The device involves the following steps:
- Production of a certificate with the public and private keys in the web browser
- Export the certificate to a file
- Import the certificate into Thunderbird
- Configuration of the certificate in Thunderbird
On the Wiki Thunderbird, , the essential technical explanations mail encryption and signing using S / MIME.
1 Production of a certificate
Certificates may consist of two parts: the public key and private key. For signing (and, indirectly, to encrypt) you need a certificate with a public / private key. The private key is the secret, used for decrypting and digitally signing. The public key is used to encrypt and to verify the digital signature.
For private purposes can be easily online at www.TrustCenter.de such a certificate be. The issuance of the certificate in the following steps is done on the linked Web page:
1. Fill in the necessary Web forms and generation of key pair
2. Verification of the email address
3. The public part of the certificate in the Web browser installation
1.1 Fill in the necessary Web forms and generation of key pair
To create the necessary certificate, it populates the form http://www.TrustCenter.de/products/tc_internet_id.htm from:
Select the longest key length (on other Web browsers, the following window looks different - just follow the instructions, They appear). In any browser, press "Create key pair" Finally.
The browser now produces a public and associated private key. The private key is stored in the browser and protected from unauthorized access with a password assigned to you:
The public key has been sent to Trustcenter.de, so that it signs the public key, stores and if necessary other provides. This trustcenter.de requires the input of personal data and the consent to the terms and conditions and the storage of the data again:
The private key of the certificate generated in the browser was saved through the above process, While the public part of the certificate on trustcenter.de has been transferred. The Trust Center to digitally sign the public part of the certificate. Then you can this public part of the certificate (with the signature of trustcenter.de) Download and merge it with the private part.
Most browsers show a certificate in the Certificate Manager, the only from the private part is not. Anyway, we want to merge the private and the public part. To the public part of the certificate must be downloaded and installed in the same browser, in which the private part is already installed.
1.2 Check the email address
Before however, trustcenter.de signs the public part of the key, It verifies the email address. To this end I ca. 2,5 Receive an appropriate email from certificate@trustcenter.de hours (probably it is in most cases in a few minutes. I guess, that my email provider is responsible for the late delivery). Simply click on the confirmation link in the email:
and send the confirmation mail, in which one pays attention on the link in the email clicks and, that
- is used when sending the mail to the correct mail account.
- except for the tracking number the mail is empty, in particular the waffle is deleted:
Thus, the email address is verified and you can get the public part of the certificate signed by the Trust Center.
1.3 Installation of the public part of the certificate in the browser
Shortly after sending the message to get an additional email with a link, It enables the installation of the certificate in the browser:
The certificate consisting of from public and private key is located now in the browser. For use with Thunderbird, it must now be exported from the browser.
2 Export of the certificate from the browser to a file
The export of certificate and private key is the following an example for the Opera browser 11 and FireFox 3 shown.
2.1 Opera 11
In Opera 11 It goes like: Press strg-F12, go the tab "Advanced" and select from the list box left "Security"
Choose a directory and a name, under which you want to store your certificate with private key. As the name, I recommend "Certificate with private key of trustcenter.de for email address", where you replace "Email address" with your email address.
Select a file type "PKCS" #12 (private-key):
Please enter the password now, that you have placed above, twice - the following dialog box appears similar to two times in a row (a times, to free the private part of the certificate, and once, to protect the exported file with the password):
2.1 FireFox 3
In FireFox 3 is it very similar to: "Tools" menu, Menu item "Settings", then select the tab "Advanced" and the subtab "Encryption":
Click on "View certificates" and select the tab "Personal certificates". In the dialog that appears, select the certificate and click the button "export".
Now must import this certificate in Thunderbird.
3 Import the certificate into Thunderbird
The import of certificate is from the "Tools" menu (Linux on the menu "Edit") and the menu item "Settings". There click on the tab "Advanced" and click the "Certificates" sub tab. There is a button "Certificates", Press the, to import your certificate:
Now select the "Your certificates" tab and click on "Importieren…"
In the file-selection dialog that appears, select the above stored certificate file and enter the transport password for the private key certificate.
4 Configuration of the certificate in Thunderbird
Now only the key must be associated with the email account, to which he belongs:
In Thunderbird, click the "Tools" menu and choose the menu item "Account settings". Select, "S/MIME security" in the left list to the right account.
Then press on the two "select" buttons and select the certificate:
Now the Setup is complete. You can send messages encrypted using S/MIME and receive.
I had used a plugin so far, to sign with Thunderbird mail. The guide is great. Thank you (Flattr goes out to you).
Greeting
SE