This is a Frequently Asked Question: "How can my program send encrypted email to customers that use a mail client such as Outlook or Thunderbird. Is there a simple means for the customer to decrypt the messages?"
Answer: Outlook, Outlook Express, and Mozilla Thunderbird are capable of decrypting emails using digital certificates. Each potential recipient needs his/her own digital certificate with public and private keys. A digital certificate can be purchased from a Certificate Authority. Some certificate authorities offer free personal email certificates that expire after one year. It is also possible to generate your own using certain development tools. However, certificates created independently do not have a trusted root. The potential recipient must obtain the certificate (typically as a .pfx file), install it, and setup his/her email client (Outlook, Thunderbird) to use it. The digital certificate is typically linked to an email address, so a single certificate is not typically used for more than one email address.
The certificate can then be exported to a .cer file. The .cer file does not include the private key. The .cer file can be sent to anybody wishing to send encrypted email to that person. It only requires the public key to encrypt, but it requires the private key to decrypt. Therefore, only the holder of the original issued certificate can read the encrypted email.
If you are planning to send encrypted email to your customers, it obviously requires significant technical infrastructure to be installed at each customer. Also, the tools provided by Microsoft’s OS are by no means simple. The average non-technical person is probably not capable of setting up his/her email environment without technical assistance.
Remember: This discussion applies to the situation where the email receiver is using a standard email client such as Outlook to receive email. If the recipient is using a custom application developed by you and under your control, your options are not so limited.
