[HOWTO] Digital Signing and Encrypting for Personal Use

Print this post Email this post

Digital signing and encryption has been used to authenticate emails in many corporate environment to prevent spoofing. Here’s a simple guide to create a digital signature, import them and use them for personal use. My current choice of personal certificate is issued by Thawte. Thawte’s root certificate has been installed on most computer; therefore the recipient do not need to install custom root certificate to confirm the authenticity.

The first thing that needs to be done is obtaining digital certificate. Thawte’s personal digital certificate can be obtained here. After registration and verification, you can create your own certificate. The default options will allow both digital signing and encryption. Thawte also allows you to create multiple certificate for multiple accounts. Download, import and usage instructions available after the jump.

If you’re using Firefox, the certificate will be imported into the browser. You need to export them as a file then re-import them to your e-mail client of choice. To export the certificate from Firefox:

  1. Click Tools -> Options -> Advanced
  2. Click on View Certificates
  3. Select the Certificate
  4. Click Backup

Now that you have downloaded the certificate you can now import it into your mail client. You will be asked to password protect the certificate. Remember the password that will be used to import the certificate to the mail client. IMPORTANT: Do NOT send your certificate since it contains your private key for decrypting your e-mails. For more info on digital signing and encryption click here.

Importing to Thunderbird

  1. Right click the account that is listed in the certificate and click Properties
  2. Click the corresponding Security section
  3. Click View Certificates
  4. Click Import
  5. Point to the certificate downloaded from Firefox then click OK
  6. You will be asked to create password for “Security Devices” and the password to import the certificate
  7. Under the section “Digital Signing” click select
  8. Choose the certificate and click OK
  9. Thunderbird will ask if you want to use the same certificate for encryption. Click Ok
  10. Check “Digitally sign messages (by default)” then click Ok

Sending Signed/Encrypted E-mail withThunderbird

  • Signing
    • If you choose to sign by default as written in the guide, you don’t have to do anything
    • If not, when writing a new message click on the downward triangle next to the “Security” (padlock icon) then choose “Digitally Sign This Message”
  • Encrypting
    • You have to receive an e-mail with the person’s digital signature
    • When writing a new message click on the downward triangle next to the “Security” (padlock icon) then choose “Encrypt This Message”
    • If you have not received any e-mail with the person’s digital signature, you won’t be able to encrypt the e-mail and an error message will be generated

Importing to Microsoft Outlook

  1. Click Tools -> Options -> Security
  2. Click Import/Export
  3. Select “Import existing Digital ID from a file” then click “Browse…”
  4. Point to the certificate file exported from Firefox
  5. Fill in the password at the text field and give a name for this particular certificate
  6. Click OK
  7. On the same “Security” tab, click on “Settings…”
  8. Click on “Choose” for both signing and encryption certificate and choose the certificate you’ve just imported
  9. Check “Send these certificates with signed message”
  10. Click Ok
  11. On the “Security” tab, also check the “Add digital signature to outgoing messages”
  12. Also check “Send clear text signed message when sending signed messages”
  13. Click ok

Sending Signed/Encrypted E-mail with Outlook

  • Signing
    • If you set it to send digital signature by default, all outgoing email will be automatically signed
    • If not, when writing a new message click on Options -> Security Settings and check “Add digital signature to this message” and “Send this text message as clear text signed”
    • Alternatively, when writing a new message click on the envelope icon with the red and gold ribbon
  • Encrypting
    • To send encrypted e-mail you have to receive an e-mail from that person with his/her digital signature
    • After you receive an email with the person’s digital signature, right click the name and choose “Add to Outlook Contacts”. This will import the person’s certificate that’s needed to send out encrypted information to that person.
    • If you have not received any e-mail with the person’s digital signature and add the certificate to the contact, you won’t be able to encrypt the e-mail and an error message will be generated
    • When writing a new message click on Options -> Security Settings and check “Add digital signature to this message”, “Send this text message as clear text signed” and “Encrypt message contents and attachments”
    • Alternatively, when writing a new message click on the envelope icon with the blue padlock on the toolbar
    • NOTE: In order to encrypt properly, the recipient should be added by click the “To:” button and choosing the contact from the address book
Be Sociable, Share!

Tags: , , , , , , , , ,

One Response to “[HOWTO] Digital Signing and Encrypting for Personal Use”

  1. How Email and Digital Signing Works | Life in 0 and 1 Says:
    January 16th, 2008 at 11:37 am

    […] For more info on how to sign and encrypt e-mail click here […]

Leave a Reply

You must be logged in to post a comment.