Email Encryption with S/MIME

Email encryption is not widely documented in a way that most people can understand it or how to set it up. This is my small attempt to help you get started.

There are two common choices, PGP and S/MIME. I tried PGP using Thunderbird's EnigMail extension and was not very pleased with it; it did not seem very flexible with supported message formats, and my colleagues using Windows did not have an easy way to use it. S/MIME seems to be better in both of these respects. Here's how I set it up on Thunderbird with a free certificate using Firefox (other email clients and browsers will also work but I don't have specifics for them):

  1. With Firefox browse to https://www.startssl.com/.

  2. Click Sign-up.

  3. Put in your email address and wait to receive email from validation@startssl.com.

  4. Copy the emailed verification code into the sign-up form.

  5. You will see "The login certificate is installed in your computer". Now you have a free personal client certificate from a widely recognized certificate authority good for more than 3 years. Nice!

  6. In Firefox go to Edit -> Preferences -> Advanced -> Certificates -> View Certificates -> Your Certificates. Highlight the new one from Startcom and click "Backup..." and back it up to a file somewhere. Use a password that you will remember.

  7. In Thunderbird go to Edit -> Account Settings -> Security -> View Certificates -> Import and import the backup saved in the previous step. Close the Certificate Manager window.

  8. In the still-open Account Settings window select the imported certificate for signing and encryption, and click OK.

Now email that you sign will include your public key so that others can send encrypted mail to you. Enjoy!