Tuesday, 5 February 2008

Thawte e-mail certificates: Get yourself a trusted e-mail certificate - and get certified, painlessly!

The issue of digital e-mail certificates is often raised. I would like explain the what, why and how around it so more of you can make use of this service.
Also, you can get certified and get the certificate issued in your own name.

What is it?
An email certificate is an electronic signature that binds your identity to a public key used in cryptography to either prove the validity of an email you have sent, or encrypt it so that others cannot read it, or both.

Signing an email document will prove to the recipient that the email was sent by the person in the “To” field and that it was not tampered with.  You will see a digital "seal" icons used in both the mail list and the message view windows of Outlook and Outlook Express. The state of this image, hovering over it, or simply double-clicking it, will reveal if the email is indeed valid and still unchanged from when it was sent. Please note that mail servers that add a company disclaimer to the end of e-mails will invalidate the seal.

Encrypting an e-mail document will ensure that only the intended recipient will be able to read the message. The message is encrypted using your certificate (using the private key) at the sender's side and decrypted at the recipient side (using your public key). There is actually more to it, but too technical for this discussion. Trying to decrypt an encrypted message using brute force, without the proper encryption keys, will typically result in days, if not years, of desktop PC computing power.

Read more about it at Wikipedia - http://en.wikipedia.org/wiki/Digital_certificate.

How do I get it?
Thawte, the company Mark Shuttleworth sold to Verisign, can issue you a free, personal e-mail certificate. All you need to do is browse to https://www.thawte.com/secure-email/personal-email-certificates/index.html. Click on the "Click here" link at the bottom of the page and follow these steps:
• accept the license conditions
• furnish your personal details
• specify your PRIMARY email account (used for login purposes)
• set your language preferences
• set your password details
You will receive a confirmation email. Follow the steps and registration should be complete. If you don't want to be certified (see below), skip to the "How do I get a new certificate" section.

How do I get certified?
The Thawte personal e-mail certificate is issued to a fictitious "Thawte Freemail Member" identity when you first apply for one. The Thawte Web-Of-Trust (WOT) is a community-based certification system whereby your identity can be validated against your Thawte username. This is done by appearing before a Thawte Notary and gaining Trust Points.

50 Trust Points allow you to get the certificate issued in your own name.
100 Trust Points allow you to become a notary, whereby you in turn can assert users by awarding 10 Trust Points. It will gradually increase to 35 Trust Points as you assert more people.

If you want to be accredited, ensure that you have provided your ID details. This can be done in the Personal E Mail Certificate section (Thawte.com->Main Menu->Products->Free Personal E-mail Certificates), selecting My Account then Edit ID info. Use "ID Document" as National Identity Type and furnish your ID number.

You will now need to find a notary to accredit you. You can find notaries in your area by going to the Web-Of-Trust section (Thawte.com->Main Menu->Products->Web-Of-Trust) and selecting Find a Notary in the left menu, or go here (https://www.thawte.com/cgi/personal/wot/directory.exe?node=241) for the South African list. You will need contact the notaries listed there, make your details available to them and go and see them personally.

Alternatively, I am also a notary and able to award 35 Trust Points. There are another 3 notaries in Somerset West and they can award you another 35 points each.

How do I get a new certificate?
I will assume you would like to use your certificate in Outlook. Using Internet Explorer (very important), go to the Thawte Personal E-mail Certificate section (Thawte.com->Main Menu->Free Personal E-mail Certificates), under Certificates (left menu), select Request Certificate (you must be logged to access this menu).
Proceed as follows:
• Select the X.509 certificate request option
• Select IE, Outlook and Outlook Express option
• Leave selection on "No employment information"
• Select your email address(es) for the certificate
• Accept default extensions
• Select Microsoft Enhanced Cryptographic Provider v1.0
• You will now get 2 popup dialogs, select Yes, then OK
• Select Finish.
A confirmation email will be sent to you. Follow the links in the email. Ensure that you open the link(s) in the message body using Internet Explorer! You may, alternatively, go to the Thawte Personal E-mail Certificate section (Thawte.com->Main Menu->Free Personal E-mail Certificates), under Certificates (left menu), select View Certificate Status, click on the certificate name (i.e. MSIE) and select Fetch. You should receive another 2 popup dialogs as the certificate is installed.

How do I use it?
In Outlook, create a new message. Select Options, then Security Settings. Select the desired options at the top of the dialog.

In order to send an encrypted email, you should first obtain and install the certificate(s) of the intended recipients. This can easily be done by requesting those people to send you a signed email (using their certificate). Once you have received the e-mail, right-click the FROM address in Outlook and select Add to Outlook Contacts. The user details, together with the certificate, will be installed in your contact list. You can even perform this step if you have an existing contact entry - Outlook will simply update the information.

This should enable you to get started with your personal email security.

No comments:

Post a Comment

Live Traffic Feed


Be notified of
page updates
it's private
powered by

Copyright © 2008 HandyTechTipper. All articles are released under the Creative Commons Attribution 2.5 South Africa license, unless where otherwise stated.