Have you seen those funky digitally signed e-mail messages? I decided to venture forth and find out how to send digitally signed e-mail from my personal account, for which I use OS X’s built in Mail application called Mail (3.0 at the time of this writing).
I googled a bit, and found these instructions. They are a bit outdated, so I decided to kill some time and publish what you need to do to digitally sign your e-mail. If you want to understand the whole logic of digitally signing e-mail, please do read the first section on that article, it really puts things into perspective.
Why sign e-mail, you ask? I think Kermadek’s explanation could not be any clearer:
“…Do you send postcards? Probably. They’re great to convey best wishes for the New Year, to send a “get well”
note to your neighbor who is in the hospital, or a “hello” note to coworkers from your holiday place.
However, you would never send confidential information on a postcard, would you? Certainly not since the postal workers and every single person who handles the card can read its contents while it travels through the post system.
Well, I have news for you! When you send email to someone, most of the time you’re not sending them a letter, carefully enclosed in an envelope. You’re basically sending them the electronic version of postcards that can be read — or worse, altered — by anyone during their transit over the network…”
Alright, let’s get rolling.
Before configuring anything in your e-mail client or OS, you need to obtain a certificate. Thawte is a service that offers free e-mail certificates, so you need to get one. Please note that these instructions were done with Safari 3.0.4
- Access Secure Your E-mail:
- Read the terms and conditions and click Next
- Fill out the required values and click Next
- Enter the e-mail address for the account you would like to digitally sign e-mail
- Click Next on the next screen
- On the next screen, enter a secure password
- On the next screen, you must specify 5 questions to be used in case you forget your password and your identity needs to be restored. Don’t be shy on creating your own questions, try and aim for stuff that only you would know about
- The next screen will show you your options, click on Next
An e-mail will be sent to verify your e-mail address. Check your mail, it will instruct you on pasting Probe and Ping values on a specific URL, do so to verify your identity.
- Once you submit it, you will see a message stating that your account was successfully created. Click Next.
On the page that follows, click on the Certificates Link
Click on Request a New Certificate
Click on the Request button below the X.509 Format Certificates
- A pop-up window will show up, leave the default value and click on Request
- On the next screen, leave the default value and click Next
- On the screen that follows, select the e-mail address you wish to use for the certificate and click Next
- Click the accept button
- On the next screen, make sure that 2048 (High Grade) is selected and click Next
- Click Finish
You will be presented with a new screen that tells you the certificate was requested. Click on the link shown below to access the certificate manager:
- You should see your certificate and its status should be pending. Wait a minute and then refresh the page. Keep refreshing on one-minute intervals until the status has changed to issued.
Once it has been issued, click on the Navigator link:
- On the next page, you should see a Fetch red button, click on it
- Your Keychain Access application will open automatically and install the certificate for you…gotta love OS X.
- If you have Mail.app open, close it and re-open it
- Now, write a new message with the account you specified, you should see the digitally signed icon on the message itself: