Encryption and Security Homepage
* S/MIME Set-up Information
* OpenPGP Set-up Information
- Advanced Settings
- Encrypting Webmail
OpenPGP Command Line
How PGP Works
The Mobility Project
S/MIME Set-up Information
You are able to get S/MIME certificates from several different certificate authorities. I have only ever used Thawte and Comodo (these companies no-longer offer S/MIME certificates) so I can only provide these instructions based on my past experience.
Firstly, you need to select your Certificate Authority. There are several available and your choice of authority is up to you to decide.
Once you have completed your registration and email confirmation with the Certificate Authority, you will download and install the certificate. This should happen automatically on a Windows based computer, but I have no experience with S/MIME on any other platform so I will be unable to provide instruction on this. In my experience, I had to use Microsoft Internet Explorer since the installation phase did not work under Firefox. Once this step is completed, however, you will not need to use your web browser at all so it's not a major gripe.
If you use Microsoft Outlook or Outlook Express, the certificate will automatically be imported to your certificate repository, so you won't have to import anything. It should be a case of (re)starting your email client, and you will be able to use S/MIME straight away. Instructions are provided here for Outlook Express and Mozilla Thunderbird, although the Thunderbird instructions are similar for Mozilla Suite and Mozilla Seamonkey.
In Outlook Express, the functionality is included and is quite prominent on the Create Mail interface. See the diagram below:
When using Mozilla Thunderbird, you may have to import the certificates. You should only have to do this once.
Open Thunderbird and go to TOOLS > ACCOUNT SETTINGS and select SECURITY for the email account you are importing the certificate for. Select VIEW CERTIFICATES. If your certificates are there, just click OK then click SELECT in the security window and select the appropriate certificate for your email address. If the certificates are not there, complete the following steps:
To Import S/MIME Certificates in
When you downloaded an S/MIME security certificate, you will normally have had to use Internet Explorer to download and install the certificate. In order to use the S/MIME certificate, you'll need to export it via Internet Explorer, then import the file from Thunderbird. This is quite easy but it may take you a couple of minutes.
open Internet Explorer and select TOOLS >
Select the CONTENT tab and click CERTIFICATES...
Select the appropriate certificate from the list and click EXPORT
A wizard will open. You must export the PRIVATE KEYS also - save the pfx file and remember its location
You can now exit Internet Explorer.
Select TOOLS > ACCOUNT SETTINGS
Select your chosen email account and click the SECURITY field on the left
Select VIEW CERTIFICATES
Browse to the PKCS12 (.pfx) file you've just saved and hit OPEN
Select OK then click SELECT on the security window and choose the appropriate certificate for your email address. If you have several certificates, there will be a drop-down box - ensure you select the appropriate certificate for your email account. Once you've hit OK and exited the Account Settings window, you're ready to use S/MIME encryption in your Thunderbird email.
Once you have done this, you may have to add a "trust" level for your certification authority. Full details on how to do this are available here.
You can then send emails signed and encrypted provided you have distributed copies of your Digital Signatures and you have the Digital Signatures of your recepients. Simply click the S/MIME button (or select the drop-down menu as shown below) and select "Digitally Sign", "Encrypt" or both.