I decided a couple weeks ago to create an e-mail encryption program for Outlook 2003. I know that Outlook 2003 already does this through Digital ID's but I wanted to learn more about e-mail encryption and this would give me a chance to test out Visual Studio Tools for Office 2005 (VSTO). Oh did I mention that it is also to fulfill a project requirement for my Applied Cryptography class at Dakota State University (DSU)?? Truthfully I've always wanted to fool around with the Outlook 2003 API and this project was perfect plus VSTO made it easier for me to do it.
After downloading some Outlook VSTO samples to learn the API, I discovered that working with the API shouldn't be too hard. I started off by creating a working prototype of what the encryption manager would do. This prototype was just a regular C# Windows application mainly to make sure that en/decryption and key creation would run smoothly without error when I bring it over to the Outlook application project. After creating the necessary form controls I focused my thoughts on which encryption algorithm I should use and how it would work with Outlook. I decided to go with the RSA public key encryption algorithm, because it was modern and used public and private keys. I knew I wanted to use public and private keys because I wanted the email account to have its own private key and have the ability to distribute a public key to whomever he/she desires. I sat down and wrote out the classes required and shortly I had a program encrypting and decrypting text. I then needed a place to store these keys, which I did so under the users My Documents\My Keys folder. I know this isn't a secure place to store these keys but then I'm not trying to create a commercial application.
Now that I have the encryption manager prototype working how I want it, I then proceeded to create an Outlook Add-In project and brought over the code and form from the prototype. I then created some menu items as detailed in the Outlook samples and shortly there after I had my encryption manager displaying in Outlook. The next task was to interact with contacts the user has by adding them to drop down lists. This is so that public keys can be sent to those contacts and public keys received would be associated with the contacts. I decided then to store the public key in the contacts properties.
I would have liked to use S/MIME to send and encrypt messages but due to the installation of Office SP1 I'm not allowed access to the headers in an email and I didn't want to purchase a 3rd party control to allow me to do so. Instead I decided to use my own subject line to designate an email as containing a public key. I wanted to do this so that I could wire up an event when a new email is received to automatically add the sender's public key to the senders contact information. After looking at another Outlook 2003 Add-In sample I was able to add this in.
This currently brings me to the point I'm at now. I'm currently in a little predicament where I cannot get the application installed on another computer. (Outlook Add-In project automatically adds an installer to the project.) It installed fine on my development computer and I'm running caspol to create the necessary permissions to run it. I've also made sure the following were installed .Net 2.0, Office PIA, and VSTO runtime. I'm not sure what else I'm missing. On another note it has installed fine with any computer that has Visual Studio 2005 installed, just not computers that don't have it installed. However to require VS 2005 as an installation requirement just doesn't make sense.
Does anyone know what else needs to be installed to get it working?
(While creating links I found an Office Update that might not be installed on the client computers. I'll give it a shot and write back an update.)
Parts to be Completed:
- Adding Encryption and Decryption buttons to an Outlook Email.
I'll post the setup file in the files area when I've completed.