Decrypt S/MIME encrypted emails and save them unencrypted

We receive S/MIME encrypted emails which we need to store in a financial or HR database system that is encrypted and protected otherwise itself as well.

As we save the original message, they remain encrypted and can only be opened by the original recipient that has the S/MIME certificate.

Trying to open these messages from the application gives the error;

Your Digital ID name cannot be found by the underlying security system.

Is there a way to remove the S/MIME encryption from a message and save it unencrypted?

S/MIME buttonThere is indeed a way to entirely remove the S/MIME encryption from a message.

However, as unencrypting emails is usually not desired, nor the intention, the option to do so is disabled by default.

By adding a specific key to the Registry, you can enable this option and save the message without its encryption and the dependency on a specific certificate.

This would allow you to open the message on any device.

Adding the AllowRecvMsgDecryption Registry key value

Registry Editor buttonTo enable the option to remove the encryption of a message, you’ll have to add the AllowRecvMsgDecryption Registry key value.

Key: HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Office\16.0\Outlook\Security
Value name: AllowRecvMsgDecryption
Value type: REG_DWORD
Value: 1

Note: When you are still using Outlook 2013, use 15.0 instead of 16.0 for the Registry location.

Removing the encryption and saving it unencrypted

Message Options buttonOnce you have applied the Registry key value, restart Outlook and open the message in its own window with a double click.

Then open the message’s properties dialog via;

  • File-> Info-> Properties

The option “Encrypt message contents and attachments” should now be available to you.

Deselect this option and close the Properties dialog.

Encrypt message contents and attachments - Message Properties

Close the message and save the changes when prompted.

Note that the message now no longer has the padlock icon to indicated that it is encrypted.

Extra tip:

Instead of unencrypting the original message, make a copy of it (CTRL+C followed by CTRL+V). Now you can keep a copy of the original encrypted email in your mailbox and delete the unencrypted copy after uploading it to your financial or HR system.