Encryption and Security Homepage
Encryption Types
Set-Up Instructions
* S/MIME Set-up Information
* OpenPGP Set-up Information
- Advanced Settings
- Encrypting Webmail
- FAQ
Key Types
OpenPGP Command Line
How PGP Works
OpenPGP Links
File Verification
Anonymous Surfing
Downloads
The Mobility Project
S/MIME Set-up Information
You are able to get S/MIME certificates from several different certificate authorities. I have only ever used Thawte and Comodo (these companies no-longer offer S/MIME certificates) so I can only provide these instructions based on my past experience.
Firstly, you need to select your Certificate Authority. There are several available and your choice of authority is up to you to decide.
Once you have completed your registration and email confirmation with the Certificate Authority, you will download and install the certificate. This should happen automatically on a Windows based computer, but I have no experience with S/MIME on any other platform so I will be unable to provide instruction on this. In my experience, I had to use Microsoft Internet Explorer since the installation phase did not work under Firefox. Once this step is completed, however, you will not need to use your web browser at all so it's not a major gripe.
If you use Microsoft Outlook or Outlook Express, the certificate will automatically be imported to your certificate repository, so you won't have to import anything. It should be a case of (re)starting your email client, and you will be able to use S/MIME straight away. Instructions are provided here for Outlook Express and Mozilla Thunderbird, although the Thunderbird instructions are similar for Mozilla Suite and Mozilla Seamonkey.
Also read How to import S/MIME Certificates in Thunderbird.
Outlook Express:
In Outlook Express, the functionality is included and is quite
prominent on the Create Mail interface. See the diagram below:
Mozilla Thunderbird:
When using Mozilla Thunderbird, you may have to import the
certificates. You should only have to do this once.
Open Thunderbird and go to TOOLS > ACCOUNT SETTINGS and select SECURITY for the email account you are importing the certificate for. Select VIEW CERTIFICATES. If your certificates are there, just click OK then click SELECT in the security window and select the appropriate certificate for your email address. If the certificates are not there, complete the following steps:
To Import S/MIME Certificates in
Thunderbird:
When you downloaded an S/MIME security certificate, you will normally
have had to use Internet Explorer to download
and install the certificate. In order to use the S/MIME
certificate,
you'll need to export it via Internet Explorer, then import the file
from Thunderbird. This is quite easy but it may take you a
couple of
minutes.
Firstly,
open Internet Explorer and select TOOLS >
INTERNET OPTIONS
Select the CONTENT tab and click CERTIFICATES...
Select the appropriate certificate from the list and click EXPORT
A wizard will open. You must export the PRIVATE KEYS also -
save the pfx file and remember its location
You can now exit Internet Explorer.
Now,
open Thunderbird
Select TOOLS > ACCOUNT SETTINGS
Select your chosen email account and click the SECURITY field on the
left
Select VIEW CERTIFICATES
Select IMPORT
Browse to the PKCS12 (.pfx) file you've just saved and hit
OPEN
Select
OK then click SELECT on the security window and choose the appropriate
certificate for your email address. If you have several certificates,
there will be a drop-down box - ensure you select the appropriate
certificate for your email account. Once you've hit OK and
exited the
Account Settings window, you're ready to use S/MIME encryption in your
Thunderbird email.
Once you have done this, you may have to add a "trust" level for your certification authority. Full details on how to do this are available here.
You can then send emails signed and encrypted provided you have distributed copies of your Digital Signatures and you have the Digital Signatures of your recepients. Simply click the S/MIME button (or select the drop-down menu as shown below) and select "Digitally Sign", "Encrypt" or both.