How to Decrypt Outlook Email? Remove S/MIME & OpenPGP Encryption

Are you trying to decrypt Outlook email messages for a forensic investigation? Decrypting encrypted Outlook emails, particularly those using S/MIME or OpenPGP encryption, is a technical but essential process in digital forensics. Investigators often rely on RAM analysis, private key access, or trusted tools like MailXaminer to access encrypted content.

Even when full decryption isn’t possible, encrypted email metadata still reveals useful information. However, even encrypted emails provide valuable insights when analyzed correctly.  Hence, in this guide, we will walk through the step-by-step process how to remove encryption from Outlook email using a trustworthy solution. 

What is Email Encryption?

Email encryption is a security measure that protects the content of email messages from unauthorized access. It transforms readable text into encoded content. This ensures that only intended recipients with the proper decryption key can view it. Email encryption is especially important in corporate communications, legal correspondence, and forensic investigations, where privacy and authenticity are the primary tasks.

Why is Encryption Used in Emails in Outlook?

Encryption is the most common data security mechanism used to maintain the confidentiality of digital data. After composing a message, the sender uses an encryption key to convert the plaintext into ciphertext. On the receiver end, too a decryption key is required for opening and viewing the contents in human-readable form.

This keeps digital data confidential while transmitting it over the Internet, helping to protect it from intruders.

The two main types of encryption used to protect the data are symmetric-key encryption and asymmetric-key encryption.

• Symmetric Key Encryption: In symmetric key encryption, the same key is used to encrypt and decrypt the data.
• Asymmetric Key Encryption: It is also known as public-key encryption. In this, for both encryption and decryption processes, different keys are required. The keys are known as the public key and private key.

Before discussing how to decrypt an Outlook email, it is necessary to understand the encryption process for the same. We all know that Microsoft Outlook is one of the most commonly used desktop-based email applications. At the same time, Outlook users are pretty concerned about the security of their data.

For that, encryption is the best way to secure all the PST mailbox items. Besides understanding the encryption and decryption of Outlook email messages. Additionally, we will also shed light on the analysis of emails after removing encryption from an Outlook email message.

Before starting the encryption process, users have to obtain a digital certificate / digital ID and install it in the Outlook application. There are several Microsoft-approved sources available in which COMODO provides an S/MIME email certificate and a digital ID, which automatically adds the certification.

Digital ID Installation Process to Decrypt Outlook Email Data

• Step 1. Click on the File tab of Outlook and select Trust Center from the options
• Step 2. Select the Email Security tab from the Trust Centre Settings
• Step 3. Under the Encrypted Email section, click on the Settings button and choose New for the security preference
• Step 4. Enter the Name for the security settings and select S/MIME for the cryptographic format list
• Step 5. Click the Choose button and select the valid certificate for the Digital Signature
• Step 6. At last, mark the checkbox corresponding to “Send these certificates with the signed messages”.

After the successful installation of the Digital ID, one can easily start with the email encryption process directly.

Now, in the upcoming section, we will describe how to encrypt Outlook emails. Encryption covers attachments as well so you must keep this in mind while finding attachments in Outlook email chain investigation.

Encryption of Individual Outlook Emails

• Step 1. Navigate to the Options tab from the Outlook application and select Dialog Box Launcher from the More option
• Step 2. Now, click the Security Setting button from the Properties window
• Step 3. Enable the Encrypt Message Contents and Attachment options from the Security properties
• Step 4. After this, you can write and send an email, this auto-encrypts the entire message. Only the recipient can view the encrypted form.

How to Remove Encryption From Outlook Email

With the following steps, one can encrypt all their Outlook emails. Before implementing this procedure, a user must ensure that all their recipients have the same Digital ID to decrypt the Outlook emails.

• Step 1. Click on the File tab and go to Trust Center from Options
• Step 2. Select the Email Security tab from the Trust Center Settings
• Step 3. Go to the Encrypted Email section and mark the checkbox that corresponds to the Encrypt Contents and Attachments for Outgoing Messages option
• Step 4. Now, click OK. To change the Encryption options, click on the Settings button.

With the aforementioned procedure, one can efficiently encrypt Outlook emails. Encryption does not prevent you from searching keywords in Outlook. Now, from the below section, we will understand the tactics used to decrypt the Outlook message, which requires the same digital certificate.

Procedure to Decrypt Outlook Email with S/MIME/OpenPGP Encryption

Most of the time, for security reasons, users tend to encrypt confidential email messages. As a result, investigators need to perform the decryption process, which requires a decryption key. Without the keys, it is not possible to remove encryption from the encrypted Outlook emails.

The following are the steps to remove encryption from the Outlook email using the remarkable email forensic software named MailXaminer.

Step 1. Launch the software, and click the Add New Evidence option to upload the email data file.

Step 2. Then, under the Email Client tab, select Microsoft Outlook for email decryption and Press Next.

Step 3. Enable the Detect Digital Signature and encryption option and remove the encryption option from the Decryption Settings section, as shown in the image below.

• Detect Digital Signature and Encryption: This will help to detect the digital signs and encrypted emails from the mailbox.
• Remove Encryption: This option allows you to decrypt Outlook email messages.

Step 4. Users can decrypt via the Add Keys option or the Upload CSV option.

Step 5. Select the Add Keys option and choose the appropriate encryption that corresponds to the file i.e., S/MIME or OpenPGP.

After that, provide the Key File and Password of the respective file to remove encryption from Outlook email. Users can also add multiple keys here using the Add Additional Keys option.

Step 6. Upload a CSV file to decrypt Outlook email evidence with multiple keys. You need to choose the Upload CSV radio button from the Decryption Settings section and browse the corresponding CSV file.

Once the process is complete, switch to the search screen to view the unencrypted data. Through this software, an examiner will also be able to trace email sender IP address in Outlook while investigating a decrypted email message thoroughly.

Final Words

It is quite challenging for forensic investigators to examine encrypted Outlook emails. Hence, there comes a need to decrypt Outlook email. One can seamlessly rely on the steps mentioned in this article to remove encryption from the Outlook message. Moreover, to decrypt SMIME/ OpenPGP encrypted emails, it is a wise option to avail the result-oriented above-mentioned tool.

Frequently Asked Questions

Q1. Why am I not seeing the encryption/decryption setting in my Outlook app?

The ability to encrypt emails unlocks only after you subscribe to a Microsoft 365 plan. Another reason could be that admins have disabled the feature from their end.
If you have a premium version of the business plan then ask the person with global administrator permissions to open an Exchange Online PowerShell and type

Set-IRMConfiguration -SimplifiedClientAccessEnabled $true

Q2. How to disable encryption in classic Outlook at the user level?

First of all, understand that disabling encryption is different from decryption. The former means to end encryption ability in all further user-generated messages while the latter means to undo any encryption on the message itself.
The following steps allow users to do away with the encryption options on Outlook.

However, do so with extreme caution as this involves changes in the Windows Registry, any unintended changes can make the apps dysfunctional.
These steps disable your ability to apply encryption. Moreover, any emails received from outside are not bound to this change.

• Open Registry Editor, go to:

  HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\DRM

• Click Edit > New > select DWORD (32-bit) Value.
• Type DisableEO, and hit the Enter key.
• Right-click DisableEO, and select Modify.
• Inside the Value data box, put 1, and click OK.
• Click Edit > New > select String Value.
• Type DefaultPermissionTemplateGuid, and hit the Enter key.
• Right-click DefaultPermissionTemplateGuid, and hit Modify.
• Inside the Value data box, put irmdnf, and click OK.
• Close Registry Editor.