Secure e-mail with Windows Mobile 6

Last update: Feb 19, 2008

Executive summary

Both Windows Mobile 5.0 and 6 support S/MIME secure e-mail. But:

Windows Mobile 5.0 and 6 do NOT support S/MIME with Internet standard compliant SMTP servers. You are forced to use Microsoft Exchange Server.
Windows Mobile 5.0's support of S/MIME is seriously flawed. Security is very low. You should not use it for secure e-mail (details).

1.1 Introduction

So you want to encrypt and/or sign e-mails on your Windows Mobile device. There are two dominant systems for secure e-mail: S/MIME and PGP. For PGP you would have to buy a third-party application such as PGP Mobile. Unfortunately this product has been discontinued, but PGP representatives told me that they are reconsidering their position and a new version may be in the pipeline. For S/MIME there are the following options:

Windows Mobile 6 (build 17741 and higher).
Windows Mobile 5.0 with the MSFP update (i.e. AKU2 or higher).
movianMail by Certicom. Discontinued since Oct 31, 2004.
Voltage SecureMail for PocketPC. Appears to be an (expensive) proprietary solution which requires a special Voltage SecureMail gateway.
Research In Motion (RIM), the company behind the BlackBerry, announced support for Windows Mobile devices. It too requires a special gateway.
Sybase iAnywhere requires Lotus Domino or Microsoft Exchange.
DME by Excitor. Supports multi-platform clients, with Lotus Domino and Microsoft Exchange servers.

There is very little documentation about using S/MIME on Windows Mobile 5.0 and 6. This webpage describes my experiences with it.

1.2 Author

The author of this document is Jacco de Leeuw (contact me). Corrections, additions, extra information etc. are much appreciated.

2. Contents

Introduction
Contents
Background information
Secure e-mail: initial configuration
Secure e-mail: sending and receiving with Windows Mobile
Assorted remarks
Certificate based ActiveSync authentication
Acknowledgements and disclaimer
Revision history

3. Background information

Windows Mobile 6 has built-in support for S/MIME secure e-mail. Windows Mobile 5.0 AKU 2 and later also support S/MIME. Devices running older versions of Windows Mobile 5.0 require an update from the vendor. Unfortunately, few vendors have released this "Messaging and Security Feature Pack" (MSFP) update for older Windows Mobile 5.0 devices. (Warning: if you install the MSFP update, it will wipe everything on your Windows Mobile device, including any personal certificates that you may have installed. Make sure that you keep a backup copy of your personal certificate on your PC before you install it on your Windows Mobile 5.0 device.)

There is very little documentation about this S/MIME feature (or it is well hidden!). I have attempted to write down some instructions that you can find below. Some informaton about S/MIME can be found in Microsoft's "Deploying MSFP" document (officially: "Deploying Microsoft Exchange Server 2003 SP2 Mobile Messaging with Windows Mobile 5.0-based Devices"). There is also a blog post by the Microsoft Exchange Server team.

If you don't own a Windows Mobile device you can download the standalone version of the Microsoft Device Emulator. Microsoft has released Windows Mobile 6 Localized Emulator Images for this emulator. These images contain S/MIME support.

3.1. Requirements and limitations

The S/MIME secure e-mail setup described in this section requires Windows Mobile 6 clients or Windows Mobile 5.0 clients with at least AKU2 (go to "Start" -> "Settings" -> "System" -> "About" to see what version you have). Exchange Server 2003 SP2 or later is also required, plus Windows Server 2000 or 2003 and possibly also ActiveDirectory with Windows Certificate Services. If you use Exchange Server 2007, you need to install Service Pack 1 because Microsoft "just didn't have time to complete [S/MIME support] by RTM". Certificates generated by independent software such as OpenSSL may or may not work, I have not yet tried. Note that some of these Microsoft products require purchasing separate Client Access Licences ("CALs") so your total cost of ownership may become a factor.

Sadly, Microsoft decided to not support S/MIME with SMTP, the Internet industry standard for e-mail. If your company or ISP uses another mail server than Exchange you will not be able to use the features "Encrypt message" and "Sign message" in Windows Mobile's "Messaging" application. The option "Security" is ghosted. This is clearly an example of vendor lock-in. It is an attempt by Microsoft to lock Windows Mobile users into Exchange and their other product offerings. I cannot think of a technical reason why Microsoft could not support SMTP for secure e-mail. Storing certificates on mobile devices takes valuable memory, but most certificates are only 1-2 KB. The least they could have done is use open standards such as LDAP for looking up certificates of recipients. (There is a "Check Names" option in WM6 where you can lookup names in an online server but I don't know if that means LDAP and if certificates are actually checked).

Microsoft does kind of support S/MIME with POP3 (and probably IMAP4 too) on Windows Mobile 6. You can receive encrypted e-mail and signed e-mail, but not send them, with Internet standard protocols. When you receive a signed e-mail, the signature is ignored. No indication is displayed about the status of the signature. When you receive an encrypted e-mail, the e-mail is decrypted automatically but there is no indication that the e-mail was encrypted. So the practical use of S/MIME with POP3 and IMAP4 is close to zero. Receiving encrypted e-mail does work because when you delete the personal certificate from your device the encrypted e-mail can no longer be decrypted.

After disabling SSL I examined the network traffic between the Windows Mobile device and Exchange server. The communication between client and server appears to be based on HTTP(S), WebDAV and WBXML. Fortunately Windows Mobile does not appear to offload cryptographic operations or send private keys to the Exchange server, but it does delegate some trust operations to it. I don't know if any of the free Open Source competitors can be used with Windows Mobile for secure e-mail.

3.2 WM5 security flaw

Windows Mobile 5.0 with the MSFP update supports S/MIME but it contains a security flaw. I discovered that WM5 uses the RC2 algorithm to send encrypted e-mail, as is evident in this screenshot of a test e-mail sent from WM5 to Outlook 2003. RC2 is known to be flawed. Well-known cryptographer Bruce Schneier recommends against using it. To make matters worse, WM5 uses only a 40-bits key. Therefore e-mails sent with WM5 are relatively easy to decrypt by adversaries. The problem lies only with sending encrypted e-mail because WM5 can decrypt received e-mails that were encrypted with 3DES (a much stronger algorithm). It looks like Microsoft purposely chose RC2-40 for maximum compatibility with other S/MIME clients, at the expense of security. Bad move.

Microsoft has been informed of this issue. It has been fixed in WM6: e-mails are encrypted with 3DES in WM6. But Microsoft says they will not release an update for WM5.0 users, nor will they inform users about the existence of this problem. There is a workaround: if you set the "Encrypted Mail Policy" (4126) to "2", WM5.0 will use 3DES instead of RC2. Unfortunately, this workaround requires every(!) e-mail to be encrypted, which will be unacceptable for most users. S/MIME support was added to WM5.0 on the request of certain organisations with high security requirements, that did not mind encrypting each and every e-mail.

Microsoft claims that the S/MIME component in Windows Mobile 5.0 is FIPS 140 compliant. If they use RC2, I don't see how they got their FIPS certification as RC2 is non-approved by FIPS. In a nutshell: do not use WM5 for sending S/MIME encrypted e-mails!

Back to Contents

4. Secure e-mail: initial configuration

Before you can send or receive secure e-mail with your Windows Mobile device you need to configure a few things. First, you will have to configure your mail server and then your mail client.

4.1 Configuring your Windows Server, IIS and Exchange Server

For documentation on how to configure Exchange Server 2003 or higher for secure messaging, see the Microsoft website. See also Daniel Petri's articles "How can I Synchronize a Pocket PC with Exchange Server 2003?" and "Problems in Synchronizing a Pocket PC with Exchange Server 2003 when using SSL and Forms-Based Authentication in OWA".

4.2 Installing a personal certificate on your Windows Mobile device

An installed personal certificate is required if you want to send signed e-mail or decrypt encrypted e-mail on your Windows Mobile device. A personal certificate (also known as a client certificate) can be obtained through different methods:

You import an existing personal certificate from a PKCS#12 file
You create a new personal certificate by enrolling your device at a web-based certificate authority server.

Most users will already have a personal certificate on their desktop PCs. Additionally, many third-party CAs such as Thawte, Verisign and CAcert only support desktop operating systems such as Windows, Mac OS X and Linux. So probably the simplest solution would be to export your existing personal certificate from your desktop PC to a (password protected) certificate file, and then import this certificate file on your Windows Mobile device. The PKCS#12 format is the most popular format for certificate files. WM6 supports PKCS#12: you can import these files without having to install extra software. But for WM5 you need a certificate import program such as PFXimprt.

For details about installing a personal certificate for S/MIME on Windows Mobile 6, see my webpage "Installing certificates on Windows Mobile 6".

Web enrolment is a completely different method. According to the "Deploying MSFP" documents, ActiveSync 4.1 and higher support web enrolment. You connect your device (running WM5 AKU2 or higher) to your desktop PC and then the device retrieves a certificate from the certificate authority while connected through ActiveSync. Unfortunately, the setup described in the "Deploying MSFP" document is very complex. I have not been able to get it working. It involves generating XML, using Rapi and installing CAB files. Ask your vendor (or contact Microsoft Support) if you run into problems with the setup described in the "Deploying MSFP" document.

Web enrolment is also supported by ActiveSync 4.5. It appears to be different (read: less complex and it actually works for me) from the setup described in the "Deplying MSFP" document. But there is a drawback: it only works with devices running WM6 or higher. More details can be found on my other webpage.

4.3 Configuring ActiveSync on your Windows Mobile device

For S/MIME you have to use ActiveSync to synchronise your Windows Mobile device with an Exchange server. Securing the connection with SSL is optional (but highly recommended; see the next section for that).

Start "ActiveSync".
Tap "Menu" -> "Add Server Source".
Enter the address of the Exchange server. If you are using ActiveSync over a hostile network such as the Internet you'll want to secure the ActiveSync connection between the Exchange server and your Windows Mobile device with SSL. This requires a server certificate on the Exchange server and possibly the installation of a root certificate on the Windows Mobile device. The hostname in the certificate should match the hostname that you enter on the Windows Mobile device. Otherwise you may get a support code 0x80072F06 error ("name in certificate does not match name of the server"). Note that if you supply an IP address instead of a fully qualified hostname you may not be able to use SSL because certificates typically do not contain IP addresses.
If you disable SSL between the Exchange server and the Windows Mobile client (i.e. you uncheck the checkbox "This server requires an encrypted (SSL) connection"), you get the warning: "You are choosing to sync without a secure connection. This may put your password and personal data at risk." This may be acceptable for testing purposes on your company LAN but not on the Internet. If you get support code 0x85010004, "Your account in Microsoft Exchange Server does not have permissions to synchronize with your current settings.", make sure that you have installed the correct root certificate on your Windows Mobile device and that you have ticked the "This server requires SSL etc." checkbox.
Enter your username and password for the Exchange server.
In the "Edit Server settings" window, make sure that the checkbox for "E-mail" is selected. Next, tap "E-mail" itself so that it is selected. Then tap "Settings" in the bottom right corner.
In the E-mail Sync Options window, tap "Advanced".
You will notice that "Encrypt all outgoing e-mail messages" and "Sign all outgoing e-mail messages" are ghosted. You cannot select them until after the first synchronisation with the Exchange server (see my remark above about vendor lock-in).
Tap "Choose Certificate".
The personal certificate that you imported should be visible. Tap the name of the certificate to select it (you can optionally use "Menu" to view its contents before you select it). Note: if your certificate is listed as "Unknown" it probably means that your personal certificate does not contain an e-mail address in its subject ("emailAddress" field). You may have to obtain another certificate as it may not be usable with Windows Mobile's S/MIME implementation.
There's a "Primary e-mail address" field. I'm not sure why it is needed but it is probably a good idea to enter the e-mail address associated with the personal certificate. Tap "OK".
Tap "OK" again. Back in the "Edit Server settings" window, tap "Finish".
Windows Mobile will try to synchronise with the Exchange server. If this is not the case, tap "Sync".
Type your Exchange password (if "Save password" for automatic sync had not been checked).
The sync indicator will rotate and should turn green. The types of data that you selected (Contact, E-mail etc.) will be synchronised.
If everything went OK, the ActiveSync circle will return to grey and the time of the last synchronisation will be displayed.

On Smartphone the procedure is slightly different: ActiveSync -> Menu -> Configure Server -> (enter server address) (require SSL connection) -> Next -> (enter username / password) -> Next -> Options -> (select E-mail) -> Menu -> Settings -> Menu -> Advanced -> Menu -> Choose Certificate -> Select a Certificate.

4.4 Configuring ActiveSync with SSL (optional)

It is probably a good idea to secure the ActiveSync connection with SSL (note that this is unrelated to the actual signing and encrypting of e-mails with S/MIME).

For SSL you will need a CA and a server certificate from this CA for the IIS / Exchange server. There are two options: either you create your own root and server certificates (free) or you buy a server certificate from a commercial CA. If you create your own certificates, you need to use File Explorer to install your root certificate on all Windows Mobile devices involved. If you have a large number of Windows Mobile clients this may turn out to be a bit of a hassle. In that case you could simply give up, pull your wallet and buy a server certificate from one of the few "trusted" root certification authorities that are present in Windows Mobile devices. In WM5 these are Cybertrust, Geotrust, GlobalSign, Entrust, Thawte and Verisign. The MSFP update for WM5 adds root certificates from Valicert and GoDaddy to this list. And WM6 adds the following: AAA Certificate Services, AddTrust External CA Root, Baltimore CyberTrust Root, GeoTrust Global CA and Starfield Class 2 Certification Authority.

Next, in the IIS Manager, expand "Default Web Site". Click "Properties" and then "Directory Security". Assign the server certificate by clicking "Server Certificate". Afterwards, you can view the one that you selected with "View Certificate". Go to "Microsoft-Server-ActiveSync" and select Properties -> Directory Security -> Edit -> Require SSL. This will secure the ActiveSync connection. ("Enable client certificate mapping" may be required?)

If the server does not have a server certificate or the client does not have a suitable root certificate you may encounter an error with support code 0x80072F0D: "The security certificate on the server is invalid. Contact your system administrator or ISP to install a valid certificate on the server and try again." You need to install a server certitificate on the Exchange server and possibly a suitable root certificate on the client (if you import a personal certificate from a PKCS#12 file the root certificate is often included in that file).

Note: do not install the certificate of the server on your Windows Mobile device! That is plain wrong, even though the Windows Mobile (5.0) device happily installs the server certificate in the root certificate store (which is a bug in my opinion, because the certificate is not self-signed).

Back to Contents

5. Secure e-mail: sending and receiving with Windows Mobile

Now that you have configured your Windows Mobile device and the Exchange Server, you can continue with sending and received encrypted and signed e-mail.

5.1 Sending a signed e-mail to another person

I will start with the procedure for sending signed e-mail, followed with the other procedures (in suspected order of complexity).

Install your personal certificate, if you haven't done so already.
Start "Messaging" in the Start Menu.
Tap "New". Compose your message.
Tap "Menu". Tap "Add recipient".
Add recipient(s) by typing their e-mail addresses, looking them up in your Device Contacts or by looking them up online in the Global Address List (GAL).
Tap "Menu" and then "Message Options".
Select "Sign message". Tap "Ok".
Tap "Send".
If Windows Mobile does not find your personal certificate, the following error is displayed: "The message cannot be signed because the certificate for sending signed e-mail is not on the device or accessible via a smart card." This problem may occur if you have used an older version of P12imprt or Crtimprt. Try again with a more recent version, with PFXimprt or with WM6's built-in certificate installer.
The e-mail is signed, sent to the recipient(s) and you return to the Inbox.

5.2 Receiving an e-mail encrypted by another person

Install your personal certificate, if you haven't done so already.
Start "Messaging" in the Start Menu.
You receive an e-mail in your Inbox (you may have to tap "Menu -> Send/Receive").
Tap the Inbox of your "Outlook e-mail" account.
Open the e-mail by tapping it. Notice the padlock added to the envelope.
If the e-mail is from a previously unknown sender, you are asked: "This person is not in your contact list. Do you wish to create a new contact for this user?". Select whether you would like to do this or not.
The message is decrypted and displayed. The padlock and the text "Encrypted" indicate that the message was encrypted by the sender. Your Windows Mobile device should be able to decrypt the message using the personal certificate that you imported previously. You were not prompted for a password.
If Windows Mobile does not find your personal certificate, the following error is displayed: "The message cannot be decrypted because the certificate for decrypting signed e-mail is not on the device or accessible via a smart card." This problem may occur if you have used an older version of P12imprt or Crtimprt. Try again with a more recent version, with PFXimprt or with WM6's built-in certificate installer.

5.3 Receiving an e-mail signed by another person

Windows Mobile can check if the signature attached to a signed e-mail is valid. It does this by going online and asking the Exchange server whether the signature is valid. For some reason Windows Mobile does not check the signature against its own list of root certificates! Again, this proprietary online check only ties Windows Mobile to Exchange which means that you cannot use any other mail server. Windows Mobile asks the Exchange server to see if the root CA that issued the sender's certificate is available in the root certificate store of the Exchange server (in the "Computer" account). If the sender's certificate was not issued by one of the "well-known" CAs such as Thawte or Verisign, you may need to import a root certificate to the Trusted Root Certificates Authorities on that server. For example, in the previous screenshot I imported the root certificate of CAcert. See also "How to Import the Digital Certificate for the Sender's Root CA into the Trusted Root Certification Authorities Folder in the Local Computer Certificate Store of the Recipient's Exchange Server". Screenshots of this procedure can be found on Thomas Shinder's TACteam site.

Windows Mobile will go on-line and consult the Exchange server to check if the sender's certificate is valid. I don't know exactly what it does but it appears to forward the sender's certificate to the server. So it seems to delegate some trust to the server. I have not checked if Exchange actually verifies the sender certificate's revocation status, e.g. against a CRL or with OCSP.

The remainder of this section describes how you can validate the signature of a signed e-mail:

You receive an e-mail in your Inbox (you may have to tap "Sync").
Tap the Inbox of your "Outlook e-mail" account.
Open the e-mail by tapping it.
If you have set a limit for the maximum e-mail size you may the option "Get the rest of this message (6K)". If you want the rest of the message (in most cases you do, because the S/MIME signature adds a fairly large amount of data to your e-mail) tap this option. The text will change to: "Message will download next time you send and receive e-mail.".
The message will be readable but its signature has not yet been verified. You'll notice a question mark obscuring the seal.
Tap "View signature status".
A window is shown displaying the status of the signature: "The signature may not be valid; no online check has been made.".
Tap "Menu" and then "Check Certificate".
If everything is alright, you should see: "The signature is valid." If something is wrong with the signature (certificate expired or issued by an unknown CA, message was tampered with etc.) the following error is displayed: "The signature is not valid; a certificate has been used incorrectly.". The seal is obscured by an exclamation mark.
If you want you can also view the certificate. The details of the certificate will then be displayed.
Tap "Ok". You return to the e-mail window. The signature checked out OK, so now the seal is displayed which indicates a valid signature.

5.4 Sending an encrypted e-mail to another person

If you want to send an encrypted e-mail to a person you will need that person's personal certificate. (Note that you do not need the person's private key, because private keys are private, as the name implies. Do not install the other person's personal certificate on your device). On desktop e-mail clients such as Mozilla Thunderbird and Outlook (Express), the usual way for obtaining the recipient's personal certificate is that the recipient first sends you a signed e-mail. Alternatively, the recipient's certificate is looked up in a directory server. Once you have obtained this person's certificate you can send him an encrypted e-mail. These desktop e-mail programs automatically store certificates from received e-mail, mostly in some sort of certificate manager (e.g. in the "Other People's" list).

It does not work that way at all on Windows Mobile. You can only send encrypted e-mail if the recipient's certificate has been published in the Global Address List (GAL). This feature is exclusively supported by Exchange so again this is an example of vendor lock-in.

How does one get certificates into this GAL? As far as I know there are only two options. The first option is to use the desktop version of Outlook 2000 or later. In in the menu Tools -> Options -> Security, click "Encrypted e-mail: Settings..." Import a personal certificate from a PKCS#12 file or "Get an ID" from a CA of your choosing. Click OK. Click "Publish to GAL". The second option to publish certificates in the GAL is to use Windows Certificate Services on the Exchange server. Those certificates are automatically published in the GAL. Windows Certificate Service also seems to be required when you use the first option ("Publish to GAL"), because when I had installed Exchange but not Certificate Services, there was no "Publish to GAL" button. Only after I had installed Certificate Services (Start -> System -> Add or remove programs -> Add/remove Windows components) the button was displayed in Outlook.

The remainder of this section describes how you can send encrypted e-mail, once the requirements mentioned above have been met:

Start "Messaging" in the Start Menu.
Tap "New". Compose your message.
Tap "Menu". Tap "Add recipient".
Tap "Menu" again. Tap "Company Directory".
Select the user in the Global Address List (GAL).
Tap "Menu" and then "Message Options".
Check off "Encrypt message". Tap "Ok".
Tap "Send".
If no certificate is associated with the recipient(s) in the GAL, you receive a warning e-mail in your Inbox with the subject "Certificates missing". When you open this e-mail you get the error "Certificates missing. Certificates are not available for the following recipients or for one or more members of the following distribution lists:". You will need to publish the certificate of the recipient to the GAL (see above).
The e-mail is encrypted, sent to the recipient(s) and you return to the Inbox.

5.5 Combinations of the above

You can also sign and encrypt e-mail messages to others at the same time. Or decrypt and verify signatures.

Back to Contents

6. Assorted remarks

6.1 Creating certs with OpenSSL

Windows Mobile 6 appears to support certificates that were not generated by Windows Server (I am not so sure about WM5 but that is probably not a good idea anyway). I have tried WM6 with third-party certificates such as those from Thawte, Comodo and Trustcenter, and also with my own OpenSSL generated certificates. It is probably a good idea to add the following parameters to your openssl.cnf configuration file, because certificates generated by Microsoft Certificate Services have these properties too:

[ usr_cert ]
keyUsage = digitalSignature, keyEncipherment
extendedKeyUsage = 1.3.6.1.5.5.7.3.2, 1.3.6.1.5.5.7.3.4, 1.3.6.1.4.1.311.10.3.4 subjectAltName=email:copy

Here is a sample personal certificate generated by Microsoft Certificate Services on Windows Server 2003. You could try to generate your own certificates with OpenSSL and mimic this sample certificate for maximum compatibility.

6.2 Trustcenter bug

There is a bug in PFXimprt which pops up with free personal certificates issued by Trustcenter. For more details see the PFXimprt page. In a nutshell: use P12imprt instead.

6.3 Comodo intermediate cert

Comodo issues personal certificates for free. Its root CA ("UTN-USERFirst-Client Authentication and Email") is not included in WM5 or WM6. But it has been signed by "AddTrust External CA Root", which is included in WM6. Therefore if you import your Comodo personal certificate on WM6 you will get an error about the AddTrust root certificate. This certificate cannot be overwritten. It will work nonetheless, just skip importing this particular root certificate. On WM5 you may prefer to include only the UTN root certificate in your PKCS#12 file (and not the AddTrust root certificate). The UTN certificate will then be imported as a root certificate instead of an intermediate certificate, as the case would be on WM6.

6.4 AES

I don't know if WM6 supports AES encryption with S/MIME. This would probably mean support for "S/MIME Capabilities" where the sender of a signed e-mail indicates which algorithms it supports. WM6 ships with AES support but for some reason it is not used with all protocols (e.g. not with L2TP/IPsec).

Back to Contents

7. Certificate based ActiveSync authentication

In the previous sections certificates were used for secure messaging with S/MIME. However, certificates can also be used for authentication when ActiveSyncing to the Exchange / IIS server ("Exchange ActiveSync" or EAS). The ActiveSync connection is an SSL connection, after all, so the use of client certificates are optional. See this section on my other webpage.

Back to Contents

8. Acknowledgements and disclaimers

My crack team of lawyers advised me to include the following text. This page shows screenshots of a device resembling a Pocket PC but this does not necessarily mean an endorsement of or by any company. I disclaim everything anyway :-). Windows, Windows Mobile, Pocket PC and Windows CE are trademarks of Microsoft Corporation. The author of this webpage is not associated with Microsoft or any other company mentioned on the page. All trademarks are owned by their respective companies.

Back to Contents

9. Revision history

Jun 6, 2007: S/MIME problem resolved in P12imprt v0.3 and Crtimprt v0.3.
May 31, 2007: Tested with Thawte, Comodo certs.
May 24, 2007: Initial version.

Jacco de Leeuw