Knowledge Base

XFOR: How Messages Are Encrypted Between U.S. & International

Article ID: 147399

Article Last Modified on 10/28/2006

APPLIES TO

This article was previously published under Q147399

SUMMARY

Encryption is a feature of advanced security which provides confidentiality by allowing users to conceal data. The data is encrypted when it is written to disk and when it is sent over a network connection.

Microsoft Exchange Server can use one of three encryption algorithms to encrypt the contents of a message: CAST-64, DES, and CAST-40. The US/Canada version of the Microsoft Exchange Client supports all three algorithms. All other international (localized) versions of the Microsoft Exchange Client support only the CAST-40 algorithm.

MORE INFORMATION

All clients with the exception of those distributed in U.S. and Canada support 40-bit encryption only. Below are examples of how the encryption scheme is determined.

US/Canada client sends encrypted mail to international client:

The encryption is downgraded to 40bit for the entire message. Even if there are US/Canada recipients, they will get 40-bit also.

International client sends encrypted mail to US/Canada client:

The encryption used will be 40-bit since the international client is not capable of higher key length.

US/Canada client sends encrypted mail to US/Canada client only:

The message is sent with the preferred encryption algorithm which is either CAST64 (default) or DES depending on the setting of the algorithm in the site when the user was security enabled. If there are a mixture of CAST64 & DES users then we encrypt with CAST64.

Keywords: kbother KB147399


Send feedback to Microsoft

© Microsoft Corporation. All rights reserved.