p≡p for Outlook¶
This section covers the system requirements, feature list, installation- and user-guide of p≡p for Outlook.
Following software and hardware configurations are supported in p≡p for Outlook:
Windows 7, Windows 8.1, Windows 10 with the latest service packs
Terminal server Windows 2012, Windows 2016/2019
Both 32-bit and 64-bit versions
Outlook 2010, Outlook 2013, Outlook 2016, Outlook 2019 and Outlook from Office 365
Latest service pack is required
Both 32-bit and 64-bit versions
.Net Framework 4.0 and higher is required for add-on to work.
Supported Mail Protocols:
The POP3 protocol is not supported.
As long as you can run the appropriate Outlook version on your hardware, p≡p for Outlook will work on your current hardware.
The following features are available in the latest version of p≡p for Outlook:
Encrypt/decrypt emails and their subjects
Store messages encrypted or unencrypted on the server (Untrusted or Trusted server)
Compatibility with OpenPGP (as a p≡p user you can communicate with users that use OpenPGP)
Passive Mode (public key only attached if the communication partner uses p≡p)
Automated, decentralized key management
Import private keys
p≡p Sync, automated synchronization of keys between all your devices using p≡p
The following languages are supported:
Before you install p≡p for Outlook on your computer, we strongly recommend to encrypt your hard disk. On Windows, you can for example use BitLocker Device Encryption or VeraCrypt. If you do not want to encrypt the whole disk, we suggest to at least encrypt
C:/Users/<user_name>/AppData/Local/pEp (Note: AppData is a hidden folder). This is the directory that contains the keys needed to decrypt messages.
If you have GnuPG installed on your computer, p≡p will import the keys from GnuPG during the installation. p≡p will use imported keys to decrypt messages, but it will not use the keys to encrypt outgoing messages.
The installation is straight forward, asks no questions and requests no information. Everything is installed by five clicks and within 10 seconds p≡p for Outlook is active. Close Outlook, before starting the installation.
Step 1: Run the installation file by double clicking or pressing Enter after the file is selected.
Step 2: The first p≡p for Outlook installation screen will appear. While loading, the installer checks for system compatibility and verifies that you have a supported version of Outlook installed.
Step 3: The p≡p for Outlook licensing agreement will be shown. Please read through this agreement in its entirety. After you have read and agreed to the p≡p for Outlook licensing agreement, please check the “I accept the terms in the License Agreement” checkbox and click Install.
Step 3.5 (Optional): If your user is a local administrator, you can change the installation scope by clicking “Advanced”. p≡p can either be installed for the current user only or for all users on this system. By default, p≡p for Outlook is installed for all users if the current user is local administrator. If the current user has no local administrator privileges, p≡p for Outlook will only be installed for the current user.
Step 4: The installer will now need your permission to continue. This is a security feature of Windows. When the below dialog appears, please introduce the administrator password (if required) and click Yes.
Step 5: p≡p for Outlook will now be installed. During installation the progress bar may pause momentarily before it finishes.
Step 6: The installation is now complete! Please click Finish to close the installer. Now you can start Outlook and begin using p≡p! No further configuration is required.
The user guide gives step by step instructions on how to use p≡p for Outlook.
First steps in p≡p for Outlook¶
When Outlook is started after the p≡p plug-in has been installed, p≡p is automatically activated for all accounts. No configuration is needed.
Users will now see the ‘Privacy Status’ icon in the “Home” ribbon for incoming messages and in the “Message” ribbon for outgoing messages.
Sending Secure Emails¶
After a message from another p≡p user is received and you reply to that message, the Privacy Status in the ribbon of the message is Yellow. This means, that this message will be sent encrypted. Please note, that the very first message between two p≡p users will be sent unencrypted.
Please note that the local part of an email address (left of the “@”) must be treated case sensitive. E.g. email@example.com is not the same as HOLDEN@pep.digital, however firstname.lastname@example.org is the same as holden@PEP.DIGITAL.
For general information about the handshake, refer to Handshake.
To perform a Handshake, the Handshake dialog can be opened by clicking the Privacy Status icon. The following window appears:
After comparing the Trustwords with the communication partner through a separate channel (like a phone call or a meeting in person), select “Confirm” if the Trustwords match. If the Trustwords didn’t match, select “Reject”. When you confirmed the Trustwords, the Privacy Status with this communication partner changes to Green (Secure & Trusted).
Sending a message to multiple people with different Privacy Statuses¶
When sending a message to more than one person, the user simply adds the recipients to the message and clicks on the Privacy Status revealing the following pop-up window:
This dialog shows that one Handshake is pending. The user can click on the email address to perform the Handshake with the communication partner as explained above. After all the Trustwords are confirmed by the users, the communication will be upgraded to Green (Secure & Trusted).
When the communication partner’s Privacy Status is Yellow (Secure) or Green (Secure & Trusted), the e-mail will automatically be sent encrypted when the user clicks ‘Send’. If the user would like to disable protection on a case by case basis, then the user can do so by clicking the Privacy Status and selecting ‘Disable Protection’.
The Privacy Status as well as the rating for a communication partner will change from Yellow (Secure) or Green (Secure & Trusted) to Disabled and the message will be sent unencrypted when the user presses ‘Send’.
Sending BCC emails¶
Currently, p≡p sends messages unencrypted as soon as there is at least one recipient in BCC (even if keys of all recipients are available).
p≡p for Outlook Options¶
This section covers all the options that are available through the user interface of p≡p for Outlook. The p≡p options can be opened by selecting File -> p≡p.
Store messages securely for all accounts¶
Defines if messages should be saved encrypted or decrypted on the server. If “Store messages securely for all accounts” is checked, encrypted messages will be kept encrypted on the server for all accounts. When this option is unchecked, you can select for each account, if you want to “store messages securely”.
When “Protected message subject” is disabled, p≡p will decrypt the subject of encrypted messages and save the subject unencrypted on the server in any case.
For more details see Store messages securely.
Protect message subject¶
When sending messages between p≡p users, the subject is always encrypted (in transport). However, when “Protect message subject” is disabled, p≡p will decrypt the subject of messages stored in the mailbox and save the subject unencrypted.
Further, when “Protected message subject” is disabled, the subject of messages sent to PGP users will not be encrypted at all.
For more details see Protect message subject.
Enable p≡p privacy protection¶
Defines if p≡p privacy protection is enabled for the selected account or not. For more details see Enable p≡p privacy protection.
Enable p≡p Sync¶
If p≡p Sync is enabled, p≡p will check if other devices are using p≡p with the same email account and try to build a device group. p≡p Sync ensures that all messages can be decrypted on all your devices with p≡p.
For more details see p≡p Sync.
Account specific settings¶
Store messages securely¶
If “Store messages securely for all accounts” (see above) is unchecked, you can define per account, if messages should be stored encrypted or unencrypted.
Synchronize between my devices¶
Defines if the keys of this account are synchronized within your device group when p≡p Sync is enabled.
Enable p≡p privacy protection¶
By default, p≡p privacy protection is enabled and all outgoing messages will be encrypted whenever possible. If p≡p privacy protection is disabled, outgoing messages will not be encrypted. It will by default still decrypt incoming messages. However, the user has the option to also disable “Continue to decrypt messages”. In that case, incoming messages that are encrypted, will not be decrypted and are therefore unreadable. The p≡p privacy protection settings can be changed on a per account basis.
Show a warning when a message loses security through reply or forward¶
Defines if a warning message should be shown, when a formerly encrypted message is forwarded or replied as unsecure.
Show store protected option¶
This option will hide the Store protected button from the user interface. For more details see Store protected.
Enable Passive mode¶
By default p≡p for Outlook attaches your public key to every outgoing email. When passive mode is enabled, p≡p doesn’t attach a public key to outgoing messages unless the communication partner uses p≡p. If you already have a public key from your communication partner, p≡p will encrypt your emails by default.
For more details see Passive Mode.
Show additional Privacy Status Bar¶
By default, p≡p only shows the privacy status of a message only in the Home ribbon.
When the additional privacy status bar is enabled, the privacy status of a message is also visible on the bottom of the message.
Hide internal messages¶
p≡p sends emails to your own account (e.g. for p≡p Sync). By default these messages are hidden in p≡p clients. If unchecked, the p≡p internal messages are visible.
Trustwords default language¶
This option will allow you to select the default language for trustwords. For more details see Trustwords.
Compatibility options are related to OpenPGP and only affect communication with OpenPGP communication partners.
PGP Key Import¶
In case your device is member of a device group, please proceed with the following steps before starting the key import:
Disable p≡p Sync on all devices of the group before starting the import process.
Import the key on ALL devices.
Switch on p≡p Sync after the manual key import worked on all devices.
This option imports your existing PGP keys and uses them.
The key is then set as default key. However, p≡p still manages keys automatically, thus, the key might change in the future (e.g., when doing a reset). Please be aware that you can import only “.asc” files.
After the import p≡p will use your key to encrypt and decrypt messages. Please be aware that p≡p automates the key management and your key may change (e.g. after a reset, when joining a device group or when a key expires). Even if p≡p starts using another key, old keys will always be kept to ensure that all messages can be decrypted.
Use a passphrase for new keys¶
By default p≡p does not use a passphrase for new keys. If you want to use a passphrase for new keys enable “Use a passphrase for new keys”. Once enabled, p≡p will ask for a passphrase when new keys are generated. If you want to create new keys straight away, go to the p≡p Account settings and “Reset All Identities”.
If the user does not wish to use a key of a PGP communication partner anymore, then the user can enter the fingerprint of the key and add it to the blacklist. Please note this affects only PGP contacts, p≡p users won’t be affected by this blacklist.
About provides extra information about the p≡p version:
By default “Automatically download and install updates” is enabled. It is strongly recommended to allow updates. In case you prefer not to receive updates, you can disable it.
The last screen provides information about integrated software.
How to Upgrade p≡p for Outlook¶
p≡p for Outlook is checking for new updates automatically by default in random intervals between 10 mins and 4 hours. Once there the new update is available, it’s downloaded and installer will pop-up on the screen asking the user to install it.
Using Distribution lists¶
At the moment p≡p doesn’t support distribution lists without manual intervention. You can however create one private key for the email address of the distribution list and manually distribute it to all p≡p clients with accounts allowed to send/receive emails to Distribution list. The easiest way to distribute the key is by just sending it via email to all recipients that needed it (please make sure your message is sent encrypted).
Once all the participants of the distribution list have the private key for the same email address as distribution list, each of them will be able to send and read encrypted messages to the distribution list.
How to backup p≡p for Outlook¶
Simply backup the following directory:
This directory includes everything needed to recover. We suggest to regularly make a backup of this directory. In case you loose your key material (e.g. after a crash of the hard disk) and you don’t have a backup, you won’t be able to decrypt existing messages anymore, unless your device is part of p≡p Device Group. In case your device is part of the p≡p Device Group, you will be able to recover your keys from another device automatically once the current device will join the p≡p Device Group.
How to Uninstall p≡p for Outlook¶
If you want to uninstall p≡p for Outlook, do the following:
Open the Control Panel
Open Programs and Features
Select p≡p for Outlook in the list and Click the Uninstall button.
Follow the prompts and p≡p for Outlook will be removed.
After you uninstall p≡p, you won’t be able to decrypt messages anymore. Further, if you didn’t trust your server, existing messages won’t be readable anymore, because they are stored encrypted on the server.
When you uninstall p≡p, the following data will not be removed:
C:/Users/<user>/AppData/Local/pEp(contains all key material and more)
Registry entries in