Secure Mail with S/MIME
Support for S/MIME seems to be everywhere now, to enable secure email transactions. Still, it appears no one is using it; too hard to set up; don’t understand all that certificate authority mumbo jumbo; and no one else uses it (a catch-22). Actually it’s pretty easy, and far more widely supported and more versatile than PGP, which I was experimenting with a little while ago with moderate success.
First thing you’ll need is a free email certificate. I was previously using thawte to generate certificates, but found Comodo‘s system to be heaps easier and vastly superior. So head on over and generate a secure email certificate. They will send an email to you instructing you how to collect it, and assuming you’re using Firefox (and you should be), the certificate, combined with a unique private key, will be stored within your browser.
Export the certificate/key file to your desktop or somewhere through the Advanced Options -> Encryption tab by clicking View Certificates, selecting your certificate and hitting Backup.
Then you need to import the certificate into your email client; most modern ones support S/MIME. In Thunderbird Account Settings find Security in your account then View Certificates -> Import. Then select that certificate for Digital Signing and Encryption.
Now when a new message is composed, there will be an option to encrypt the message, or digitally sign it, or both. Signing a message ensures that the email really came from the person it says it came from and was not tampered with during transmission. To encrypt a message so that nobody can read it except its intended receiver you need to have the recipient’s public email certificate. The easiest way to obtain this is to get them to send you a signed email.
I’ve set Thunderbird to automatically sign every outgoing message, so that people can reply with a secure email. Otherwise here’s my public email certificate in case you wanted to send me a secret message.
I’m phocks at gmail.
Take care.
Tags: email, encryption, security