When using Microsoft Outlook to open encrypted emails, you might encounter an error stating “Your Digital ID name cannot be found by the underlying security system.” This issue often occurs when trying to decrypt messages using certificates with outdated encryption capabilities. Let’s explore why this happens and how to fix it.
The error typically appears as:
Sorry, we’re having trouble opening this item. This could be temporary, but if you see it again you might want to restart Outlook. Your Digital ID name cannot be found by the underlying security system.
This problem arises because Microsoft has upgraded Outlook’s default encryption algorithm from 3DES to AES256 in newer versions. When you try to open an encrypted email using an older certificate that only supports 3DES, Outlook can’t process it, resulting in the error message.
Here’s how to resolve this issue:
Method 1: Modify Registry Settings
This method involves changing Windows Registry settings to allow Outlook to use the older 3DES encryption algorithm. Follow these steps carefully:
Step 1: Open the Registry Editor by pressing Win + R, typing regedit, and pressing Enter.
Step 2: Navigate to the following path in the Registry Editor:
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Security
Step 3: Right-click in the right pane, select “New,” and then “DWORD (32-bit) Value.” Name it UseAlternateDefaultEncryptionAlg.
Step 4: Double-click the new value, change the “Value data” from 0 to 1, and click “OK.”
Step 5: Create another new value, this time a “String Value,” and name it DefaultEncryptionAlgOID.
Step 6: Double-click this new string value and enter 1.2.840.113549.3.7 as the “Value data.” This is the Object Identifier (OID) for the 3DES encryption algorithm.
Step 7: Close the Registry Editor and restart Outlook for the changes to take effect.
These registry modifications tell Outlook to use 3DES as the fallback encryption method when dealing with older certificates.
Method 2: Update Your Digital Certificate
If modifying the registry doesn’t solve the problem or if you prefer not to make registry changes, consider updating your digital certificate:
Step 1: Contact your certificate authority (CA) or IT department to request a new certificate that supports AES256 encryption.
Step 2: Once you receive the new certificate, install it on your computer following the instructions provided by your CA or IT department.
Step 3: Configure Outlook to use the new certificate for email encryption:
- Open Outlook and go to File > Options > Trust Center.
- Click on “Trust Center Settings” and select “Email Security” from the left panel.
- Under “Encrypted email,” click on “Settings.”
- Choose your new certificate from the list and click “OK” to save the changes.
Step 4: Restart Outlook and try opening the encrypted email again.
Method 3: Request Resent Email with Updated Encryption
If the above methods don’t work, you may need to ask the sender to resend the email using updated encryption settings:
Step 1: Contact the sender and explain that you’re unable to open their encrypted email due to compatibility issues.
Step 2: Ask them to check their Outlook encryption settings and ensure they’re using AES256 encryption.
Step 3: Request that they resend the email using the updated encryption settings.
Step 4: When you receive the new email, it should open without the “Digital ID name cannot be found” error.
By following these methods, you should be able to resolve the “Your Digital ID name cannot be found” error in Outlook. Remember to keep your encryption certificates up to date to avoid similar issues in the future. If problems persist, consult your IT department or Microsoft support for further assistance.