The PK Endpoint Agent Microsoft Outlook plugin allows you to automatically compress message attachments into a ZIP file when sending email messages or meeting requests using Microsoft Outlook. You can also encrypt and sign message attachments, as well as the message itself (though not a meeting request), using current settings for encrypting and signing. When you encrypt attachments, PK Endpoint Agent zips the attachments a bit differently depending on whether you also encrypt the message.
Zip and Encrypt Attachments but Not the Message Body
When you send a message and zip attachments, PK Endpoint Agent compresses and adds the attachments to a ZIP file and sends this in place of the original, uncompressed files. If you turn on Encrypt attachments (see the table of outgoing mail options, below), PK Endpoint Agent also encrypts the attachments. The ZIP file is given the name specified in the Default ZIP name option (see below) if it contains multiple files or if the Encrypt file names option is on. With a single file attachment, the ZIP file is ordinarily named after the attached file.
Zip and Encrypt the Message Body Too
With the Encrypt message body option checked, the PK Endpoint Agent encrypts the body of your email message in addition to file attachments. The PK Endpoint Agent first converts your message with its attachments into a single MIME-format.eml file and then encrypts and zips this file. The name of the .eml file, like the name of the containing ZIP file, is based on the subject of the message plus a timestamp: for example, My message subject 2015-10-05 14_19_27.EML.
If the subject is blank or contains any non-ASCII characters, the word PKMESSAGE is used instead. For example: PKMESSAGE 2015-10-05 14_19_27.EML.
Receiving and Opening an Encrypted Message
When your message is received and opened but is not yet decrypted, a message recipient sees only an announcement that the attached ZIP file contains a message encrypted by the PK Endpoint Agent. The announcement informs that PK Endpoint Agent can be used to extract your message.
A recipient who does not have PK Protect can use ZIP Reader to decrypt and extract the .eml file that contains your real message and encrypted attachments. The .eml file can then be opened manually (for example, by double-clicking it in Windows Explorer) in an email program such as Outlook. Opening the .eml file decrypts and displays your real message and makes any attachments accessible.
For a message recipient who has Outlook and SecureZIP 11 or later, the PK Endpoint Agent automatically prompts for any necessary passphrase, decrypts and displays your real message in Outlook if the recipient has turned on the option Automatically decrypt messages when read (see the table of incoming mail options below). Any attachments are also extracted and listed just as if neither message nor attachments had ever been zipped.
If the Prompt before automatically decrypting option is checked, the PK Endpoint Agent asks first whether to decrypt.
Any message recipient who has the PK Endpoint Agent or SecureZIP 11 or later can also open an .eml message file manually (for example, by double-clicking it) either in the PK Endpoint Agent or after extracting it. Manually opening an .eml file in the PK Endpoint Agent displays its message, with any attachments, in the internal the PK Endpoint Agent MIME viewer, by default, or in whatever program is associated with .eml files on the user's system (for example, Outlook).
Note: The option to use the PKWARE MIME viewer with .eml files is a check box on the General page of Miscellaneous options. The MIME viewer displays the message and lists attachments in a conventional message window, but the viewer is not an email program: You cannot, for example, reply to a message directly from the MIME viewer. The viewer is provided because it may be more convenient than Outlook for recipients who do not already use that program. The first time it is run, Outlook presents several configuration dialogs before displaying the message in an .eml file.
An encrypted message is stored encrypted in Outlook: it must be decrypted each time it is read. Someone who opens an encrypted message but does not decrypt it sees only the announcement explaining how to view it.
You set options to control how mail attachments are handled on the General page of Mail options. Options to control which types of files are zipped and whether attachments totaling less than a certain size are zipped at all are presented on the Filter page.
To set general options for PK Endpoint Agent Attachments:
1. Select Options from the Application menu.
2. Select the Mail category.
3. On the General page, check boxes to select the options you want.
Outgoing Mail Options
You can set the outgoing mail options listed in the table below.
What It Does
Turns on PK Endpoint Agent Attachments: Causes the PK Endpoint Agent to compress attachments into a ZIP file and attach the ZIP file in place of the original attached files.
Prompt before ZIPPING
Causes the PK Endpoint Agent to ask first before zipping mail attachments. In the prompt dialog, you can specify a name for the ZIP file and set or unset options to encrypt attachments (or message body), digitally sign, include UNZIP instructions, and turn off future prompting.
Prompt before performing 'Always ZIP'
Causes the PK Endpoint Agent to ask you to confirm that you want to zip an attachment when both of the following are true:
The file type of the attachment is listed in the Always zip control (on the Filters page of Mail options)
Zipping is turned off or another option is set that would normally cause the attachment not to be zipped
This setting controls whether the PK Endpoint Agent encrypts attached files when adding them to the ZIP file. By itself, the setting applies only to files that are not already ZIP archives. To encrypt (or re-encrypt) ZIP archives that you attach, set this option and also set Re-encrypt attachments (see below).
The PK Endpoint Agent encrypts attachments, using the current settings (for method, algorithm, and so on) on the ZIP page or OpenPGP page of Security options, even if Encrypt files is not checked on that page. If Encrypt attachments is unchecked, the PK Endpoint Agent does not encrypt attachments.
Encrypt message body
Converts your message along with any attachments into a single MIME-format .eml file, encrypts the .eml file, and places it in a ZIP file attachment. Message recipients see an announcement that the attached ZIP file contains an encrypted form of your message. The announcement explains how to extract and view your message.
If you receive such a message, the PK Endpoint Agent automatically decrypts and opens it in Outlook if you set the the PK Endpoint Agent incoming mail option (see below) Automatically decrypt messages when read.
Note: To use this option with Outlook requires Outlook 2002 or later.
Enables you to change the encryption on existing ZIP archives that you attach to an email message. Use when you want to send or forward a ZIP archive that may not be encrypted for the people you want to send it to. This option must be set if you want the PK Endpoint Agent to encrypt existing archives. Set Encrypt attachments (see above) to enable this option.
Auto-search for recipients
Automatically takes everyone named on the TO:, CC:, or BCC:lines of the outgoing email message and adds them to the recipient list for an encrypted attachment. Set Encrypt attachments (see above) to enable this option.
If the PK Endpoint Agent cannot find a certificate for every recipient, the PK Endpoint Agent gives you the following options:
Encrypt with passphrase for recipients without a certificate
Encrypt only for recipients for whom certificates were found
Do not encrypt the attachment
Note: When this option is checked and you send a message with a zipped attachment, a Microsoft Outlook warning dialog may open to display a message that a program is trying to access email addresses you have stored in Outlook. The dialog asks if you want to allow this.
It is normal for this dialog to appear if you are encrypting an attachment with a recipient list. In the dialog, check the box Allow access for 1 minute and choose the Yes button to proceed. If you are encrypting for a large number of recipients, you may need to change 1 minute to a longer period in the dialog.
This setting controls whether the PK Endpoint Agent digitally signs attachments. If the box is checked, the PK Endpoint Agent signs attachments, using the current settings on the ZIP page or OpenPGP page of Security options, even if Sign files is not turned on in Security options. If Sign attachments is unchecked, the PK Endpoint Agent does not sign attachments.
Include UNZIP instructions
Causes the PK Endpoint Agent to include with any zipped attachment a small, additional attachment with instructions on how to download the free ZIP Reader by PKWARE application to use to unzip ZIP files
Default ZIP name
The PK Endpoint Agent gives the same, generic name to all ZIP file attachments that contain multiple files. In this field, specify the generic name to use.
When you zip a single attached file, ordinarily the ZIP file is named after the attached file itself. For example, if the attached file is my_file.doc, The PK Endpoint Agent names the ZIP file my_file.zip. (Exception: If the Security option to Encrypt file names is set, the generic name is always used, even if option Use original name for single attachments is set [see below] and the attachment contains a single file.)
Following the Default ZIP Name, you can also define an alternate three-character extension for ZIP archives. Some networks have security settings that prevent file attachments with the ZIP extension from being sent or received. Use this feature if this is an issue for you or your recipient.
Use original name for single attachments
This option affects zipped file attachments that contain a single file. The option tells the PK Endpoint Agent to name the file attachment after the file it contains (unless the Security option to Encrypt file names is set, in which case the generic, default ZIP name is used).
Uncheck the option to use the default ZIP name (see the option just above) for all zipped attachment files.
Keep options in sync with Outlook ribbon buttons
Check this box to ensure that if you change The PK Endpoint Agent options (encrypt or sign) in Outlook, this option will change in The PK Endpoint Agent Options as well. Note that if you check this box to synchronize the options, the PK Endpoint Agent may take longer to load.
Incoming Mail Options
The table below lists options for working with email you receive that the sender encrypted using the PK Endpoint Agent with the Encrypt message body option set.
Note: For these options to work, you must have Outlook 2002 or later.
What It Does
Automatically decrypt messages when read
Automatically decrypts and displays email messages that the sender encrypted using the PK Endpoint Agent with the option Encrypt message body set. Decrypted messages are opened in Outlook.
Prompt before automatically decrypting
Asks whether to decrypt and display an email message that the sender encrypted using the PK Endpoint Agent with the option Encrypt message body set. The prompt displays when you open the message in Outlook. If you choose No, only the cover announcement that the message is encrypted by the PK Endpoint Agent can be read.
Smartkey Auto-search for recipients:
Smartkey Exact Match: The client's ability to find a Smartkey that contains participants (and only the participants) included in the Smartkey access list.
Certificate Exact Match: The client's ability to find certificates for all of the recipients included in the email.
Encryption Dialog: The standard the PK Endpoint Agent encryption dialog that allows for passphrase(s), certificates, and Smartkeys.
|Policy Rule(s)||1 Smartkey Exact Match||2+ Smartkey Exact Matches Found||0 Smartkey Exact Match Found||Certificate Exact Match Found||Certificate Exact Match Not Found|
|No prompt occurs|
|N / A||N / A|
|No prompt occurs|
|No prompt occurs|
|N / A||N / A||N / A||No prompt occurs|
Certificate Prompt Opens: