Our forms work with all email clients that support PGP encryption. However, MS Outlook does not have its own built-in support for PGP end-to-end encryption, but can be supplemented with a third-party solution.
NOTE! Microsoft has replaced the former Hotmail client with a new slimmed-down free Outlook version that should not be confused with the professional Outlook version offered via Office365/Microsoft365 that this article is about. The free version is directly unsuitable for handling any sensitive information and is also not supported by the third-party add-ons mentioned here.
Microsoft Outlook together with Exchange/Office365/Microsoft365 is one of the world’s most used e-mail clients. But, like most other similar services, is an important source of data collection for various purposes. And Microsoft, like all other providers, is required by local law to give authorities access to data.
Microsoft offers encryption. But here, as always, whoever has access to your private keys has access to your encrypted data. Outlook therefore does not offer secure e-mail but can be used as a client for our e-mail forms if a third-party extension for PGP is installed.
IMPORTANT! All email handled by Outlook is seen by your email provider, even if you use their encryption. Since the form content is end-to-end encrypted (E2EE) with our service, the content itself is protected. However, the transport and amounts of metadata are logged by your email provider. Do not use this solution if untraceability is important to you! We recommend Proton Mail if our service is used as a whistleblower channel!
We’ve tested a selection of third-party solutions for PGP in Outlook. Several perfectly fine, but we’re recommend Encryptomatic, which offers OpenPGP Desktop With Microsoft Outlook Add-in , an easy-to-use solution that’s free for personal use and independent journalists.
Encryptomatic OpenPGP integrates tightly with the Microsoft Outlook menu system and the Windows desktop, delivering PGP email and file encryption in a way that even non-technical users can handle.
To use Outlook with Encryptomatic OpenPGP as a recipient of the form data from our secure web forms:
- Go to Encryptomatic OpenPGP:s webbplats , download and install the extension according to the page’s instructions.
- A complete set of PGP keys is created during installation. However, we recommend that you create your own set of keys that you only use with our service, please use our online service and follow this instruction to import your new key. You can use multiple PGP keys for the same email address.
- Export the public key to a file if you are using an already installed key pair, or use the public key you received when you created the key pair yourself, and use this in your ANON::form account along with the email address associated with the key.
- In the LITE control panel; open the downloaded file in a text editor, enter the email address associated with the key in the “Recipient email” field and copy the contents of the file with your public key into the “PGP public key” field.
IMPORTANT! Be sure to create strong passwords for the keys and store them in at least two or more secure places. If you lose the password for a key, there is no way to recreate the password, all data encrypted with the key is irretrievably lost. Also, always save a copy of your private key in the same way.
IMPORTANT! Key files are text files that, regardless of the file extension, must be opened in a text editor (such as Notepad in Windows) that displays plain text in the Unix (LF) UTF-8 format, without formatting, when you copy the content. You cannot therefore use a normal word processor such as Word for this.
IMPORTANT! Be sure to use the correct email address for the public key you use for your web forms as they are linked. So you cannot use a PGP key pair for any other e-mail address than the one for which the key pair was created.
We also recommend that you use a dedicated email address that is only used to receive form data. So do not use the same e-mail address that you use to receive form data to, for example, communicate with the person who submitted the form.