Thunderbird email encryption and S / MIME

Posted on 12. September 2016 by robert

The device involves the following steps:

  1. Production of a certificate with the public and private keys in the web browser
  2. Export the certificate to a file
  3. Import the certificate into Thunderbird
  4. Configuration of the certificate in Thunderbird

On the Wiki Thunderbird, , the essential technical explanations mail encryption and signing using S / MIME.

 

 

1. Generate the certificate in the Web browser

Certificates may consist of two parts: the public key and private key. For signing (and, indirectly, to encrypt) you need a certificate with a public / private key. The private key is the secret, used for decrypting and digitally signing. The public key of others is required to encrypt and to the verification of the digital signature.

For private purposes can be easily online at https://www.startssl.com/ such a certificate be. The issuance of the certificate in the following steps is done on the linked Web page:

1. Completing the necessary Web Forms

2. Verification of the email address

3. Input of the Verifzierungscodes. Then automatically generates the certificate in your Web browser, signed by StartSSL and stored in the certificate store from Firefox.

 

In the co-investment:

call in Firefox https://www.startssl.com/ on and click on "Sign up":

 

4-sign-up-engl

 

 

 

Switch to german doesn't work for me for the certificate creation. So in English.

Then register:

 

4-sign-up

Switch to german doesn't work for me for the certificate creation. So in English:

Insert personal information:

5-pers-Angaben

 

Wait, until the code in your own email mailbox is received (already you can 30 Last minutes):

 

7-email-with-verification-code

 

 

and then enter it on the remaining open side:

6-Bestätigungscode-eingeben

 

and click on "Sign Up". Then Firefox creates a certificate, sends the public part of the certificate at StartSSL. StartSSL digitally signs the certificate, to confirm, that those, He uses the certificate, Access to the specified email address has. StartSSL's signature will be sent back to Firefox, It automatically stores it in the client certificate store from Firefox. This process runs automatically in the background.

You will then:

8-login-now

The certificate is now ready and stored in Firefox. To test the certificate, Click on the "Login Now".

Then Firefox will ask if, the newly created certificate to use to login at StartSSL:

 

 

9-Client-Zertifikat zur Anmeldung verwenden

I choose from 'Remember this decision', because I always want to be asked, If I signed somewhere.

 

2. Export of the certificate from Firefox

To use the certificate in Thunderbird, must first be exported's Firefox as a file.

To do this in Firefox the menu call and click on "Settings":

B-1-Firefox-menu

 

Click on "Advanced" and then on "View certificates"

 

B-2-FireFox-Menu-advanced

 

Then the following dialog appears:

B-3-Zertifikat-sichern

Click on "Your certificates", so that you can see the certificate. Then click the certificate, to select it, and click "Save", to save it on your computer. Before saving, Firefox asks for a password. The password is used, encrypted on your computer to store the secret part of the certificate. So, you can assign a new password – remember the password!

B-4-Transportpasswort-festlegen

 

 

3. Import of the certificate into Thunderbird

Connecting open Thunderbird, Click on "Tools" and "Account settings".

 

image

 

Then select the account, When you created the certificate, and select "S/MIME security" (see 1. in the following screen shot).

 

C-3-Thunderbird-Zertifikatverwaltung

Then click on "Manage certificates", It seems the following dialog (With you, the list will be empty probably different as shown in the dialog):

 

C-4-Zertifikat-importieren

In this dialog, click on the "Your certificates" tab and then click "import".

Select the certificate file generated from Firefox out to in the file chooser dialog and enter the password of choice while saving the certificate then unprotect.

This message appears if successful:

C-6-Import-erfolgreich

By clicking on "OK" in that dialog and the behind it like close both Windows.

Then click on "Select" in the accounts settings dialog is still open, Select the newly created certificate and answer the demand, If the certificate is to be sent with the email recipients, so that they can send you encrypted messages, with "Yes".

 

Now the encryption is finished.

 

4. Send digitally signed mail

If you now compose a message, can send digitally signed messages. To do so click "S/MIME" when composing a message in the upper row and choose "Sign message".

 

D-1-Nachricht verfassen

 

5. Encrypt a message

You can send an encrypted message to someone, of a signed message with his certificate is sent to you. You can easily import the appropriate certificate in Thunderbird. The same button "S/MIME", as in "4. You can then select digitally sign", that you want to send the message encrypted.

This entry was posted in Computer, Encryption, Encryption. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *