirements

Following configurations are supported in p≡p for Outlook:

Software:

Windows Windows 7, Windows 8.1, Windows 10 with the latest service packs Terminal server Windows 2012, Windows 2016 Both 32-bit and 64-bit versions
Outlook Outlook 2010, Outlook 2013, Outlook 2016 and Outlook 2019 (latest service pack is recommended to fix someknown issues). Both 32-bit and 64-bit versions
Mail Protocols ActiveSync; Exchange; IMAP; SMTP;
.Net Framework 4.0 and higher Required for add-on to work

Hardware:

As long as you can run the appropriate Outlook version on your hardware, p≡p for Outlook will work on your current hardware.

Note

The POP3 protocol is not supported.

Feature list

Following features are implemented in version 1.0.200 of p≡p for Outlook:

  • Encrypt/decrypt emails and their subjects
  • Untrusted server (save emails encrypted on the server) / Trusted server (save decrypted emails on the server)
  • Compatibility with OpenPGP (exchange messages with OpenPGP users, key server lookup, display fingerprint, blacklist keys, disable subject encryption)
  • Passive Mode (public key only attached if the communication partner uses p≡p)
  • Automated, decentralized key management
  • Distribution lists
  • Import Private Key from other p≡p or OpenPGP devices

Installation Guide

Note

Before you install p≡p for Outlook on your computer, we strongly recommend to encrypt your hard disk. On Windows, you can for example use BitLocker Device Encryption or VeraCrypt. If you do not want to encrypt the whole disk, we suggest to at least encrypt C:\Users\<user_name>\AppData\Roaming\gnupg (Note: AppData is a hidden folder). This is the directory that contains the keys needed to decrypt messages.

Installation

The installation is straight forward, asks no questions and requests no information. Everything is installed by five clicks and within 10 seconds p≡p for Outlook is active. Close Outlook, before starting the installation.

Step 1: Run the installation file by double clicking or pressing Enter after the file is selected.

Step 2: The first p≡p for Outlook installation screen will appear as shown below. While loading, the installer checks for system compatibility and verifies that you have a supported version of Outlook installed.

_images/pEpForOutlook-v1.0.200-InstallerWelcome.png

Step 3: The p≡p for Outlook licensing agreement will be shown as below. Please read through this agreement in its entirety. After you have read and agreed to the p≡p for Outlook licensing agreement, please check the “I accept the terms in the License Agreement” checkbox and click Install.

_images/pEpForOutlook-v1.0.200-ImageInstallScreen3.png

Step 3.5 (Optional): If your user is a local administrator, you can change the installation scope by clicking “Advanced”. p≡p can either be installed for the current user only or for all users on this system. By default, p≡p for Outlook is installed for all users if the current user is local administrator. If the current user has no local administrator privileges, p≡p for Outlook will only be installed for the current user.

_images/pEpForOutlook-v1.0.200-ImageInstallScreen3.5.jpeg

Step 4: The installer will now need your permission to continue. This is a security feature of Windows. When the below dialog appears, please introduce the administrator password (if required) and click Yes.

_images/pEpForOutlook-v1.0.200-InstallerSecWarning.png

Step 5: p≡p for Outlook will now be installed. During installation the progress bar may pause momentarily before it finishes.

_images/pEpForOutlook-v1.0.200-InstallerProgress.png

Step 6: The installation is now complete! Please click Finish as shown below to close the installer. Now you can start Outlook and begin using p≡p! No further configuration is required.

_images/pEpForOutlook-v1.0.200-InstallerCompleted.png

User Guide

The user guide gives step by step instructions on how to use p≡p for Outlook.

First steps in p≡p for Outlook

When Outlook is started after the p≡p plug-in has been installed, p≡p is automatically activated for all accounts. No configuration is needed.

Users will now see the ‘Privacy Status’ icon in the “Home” ribbon for incoming messages and in the “Message” ribbon for outgoing messages.

_images/pEpForOutlook-v1.0.200-ComposeUnsecureGrey.png

Sending Secure Emails

After a message from another p≡p user is received and you reply to that message, the Privacy Status in the ribbon of the message is Yellow. This means, that this message will be sent encrypted. The same applies when a user enters an email address for which p≡p automatically finds a public key on the public PGP key server (optional setting). Please note, that the very first message between two p≡p users will be sent unencrypted.

_images/pEpForOutlook-v1.0.200-ComposeSecureYellow.png

The Handshake

For general information about the handshake, refer to Handshake.

To perform a Handshake, the Handshake dialog can be opened by clicking the Privacy Status. The following window appears:

_images/pEpForOutlook-v1.0.200-ComposeHandshakeYellowFront.png

After comparing the Trustwords with the communication partner through a separate channel, select “Confirm Truswords” if the Trustwords match or “Wrong Trustwords” if the Trustwords didn’t match. After you confirmed the Trustwords, the Privacy Status changed to Green (Secure & Trusted):

_images/pEpForOutlook-v1.0.200-ComposeHandshakeYellowFrontGreenpEpClient.png

Sending a message to multiple people with different Privacy Statuses

When sending a message to more than one person, the user simply adds the recipients to the message and clicks on the Privacy Status revealing the following pop-up window:

_images/pEpForOutlook-v1.0.200-PrivacyStatusMultiplePeople.png

This dialog shows that one Handshake is pending. The user can click on the email address to perform the Handshake with the communication partner as explained above. After all the Trustwords are confirmed by the users, the communication will be upgraded to Green (Secure & Trusted).

_images/pEpForOutlook-v1.0.200-PrivacyStatusMultiplePeopleAllGreen.png

Disabling Protection when the communication partner’s Privacy Status is Yellow (Secure) or Green (Secure & Trusted)

When the communication partner’s Privacy Status is Yellow (Secure) or Green (Secure & Trusted), the e-mail will automatically be sent encrypted when the user clicks ‘Send’. If the user would like to disable protection on a case by case basis, then the user can do so by clicking the Privacy Status and selecting ‘Disable Protection’.

_images/pEpForOutlook-v1.0.200-ComposeUnsecureGreyDisableProtectioDetachKey.png

The Privacy Status as well as the rating for a communication partner will change from Yellow (Secure) or Green (Secure & Trusted) to Gray (Unsecure) and the message will be sent unencrypted when the user presses ‘Send’.

Receiving encrypted messages

When the user receives encrypted messages while the Outlook is not yet connected, these messages will remain encrypted in the Inbox (until the user clicks on them).

Key Import

This section explains how key import works in p≡p for Outlook. Be aware, that key import only works, when exactly 2 clients with p≡p installed are connected to the email account. If you have 3 or more devices, make sure only two are connected at the same time (e.g. Enable Flight Mode).

Also consider, that you need to start key import on your new device. E.g. if you already have a computer with p≡p installed and you just setup a new computer with p≡p, you need to start the key import process on the new computer. This is especially important if you use 3 or more devices with p≡p.

To start a key import process in p≡p for Outlook, right click the account in the navigation pane, select Key Import and then click “p≡p Key Import” in order to start an import from another device with p≡p installed.

_images/pEpForOutlook-v1.0.200-KeyImport1.png

The following screen appears.

_images/pEpForOutlook-v1.0.200-KeyImport2.png

Open p≡p on the second device. After a minute or two a dialog appears. It is asking, if a Key Import process should be initiated. Press Start. The second device will immediately show a Handshake dialog. Shortly after a Handshake dialog will also appear on your first device:

_images/pEpForOutlook-v1.0.200-KeyImport3.png

Compare the Trustwords between the two devices. If the Trustwords match, click “Confirm Trustwords” on both devices. The following screen appears:

_images/pEpForOutlook-v1.0.200-KeyImport4.png

p≡p is is now importing the secret key from the other device and setting it as the default key to use. Shortly after, a confirmation will appear on both devices

p≡p is now synchronizing the keys between the two devices. Shortly after, a confirmation will appear on both devices. Once the confirmation appeared, the key from the other device has been imported and both devices are now using the same key.

p≡p for Outlook Options

This section covers all the options that are available through the user interface of p≡p for Outlook. The p≡p options can be opened by selecting File -> p≡p.

_images/pEpForOutlook-v1.0.200-adFile.png

Accounts

_images/pEpForOutlook-v1.0.200-adEnableUnencrypted.png

When you enable Advanced at the bottom of the popup window you will see the following options:

_images/pEpForOutlook-v1.0.200-adOptionsEnabled.png

Store messages securely

Defines if messages should be saved encrypted or decrypted on the server. If “Store messages securely for all accounts” is checked, encrypted messages will be kept encrypted on the server for all accounts. When this option is unchecked, you can select for each account, if you want to “store messages securely”. For more details see Server Trust (store messages securely).

Enable p≡p privacy protection

Defines if p≡p privacy protection is enabled for the selected account or not. For more details see Enable p≡p privacy protection.

Show ‘p≡p’ data store in navigation pane

p≡p saves some messages in a local pEp.pst file in Outlook. The user can choose, if the pEp.pst store should be displayed in the Outlook navigation pane.

Show a warning when a message loses security through reply or forward

Defines if a warning message should be shown, when a formerly encrypted message is forwarded or replied to unsecure. For more details see Show a warning when a message loses security through reply or forward.

Show store protected option

This option will hide the Store protected button from the user interface. For more details see Store protected.

Enable Passive mode

By default p≡p for Outlook attaches your public key to every outgoing email. When passive mode is enabled, p≡p doesn’t attach a public key to outgoing messages unless the communication partner uses p≡p. If you already have a public key from your communication partner, p≡p will encrypt your emails by default. For more details see Passive Mode.

Trustwords default language

This option will allow you to select the default language for trustwords. For more details see Trustwords.

Compatibility

Compatibility options are related to OpenPGP and only affect communication with OpenPGP communication partners.

_images/pEpForOutlook-v1.0.200-adOptionsEnabledCompatibilityScreen.png

Enable unprotected message subjects

The user can choose, if the subject of a message should be protected/encrypted. When the subject is encrypted, the users of other OpenPGP clients will only see the subject “pEp” instead of the original subject. The actual subject is displayed in the first line of the body for plain text messages. For HTML messages, the subject is not visible. Subject Encryption is enabled by default.

Look up keys on key server

If enabled, p≡p will look up keys of the communication partners on a PGP key server. This ensures full compliance with PGP protocols, but it has privacy downside as the key server knows the users’ requests. Therefore, it is switched off by default in p≡p. If not enabled, p≡p will not look up any key on the public PGP key server.

Open Key Manager

Leads to the GNU Privacy Assistant. Please refer to the GnuPG documentation for details (https://www.gnupg.org/related_software/gpa/).

_images/adGNUPrivacyAsistant.png

Key Blacklist

If the user does not wish to use a key of a PGP communication partner anymore, then the user can enter the fingerprint of the key and add it to the blacklist. Please note this affects only PGP contacts, p≡p users won’t be affected by this blacklist.

About

About provides extra information about the p≡p version:

_images/pEpForOutlook-v1.0.200-adOptionsEnabledAboutScreen.png

Updates

By default “Automatically download and install updates” is enabled. It is strongly recommended to allow updates. In case you prefer not to receive updates, you can disable it.

Credits

The last screen provides information about Credits.

_images/pEpForOutlook-v1.0.200-adOptionsEnabledCreditsScreen.png

How to Upgrade p≡p for Outlook

p≡p for Outlook is checking for new updates automatically by default randomly in intervals between 10 mins and 4 hours. Once there the new update is available, it’s downloaded and installer will pop-up on the screen asking the user to install it.

_images/pEpForOutlook-v1.0.200-ImageInstallScreen2.png

Disable automatic upgrades for p≡p for Outlook

Even though it is not suggested, it is possible to disable the auto-update function in p≡p for Outlook. Refer to Updates for more details.

Using Distribution lists

At the moment p≡p doesn’t support distribution lists without manual intervention. You can however create one private key for the email address of the distribution list with GnuPG tools installed during installation of p≡p for Outlook and manually distribute it to all p≡p clients with accounts allowed to send/receive emails to Distribution list.

Once all the participants of the distribution list have the private key for the same email address as distribution list, each of them will be able to send and read encrypted messages to the distribution list.

How to backup p≡p for Outlook

Simply backup the following 2 directories:

C:\Users\<user>\AppData\Local\pEp and C:\Users\<user>\AppData\Roaming\gnupg

These 2 directories include everything needed to recover. We suggest to regularly make a backup of these two directories. In case you loose your key material (e.g. after a crash of the harddisk) and you don’t have a backup, you won’t be able to decrypt existing messages anymore.

How to Uninstall p≡p for Outlook

If you want to uninstall p≡p for Outlook, do the following:

  1. Open the Control Panel
  2. Open Programs and Features
  3. Select p≡p for Outlook in the list and Click the Uninstall button.
  4. Follow the prompts and p≡p for Outlook will be removed.

After you uninstall p≡p, you won’t be able to decrypt messages anymore. Further, if you didn’t trust your server, existing messages won’t be readable anymore, because they are stored encrypted on the server.