The PEM Agent Microsoft Outlook plugin allows you to automatically compress message attachments into a ZIP file when sending email messages or meeting requests using Microsoft Outlook. You can also encrypt and sign message attachments, as well as the message itself (though not a meeting request), using current settings for encrypting and signing. When you encrypt attachments, PEM Agent zips the attachments a bit differently depending on whether you also encrypt the message.
Zip and Encrypt Attachments but Not the Message Body
When you send a message and zip attachments, PEM Agent compresses and adds the attachments to a ZIP file and sends this in place of the original, uncompressed files. If you turn on Encrypt attachments (see the table of outgoing mail options, below), PEM Agent also encrypts the attachments. The ZIP file is given the name specified in the Default ZIP name option (see below) if it contains multiple files or if the Encrypt file names option is on. With a single file attachment, the ZIP file is ordinarily named after the attached file.
Zip and Encrypt the Message Body Too
With the Encrypt message body option checked, the PEM Agent encrypts the body of your email message in addition to file attachments. The PEM Agent first converts your message with its attachments into a single MIME-format.eml file and then encrypts and zips this file. The name of the .eml file, like the name of the containing ZIP file, is based on the subject of the message plus a timestamp: for example, My message subject 2015-10-05 14_19_27.EML.
If the subject is blank or contains any non-ASCII characters, the word PKMESSAGE is used instead. For example: PKMESSAGE 2015-10-05 14_19_27.EML.
Receiving and Opening an Encrypted Message
When your message is received and opened but is not yet decrypted, a message recipient sees only an announcement that the attached ZIP file contains a message encrypted by the PEM Agent. The announcement informs that PEM Agent can be used to extract your message.
A recipient who does not have PK Protect can use ZIP Reader to decrypt and extract the .eml file that contains your real message and encrypted attachments. The .eml file can then be opened manually (for example, by double-clicking it in Windows Explorer) in an email program such as Outlook. Opening the .eml file decrypts and displays your real message and makes any attachments accessible.
For a message recipient who has Outlook and SecureZIP 11 or later, the PEM Agent automatically prompts for any necessary passphrase, decrypts and displays your real message in Outlook if the recipient has turned on the option Automatically decrypt messages when read (see the table of incoming mail options below). Any attachments are also extracted and listed just as if neither message nor attachments had ever been zipped.
If the Prompt before automatically decrypting option is checked, the PEM Agent asks first whether to decrypt.
Any message recipient who has the PEM Agent or SecureZIP 11 or later can also open an .eml message file manually (for example, by double-clicking it) either in the PEM Agent or after extracting it. Manually opening an .eml file in the PEM Agent displays its message, with any attachments, in the internal the PEM Agent MIME viewer, by default, or in whatever program is associated with .eml files on the user's system (for example, Outlook).
Note: The option to use the PKWARE MIME viewer with .eml files is a check box on the General page of Miscellaneous options. The MIME viewer displays the message and lists attachments in a conventional message window, but the viewer is not an email program: You cannot, for example, reply to a message directly from the MIME viewer. The viewer is provided because it may be more convenient than Outlook for recipients who do not already use that program. The first time it is run, Outlook presents several configuration dialogs before displaying the message in an .eml file.
An encrypted message is stored encrypted in Outlook: it must be decrypted each time it is read. Someone who opens an encrypted message but does not decrypt it sees only the announcement explaining how to view it.
You set options to control how mail attachments are handled on the General page of Mail options. Options to control which types of files are zipped and whether attachments totaling less than a certain size are zipped at all are presented on the Filter page.
To set general options for PEM Agent Attachments:
1. Select Options from the Application menu.
2. Select the Mail category.
3. On the General page, check boxes to select the options you want.
Outgoing Mail Options
You can set the outgoing mail options listed in the table below.
What It Does
Turns on PEM Agent Attachments: Causes the PEM Agent to compress attachments into a ZIP file and attach the ZIP file in place of the original attached files.
Prompt before ZIPPING
Causes the PEM Agent to ask first before zipping mail attachments. In the prompt dialog, you can specify a name for the ZIP file and set or unset options to encrypt attachments (or message body), digitally sign, include UNZIP instructions, and turn off future prompting.
Prompt before performing 'Always ZIP'
Causes the PEM Agent to ask you to confirm that you want to zip an attachment when both of the following are true:
The file type of the attachment is listed in the Always zip control (on the Filters page of Mail options)
Zipping is turned off or another option is set that would normally cause the attachment not to be zipped
This setting controls whether the PEM Agent encrypts attached files when adding them to the ZIP file. By itself, the setting applies only to files that are not already ZIP archives. To encrypt (or re-encrypt) ZIP archives that you attach, set this option and also set Re-encrypt attachments (see below).
The PEM Agent encrypts attachments, using the current settings (for method, algorithm, and so on) on the ZIP page or OpenPGP page of Security options, even if Encrypt files is not checked on that page. If Encrypt attachments is unchecked, the PEM Agent does not encrypt attachments.
Encrypt message body
Converts your message along with any attachments into a single MIME-format .eml file, encrypts the .eml file, and places it in a ZIP file attachment. Message recipients see an announcement that the attached ZIP file contains an encrypted form of your message. The announcement explains how to extract and view your message.
If you receive such a message, the PEM Agent automatically decrypts and opens it in Outlook if you set the PEM Agent incoming mail option (see below) Automatically decrypt messages when read.
Note: To use this option with Outlook requires Outlook 2002 or later.
Enables you to change the encryption on existing ZIP archives that you attach to an email message. Use when you want to send or forward a ZIP archive that may not be encrypted for the people you want to send it to. This option must be set if you want the PEM Agent to encrypt existing archives. Set Encrypt attachments (see above) to enable this option.
Auto-search for recipients
Automatically takes everyone named on the TO:, CC:, or BCC:lines of the outgoing email message and adds them to the recipient list for an encrypted attachment. Set Encrypt attachments (see above) to enable this option.
If the PEM Agent cannot find a certificate for every recipient, the PEM Agent gives you the following options:
Encrypt with passphrase for recipients without a certificate
Encrypt only for recipients for whom certificates were found
Do not encrypt the attachment
Note: When this option is checked and you send a message with a zipped attachment, a Microsoft Outlook warning dialog may open to display a message that a program is trying to access email addresses you have stored in Outlook. The dialog asks if you want to allow this.
It is normal for this dialog to appear if you are encrypting an attachment with a recipient list. In the dialog, check the box Allow access for 1 minute and choose the Yes button to proceed. If you are encrypting for a large number of recipients, you may need to change 1 minute to a longer period in the dialog.
This setting controls whether the PEM Agent digitally signs attachments. If the box is checked, the PEM Agent signs attachments, using the current settings on the ZIP page or OpenPGP page of Security options, even if Sign files is not turned on in Security options. If Sign attachments is unchecked, the PEM Agent does not sign attachments.
Include UNZIP instructions
Causes the PEM Agent to include with any zipped attachment a small, additional attachment with instructions on how to download the free ZIP Reader by PKWARE application to use to unzip ZIP files
Default ZIP name
The PEM Agent gives the same, generic name to all ZIP file attachments that contain multiple files. In this field, specify the generic name to use.
When you zip a single attached file, ordinarily the ZIP file is named after the attached file itself. For example, if the attached file is my_file.doc, The PEM Agent names the ZIP file my_file.zip. (Exception: If the Security option to Encrypt file names is set, the generic name is always used, even if option Use original name for single attachments is set [see below] and the attachment contains a single file.)
Following the Default ZIP Name, you can also define an alternate three-character extension for ZIP archives. Some networks have security settings that prevent file attachments with the ZIP extension from being sent or received. Use this feature if this is an issue for you or your recipient.
Use original name for single attachments
This option affects zipped file attachments that contain a single file. The option tells the PEM Agent to name the file attachment after the file it contains (unless the Security option to Encrypt file names is set, in which case the generic, default ZIP name is used).
Uncheck the option to use the default ZIP name (see the option just above) for all zipped attachment files.
Keep options in sync with Outlook ribbon buttons
Check this box to ensure that if you change The PEM Agent options (encrypt or sign) in Outlook, this option will change in The PEM Agent Options as well. Note that if you check this box to synchronize the options, the PEM Agent may take longer to load.
Incoming Mail Options
The table below lists options for working with email you receive that the sender encrypted using the PEM Agent with the Encrypt message body option set.
Note: For these options to work, you must have Outlook 2002 or later.
What It Does
Automatically decrypt messages when read
Automatically decrypts and displays email messages that the sender encrypted using the PEM Agent with the option Encrypt message body set. Decrypted messages are opened in Outlook.
Prompt before automatically decrypting
Asks whether to decrypt and display an email message that the sender encrypted using the PEM Agent with the option Encrypt message body set. The prompt displays when you open the message in Outlook. If you choose No, only the cover announcement that the message is encrypted by the PEM Agent can be read.
Smartkey Auto-search for recipients:
Smartkey Exact Match: The client's ability to find a Smartkey that contains participants (and only the participants) included in the Smartkey access list.
Certificate Exact Match: The client's ability to find certificates for all of the recipients included in the email.
Encryption Dialog: The standard the PEM Agent encryption dialog that allows for passphrase(s), certificates, and Smartkeys.
|Policy Rule(s)||1 Smartkey Exact Match||2+ Smartkey Exact Matches Found||0 Smartkey Exact Match Found||Certificate Exact Match Found||Certificate Exact Match Not Found|
|No prompt occurs|
|N / A||N / A|
|No prompt occurs|
|No prompt occurs|
|N / A||N / A||N / A||No prompt occurs|
Certificate Prompt Opens: