How to Encrypt Emails in Microsoft Outlook

Outlook is one of the most popular Windows email clients used by many professionals and businesses. As such, there will be times when you want to send sensitive emails or confidential documents while ensuring that only the intended recipient can access them. Sure, almost all the major email services use email encryption (SSL/TLS) to make sure that it is safe and secure. However, more often than not, this type of encryption can only protect the email when it is moving through the Internet. When your email is in the resting state. i.e. in your inbox, anyone with access to your email account can read it.

To make sure that only the intended recipient can access your email, you can further encrypt the email using GPG (GNU Privacy Gaurd) to use public and private keys to encrypt emails. Here’s how to encrypt emails in Outlook using GPG.

Encrypt Emails in Outlook Email Client

To encrypt emails in Outlook we are going to use a free software called Gpg4win which supports OpenPGP. Download and install Gpg4win like any other software. The software will install the required plugin to encrypt and decrypt email within the Outlook email client.


Once installed, search for “Kleopatra” in the Start menu and open it. Here, you can create your own keyring and import any public keys as needed.


After opening Kleopatra, navigate to “File,” and then select the option “New Certificate.”


In this window select the first option, “Create a personal OpenPGP key pair” and click on the “Next” button.


Here, enter your name and email address you want to create the keyring for. The key pair will be tied to this email address.


Now, review your certificate parameters and click on the “Create Key” button.


Enter a strong password for your key pair and click on the “OK” button. You will be prompted to re-enter the password; just enter the same password to continue.


The above action will create your key pair that contains both your public and private keys. By clicking on the “Make a Backup Of Your Key Pair” button, you can create a backup of the key pair for safekeeping.


Publick Key: The public key is used to encrypt the email. As such, you can share your public key however you want. If someone wants to send you an encrypted email, they have to use your public key to encrypt the said email.

Private Key: The private key is used to decrypt the encrypted email. You should never ever share your private key. Moreover, your private key can only decrypt emails that are encrypted with your public key.

To export the public key, select your certificate in the main window, and click on the “Export Certificate” button.


Select the destination and click on the “Save” button. By default, the file fingerprint will be used as the name. You can change the file name if needed.


Once exported and saved, you can distribute the public in any method you want like in forums, on your website, etc.

Like I said before, if you want to send an encrypted email, you have to use the target recipient’s public key to encrypt the email. Before you can do that, you have to import the public key of the recipient.

To do that, ask them to give you their public key and download it. In the main window of Kleopatra click on the “Import Certificate” button. Now, browse and select the certificate.


The above action will import the public key. Before you can use it, you need to trust it. To do that, navigate to the “Imported Certificates” tab in the main window. Right-click on the certificate you just imported and the select the option “Change Owner Trust.”


Now, select the “I believe checks are very accurate” radio button and click “OK.”


Again, right-click on the certificate and select the option “Certify Certificate.”


Here, select both the checkboxes as indicated and click “Next.”


Select the “Certify only for myself” radio button, and click the “Certify” button.


You will be prompted for your password that you entered while creating the key pair. Enter the password and click “OK.”


You will see the confirmation window. Click “Finish” to close the window.


Once you are done importing the public key, you can use it to encrypt the email for that specific user using your Outlook client.

To encrypt the email, open the Outlook client and compose a new email like you always do. After composing the email, navigate to the “GpgOL” tab, and then click on the  “Encrypt” button.


As soon as you click on the button, Gpg4win will encrypt the email if you have the public key of the target email address. Once encrypted, this is how it looks. The intended recipient will be able to decrypt this email using his/her private key.


If someone sent you an email encrypted with your public key, Outlook will prompt you for the password that you entered while creating the key pair. Just enter the password and click on the “OK” buttom.


If everything goes well, you will see the decrypted message in your Outlook client.


It is that simple to send and receive encrypted emails using Outlook email client. Again, never ever share your private with anyone.

Do comment below sharing your thoughts and experiences about using the above method to encrypt emails in the Outlook email client.

Vamsi Krishna Vamsi Krishna

Vamsi is a tech and WordPress geek who enjoys writing how-to guides and messing with his computer and software in general. When not writing for MTE, he writes for he shares tips, tricks, and lifehacks on his own blog Stugon.


  1. When it comes to Microsoft email clients (Outlook, OE, Mail), I prefer S/MIME encryption. It is drop dead simple to set up and use. First, get an S/MIME email certificate. There are free email certificates from Comodo and StartSSL, but it is probably better to get a paid option. You can generate a certificate using OpenSSL in your PC then get the certificate authority to certify and sign it. Then just import the certificate to your email client and it’s already good to go. S/MIME is built-in to all major email clients.

    My main email addresses (personal and company) have both S/MIME and GPG encryption keys, but 99% of the time, I use S/MIME. In our office, all of our company emails use Thunderbird as email clients and all have S/MIME email certificates, and the email clients are set-up that all of our internal email communications are automatically encrypted (and all of our desktops have FDE).

    1. Ah..but is there a way to toggle encryption on and off with a single “hot Key”? I’d like to encrypt for some recipients, but not all, (maybe 10 or so each day out of several hundred?)..

      1. There probably is, but since I’m using TBird, I can’t say if it’s a hotkey or a button in Outlook. But I know it’s there, I used to use Outlook 2003. In TBird’s compose email window, there is a prominent S/MIME button to toggle digital signing and encryption.

  2. I’m a novice on encryption. Does this mean that:

    1. All future email to this recipient is encrypted, including “Meet me at McSorly’s after work”?

    2. Does this allow access for both parties on synched mobile devices?


    1. I think you can make rules to encrypt all future emails to Recipient X or to manually encrypt each message as you send it.

      You need to have an email app on your mobile device that can use OpenPGP keys, and you must import the keys to that app. Otherwise, you may be able to access the message (assuming your email is set up with IMAP) but you will not be able to decrypt it.

  3. I am with Dan on this and will continue to use S/MIME encryption over this self proclaimed “easy” way. Since both parties have to install and setup this software I fail to see how it is dead simple as you say?

    For your info Dan: No you do not have to get a paid cert to ensure the security. The two free options you listed offer a very robust cert and while they may be free, they are still using 2048 encryption and that is all you need to ensure when choosing a service to get a key. The reason paid versions cost what they do is because the services that guarantee them and tell the receiving software (or browser) they are secure do so with liability that the cert is a true encryption algorithm. While you are not afforded the same guarantee with a free cert, as long as they follow the rules they are just as secure as the expensive alternative.

    1. @Kevin

      I have used both free options before and I have no doubt that they are very secure. The problem is that the free options have a one year expiration date. So when it expires, you will have to re-generate new keys. With a paid option, you can pay to extend its validity for additional years.

      And BTW, for StartSSL, you can choose to generate your own private keys using OpenSSL, and choose to generate 4096 bit keys. Just upload the public key certificate, and StartSSL will sign it.

      Or, and I noticed this behavior years ago so it might not be valid anymore, you can use IE to generate 4096bit keys if you choose the secure option. I have not tested this on MS Edge. On Firefox and Chrome, it will always generate 2048 bits.

  4. Hi Vamsi,
    nice article and it is the same way I came to encryption.

    But in the long term gpgol is quite unstable. You should give gpg4o a try – much easier to use and also free (at least for private use).


  5. This brings back nightmares of Bob & Alice.
    I think you would need very strong motivation to even consider any form of encryption.
    After all the “simple explanation” here ran to 8 scrolled screens & countless images.
    I also believe most of my friends would think I had lost my mind if I began asking for their public keys.

  6. I used to use free software before but I had bad experience. Now I use this: and in my opinion the safest way to encrypt files

Comments are closed.