This article describes how private emails, which are written in Mozilla Thunderbird, can be signed before they are sent by the author. For this purpose, S/MIME (Secure/Multipurpose Internet Mail Extensions) is used, to encrypt and sign emails by X.509 standard.
In order to obtain such a certificate for signing emails, there are a few free CAs (Certification Authority). Here Comodo is used as CA, which offers this service free of charge for private use. Comodo confirms with a signature the authenticity and identity of the owner, for which the certificate is issued.
The necessary steps are now explained below:
- Create a certificate with Comodo
- Install the certificate for the use in Thunderbird
- Configure Thunderbird for digital signature
- Open the URL http://www.comodo.com/home/email-security/free-email-certificate.php
- Select “Free Email Certificate”
- Fill in the form accordingly
– Please include the email address for which the certificate shall be issued
- Submit the form
- Comodo will subsequently send an email to the address you specified, containing a confirmation link
- By confirming the link from the email, the certificate is installed in the web browser (here Firefox)
To use the certificate installed this way for Thunderbird, it has to be saved locally. The following steps are necessary:
- Select in web browser (here Firefox) “Edit” – “Preferences”
- Select “Advanced” – “Encryption” – “Show certificates”
- Activate “Your certificates” and select your new installed certificate. Subsequently hit “Save”
- Specify the location in the opening window and save the certificate
Now the certificate for S/MIME signature of the corresponding email in Thunderbird can be configured. This is explained in the following:
- Open Thunderbird and select “Edit” – “Account settings”
- Select “S/MIME-Safety” – “Manage certificates”
- The Certificate Manager is opening in which you import the previously saved certificate
- Select “Account settings” – “S/MIME-Safety” – “Certificate for digital signature”
– in the detail area it can be seen, for which email address the certificate is valid
- You also may activate the checkbox which adjusts the selected signature as default for sending emails
- Finally, when a new email is sent, the email is digitally signed per default.
This is everything what is neccessary to sign emails digitally.