Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Click here to return to the '10.3: Another how-to...' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.3: Another how-to...
Authored by: robg on Oct 31, '03 09:04:52AM
Reader "FlashBIOS" sent the following in as a new hint (after this hint was submitted, but before it was published), but it's pretty much the same process as described in the link above. I'm posting it here just in case the source link ever goes away.


Panther's Mail application makes it possible to encrypt and digitally sign all your email without any extra effort using the industry standard S/MIME and a free email key from Thawte. This is important because it is very easy for other people to read your mail without your knowing. Getting this set up requires a few steps, but afterwards all the security happens behind the scenes and requires no extra effort.

First follow these steps to set up completely secure email (note: you must be using Mozilla or Navigator, not Safari, Camino, or Firebird):

  1. Visit this page on Thawte's website which explains email personal certificates.
  2. Click the join button on the left had side of the page. This creates an account with Thawte. Make sure you read everything. They take their security seriously, and with good reason.
  3. Once your account is created (you may need to log on again) click Certificates > Request a Certificate > X.509 Format Certificates
  4. Choose the default information for your name
  5. Pick the email address you want this certificate associated with. You must create a separate certificate for each email.
  6. Hit next on the screen for extranet identity.
  7. Hit next to accept the default extensions to your certificate.
  8. Choose the key size you wish for your certificate. The larger the better security, but the more size it will add to your emails. I would recommend 1024 if you are not sure.
  9. Hit next, and Mozilla will display a dialog asking for a password and generate your key.
  10. When Mozilla has finished you will be brought to your account's certificate status page and you will notice that your certificate is pending. Wait a few minutes for Thawte to process your certificate. (Thawte will send you an email)
  11. When Thawte changes your certificate's status to "issued" click the link "navigator" to the left of the word issued.
  12. Scroll down and click Fetch. This will install the certificate in Mozilla. Your next steps will get it out of Mozilla for use in Mail.
  13. Open Mozilla's preferences click Privacy & Security > Certificates > Manage Certificates...
  14. In the window that appears, choose Backup All and save it as certificate.p12 on your desktop.
  15. First enter your certificate's password. Then enter a password to protect this backup you are making. They can be the same password.
  16. Finally, double-click on the certificate.p12 file on your desktop. Keychain Access will open and import this certificate into your keychain.
That was a lot of steps, but it was worth it. Now every time you compose a new email in Mail (using the account you listed in the certificate) you'll see some new things. First there is a button that you choose to digitally sign your message. This sends your public key to others that they can use to encrypt messages to you. After you have someone else's public key, you will see a lock icon that means this message will be encrypted when sent to that person. It is that easy. There are no extra steps to encrypt your mail you just use it like normal.

To test everything compose a message to yourself. You will see both the sign and encrypt buttons checked. After you have sent and received the message back you'll see a new security line telling you that it has been encrypted and signed. But here is the cool part -- under the View menu choose Message > Raw Source. Mail will then show you the cyphertext that everyone who does not have your private key sees.

And now you know your mail can be secured and you can have private conversations with anyone who has sent you a signed message.

[ Reply to This | # ]

10.3: Another how-to...
Authored by: epicycle on Oct 31, '03 11:43:08PM
I also found a way to generate your own certs using openssl. You have to do a few extra steps but it works great with I outlined the directions here:

[ Reply to This | # ]