Archive for the ‘E-Mail’ Category

Instant S/MIME Guide

Wednesday, March 5th, 2008

How do I get S/MIME working with Firefox/GMail and Thunderbird? The details are varied, but here’s the big picture (I’m recalling this procedure off the top of my head, apologies for any errors in initial versions of this post).

First, grab Firefox and Thunderbird, and install this Firefox plug-in.

Next, head over to thawte and get a free, personal e-mail certificate from them. Try not to stare at the girl on the front page, I’m pretty sure there’s something strange going on there, some kind of spell, maybe it’s what killed Gary, I don’t know (rest in peace).

This whole getting-a-certificate-from-thawte requires trusting thawte since they serve up your private key for you, but I think the convenience of this system is worth this risk unless you are doing something very naughty. If you’re really paranoid, you could go through a different service where you control your private key, but that’s probably not going to be free.

The path to the free certificate on the thawte website is something like Products/Free personal e-mail certificates/Join. Fill out a bunch of forms and you’ll be logging in to retrieve your key in a jiffy. Somewhere in there you tell them you’re going to be using Mozilla/Firefox/Thunderbird. Eventually, you end up installing the key in the Firefox browser.

Once it is installed in the browser, you can start sending signed and/or encrypted email from your GMail account. Head over to GMail and hit compose and you’ll find two new, stealthy buttons off to the right, one for signing, one for encrypting. Note that the S/MIME plugin disables GMail’s auto-saving feature because that requires sending the message unencrypted to GMail’s servers, a message you potentially would like to have encrypted. Also note that the S/MIME plug-in does not verify signatures sent to your GMail account, not yet. You’ll notice the big fat yellow section next to any smime.p7s attachments you see.

Thunderbird does, however, verify signatures and interacts well with GMail in the process. Configuring Thunderbird requires one last step from Firefox, however, and that is exporting your certificate. The path to do this is something like Tools/Options/Advanced tab/Encryption tab/View certificates/Your certificates/Select the thawte certificate/Backup. There is probably a shorter path. When you save it, it will ask you to encrypt it with a password. File your certificate in a safe place with a strong password.

Fire up Thunderbird and set up your GMail account to use IMAP. Google has fine instructions for this if you go to your GMail account Settings/Forwarding and…/IMAP access/Enable then click Configuration Instructions.

After that is all set up, revisit your GMail account properties in Thunderbird and open its Security tab. There, View certificates/Your Certificates/Import/that file you saved from Firefox. Finally, select this certificate in the other two fields on that same Security page.

You may want to check the box to digitally sign messages by default, that’s up to you. If you don’t you’ll have to specify when you want to sign messages in the security menu when you compose a message.

Send yourself a signed email and check it out, it should work now.

Posted in E-Mail, Encryption, IT, Internet | No Comments »