E-mail Encryption Guide version 1.2, by Thomas Reed



Similar documents
Update Instructions

Lab: Data Backup and Recovery in Windows XP

Law School Computing Services User Memo

Update Instructions

Lab - Data Backup and Recovery in Windows XP

Remember, this is not specific to your address alone... the METHOD you retrieve your is equally important.

Update Instructions

Trusted Relationships. Sending Invitations. Sending Invitations from Outlook

Database Program Instructions

1. Open the preferences screen by opening the Mail menu and selecting Preferences...

Xythos on Demand Quick Start Guide For Xythos Drive

Important information for all POP users

Microsoft OneDrive. How to login to OneDrive:

Update Instructions

MICROSOFT OFFICE 365 EXCHANGE ONLINE CLOUD

IT Quick Reference Guides Sharing, Delegation and Multiple Accounts

CHARTER BUSINESS custom hosting faqs 2010 INTERNET. Q. How do I access my ? Q. How do I change or reset a password for an account?

1. Open Thunderbird. If the Import Wizard window opens, select Don t import anything and click Next and go to step 3.

How to Use JCWHosting Reseller Cloud Storage Solution

You ve Got Mail Groupwise 6.5 for OSX

Government buyer user manual System Requirements and Administration Version 2.0

Configuring Outlook 2013 For IMAP Connections

How to configure your Desktop Computer and Mobile Devices post migrating to Microsoft Office 365

Why should I back up my certificate? How do I create a backup copy of my certificate?

Vodafone Hosted Services. Getting your . User guide

New Mexico State University

Basics. For more information on the Library and programs, visit BCPLS 08/10/2010 PEMA

Getting a Free Comodo Certificate

Installation Guide for Kurzweil 3000 Web License (Visual Walkthrough) Macintosh Version 14

Table of Contents. Changing Your Password in Windows NT p. 1. Changing Your Password in Alpha Connection.. pp. 1-3

Microsoft SharePoint is provided by Information Services for staff in Aberystwyth University.

1. Open the preferences screen by opening the Mail menu and selecting Preferences...

Frequently Asked Questions Mindful Schools Online Courses. Logging In Navigation s & Forums Tracking My Work Files...

This information is provided for informational purposes only.

How to Create a Voicethread PowerPoint Presentation

Instructions for accessing the new TU wireless Network

Mac OS VPN Set Up Guide

Getting started with IMAP for Aggi What is IMAP?

Booth Gmail Configuration

Encrypting Your Using the free COMODO Secure Certificate

Encryption. How do I send my encryption key?

Contents. Getting Started...1. Managing Your Drives Backing Up & Restoring Folders Synchronizing Folders Managing Security...

Receiving Secure Customer Support frequently asked questions

2. PMP New Computer Installation. & Networking Instructions

Quick Guide for Importing Credit Reports from Credit Infonet into Best Case Bankruptcy. Enter New Unlock Code. Configuring the Credit Report Manager

Amy wants to use her to view some photos her friend Sandy sent, from her vacation to Washington DC.

w w w.mendeley.com Organize. Collaborate. Discover. MIGRATION GUIDE RefWorks, EndNote X7, Zotero, Papers

Using LCC s media web server to store files

Delegate Access. In Lync 2010

Mail Merge (Microsoft Office 2010)

Here are the steps to configure Outlook Express for use with Salmar's Zimbra server. Select "Tools" and then "Accounts from the pull down menu.

Delegate Access. In Lync 2013

Once you ve signed up, all you ll have to do is sign in. To sign in key in your address and password.

Frequently Asked Questions

Managing Files. On a PC, after you find your file, right click it and selet Rename from the pop-up menu.

Instructions. Outlook (Windows) Mail (Mac) Webmail Windows Live Mail iphone 4, 4S, 5, 5c, 5s Samsung Galaxy S4 BlackBerry

Checklist for Migration to Windows 7

Getting started with OneDrive

INTRODUCTION TO & BASICS

MHC Car User Guide

OS X 10.6 SNOW LEOPARD: KEYCHAIN ACCESS MANAGING & UNDERSTANDING KEYCHAIN

Personal Secure Certificate

Microsoft Outlook Web Access Handbook

MiraCosta College now offers two ways to access your student virtual desktop.

A Guide to using egas Lead Applicant

Outlook XP Only

Teacher Activities Page Directions

About DropSend. Sending Files with DropSend

You can access OneDrive through your Office 365 account at

BOTTOM UP THINKING SETUP INSTRUCTIONS. Unique businesses require unique solutions CLIENT GUIDE

Professional Mailbox Software Setup Guide

Class Outline. Part 1 - Introduction Explaining Parts of an address Types of services Acquiring an account

TxEIS on Internet Explorer 7

Infoview XIR3. User Guide. 1 of 20

Titan Apps. Drive (Documents)

Initial Setup of Mozilla Thunderbird with IMAP for Windows 7

Cognos 10 Getting Started with Internet Explorer and Windows 7

INSTALLING MÜSE UPDATES FOR ISTAN

Steps for: POP (Post Office Protocol) and IMAP (Internet Message Access Protocol) setup on MAC Platforms

How To Create An Easybelle History Database On A Microsoft Powerbook (Windows)

Using Microsoft Office to Manage Projects

Remote Access VPN SSL VPN Access via Internet Explorer

FUGU - SFTP FOR MACS- REFERENCE GUIDE

FAQ. F-Secure Online Backup

Secure Recipient Guide

How to Create a New User Account for MyGovernmentOnline

Configure Outlook 2007 for Brandeis Gmail

Secure Outgoing Mail (SMTP) Setup Guide

How to get started with fleeping in Fleep?

Faith Lutheran College, Redlands. Install and Setup Office 365

Managing Your Bard Account

GET INTO OFFICE 365: OneDrive for Business Guide

MS Outlook 2002/2003. V1.0 BullsEye Telecom

USING OUTLOOK WITH ENTERGROUP. Microsoft Outlook

College of Marin Accounts Fall marin.edu Access,

WINDOWS 7 & HOMEGROUP

Cox Business Premium Online Backup USER'S GUIDE. Cox Business VERSION 1.0

Transcription:

E-mail Encryption Guide version 1.2, by Thomas Reed In order for two people to send and receive encrypted e-mails to/from each other, both parties need: An e-mail reader that supports encryption (such as Thunderbird or Mac Mail.) A security certificate of your own A security certificate for the person you are sending to Thunderbird Mail The purpose of this document is to explain the purpose of these certificates and how to obtain them, since they are the key to encrypting e-mail. A certificate comes in two parts: a private key that is kept on your computer and is not meant to be shared with anyone and a public key that you give to anyone you like. Anyone who has a copy of your certificate s public key can send you encrypted e-mail. That person does not even need to have a certificate of their own just to send the e-mail. An e-mail message that has been encrypted with your public key can only be opened by you, using your private key. (Don t worry, most of this happens behind the scenes... you don t have to think about the certificates much or what is being done with them, but you should understand what is going on.) Certificates can also be used to sign e-mail messages, verifying that you wrote them and that the contents of the e-mail have not been tampered with. This is less important for most people, but since signing an e-mail attaches a copy of your public key to the e-mail, signing messages turns out to be an extremely easy way to give someone a copy of your public key. (More on this later!) Certificates are issued by companies called certificate authorities, which is meant to provide some level of trust that your certificate really belongs to you, and not to someone pretending to be you. Most certificate authorities charge a fee for certificates, but free alternatives do exist. The one we are going to be using is a company called StartSSL. The process of getting a free certificate from StartSSL takes about 5-10 minutes and is not very difficult. The following instructions assume you are using Firefox, which is available free for both Mac and Windows. If you use a browser other than Firefox, there will be steps in these instructions where you re going to have to figure things out on your own.

Step 1: Go to www.startssl.com in Firefox. Step 2: Click on Easy Enrollment. Step 3: Fill in all the fields in the form and click the Continue button. If you have more than one e-mail address, use the one that you want to use to send signed and encrypted e-mail. Step 4: In the alert window that appears, click OK. Step 5: You might, after you click Continue, still see the form with an error message displayed at the top of the page that starts We were not able to verify your email address! If this happens, wait 5 minutes (really 5 minutes, not just until you get tired of waiting!) and repeat steps 3 and 4 again. Note that you will need to re-enter your phone number, but all the other fields should still be okay. Step 6: When you see the screen titled Complete Registration, check your e-mail. You should find a message titled Your Authentication Code. Open that e-mail and select the code (a series of random-looking letters following the text Your authentication code is ). Then paste the code into the field in Firefox (highlighted below) and click Continue.

Step 7: Make sure that the pop-up menu reads High Grade (it should already, but if it doesn t, change it), then click Continue. Step 8: Wait. Step 9: Click Install. Step 10: Wait again. Step 11: On Windows, choose Options from Firefox s Tools menu. On a Mac, choose Preferences from the Firefox menu. Step 12: Click the Advanced button, then click the Encryption tab and finally click the View Certificate button. Step 13: Select the certificate and click the Backup button.

Step 14: Save the certificate on your desktop, so that it will be easy to find. (You won t need the file long, and will delete it shortly, so there s no need to seek out a more long-term home for it.) Name it whatever you like, though something like certificate would make sense. Step 15: Enter a password, typing it in both fields. Make sure that it is a password you will remember, as you will need it whenever you want to sign an e- mail or open an encrypted e-mail. Once you finish, click OK. (If you can t click OK, that s because the two passwords you typed don t match.) At this point, you have a working certificate saved to your desktop, as well as installed in Firefox (where it really isn t going to do you any good). You can now close all the open Firefox windows. The next thing you need to do is get things set up so that you can use the certificate in your e- mail. How you do this depends on whether you use Mac or Windows and what e-mail client you use. The following instructions will help you install the certificate in Thunderbird on Windows and in the keychain for use with Mail on a Macintosh.

Installing a certificate in Thunderbird on Windows Step 1: Open Thunderbird. Step 2: From the Tools menu, choose Account Settings. Thunderbird Step 3: Select Security in the list on the lefthand side and then click the View Certificates button near the bottom of the window. If necessary, click the Your Certificates tab in the window that appears. Step 4: Click Import and select the certificate file that you already created on the desktop. Step 5: Some versions of Thunderbird will prompt you for a new password at this point. This is not necessarily the same password as the one you specified in Step 15 in the previous page, though it can be. Step 6: When asked for the password used to encrypt the backup certificate, enter the password from Step 15 on the previous page. Step 7: Still in the Certificate Manager window, click the Authorities tab. Scroll down to StartCom Ltd, then select the item underneath it named StartCom Certification Authority. Click Edit. Step 8: Check the box that says This certificate can identify mail users. and click OK. (In newer versions of Thunderbird, this may already be checked.)

Step 9: Some versions of Thunderbird require you to manually select which certificate to use. Close the Certificate Manager window, and in the Account Settings window (where you originally clicked the View Certificates button), you ll see a box labelled Digital Signing. In that box, click the Select button. Step 10: In the next window, make sure your StartSSL certificate is selected in the pop-up menu at the top of the window. (It will be by default if you don t have any other certificates.) Click OK. That s all there is to it! You can close the Account Settings window and can move the certificate file from your desktop to the recycle bin. To sign or encrypt a message, simply create a new message and use the Security button in the toolbar of the new message window. Click and hold on the arrow on the right side of the button to open a pop-up menu.

Installing a certificate on a Macintosh Step 1: Open the Keychain Access application, found in the Utilities folder that is in the Applications folder. Step 2: Choose Import Items from the File menu. Step 3: Select the certificate file that you already created on the desktop. If you have created additional keychains, make sure the Destination Keychain pop-up is set to the keychain in which you want the certificate stored. If you have not, make sure Destination Keychain is set to login. Then, click Open. Step 4: If Mail is running, quit it and then start it up again. This will make it recognize the new certificate. That s all there is to it! You can quit Keychain Access and can move the certificate file from your desktop to the trash. To sign or encrypt a message, simply create a new message and click the lock button to encrypt or the badge button to sign.

How to use your new certificate Now that you ve got your certificate installed and you know where the controls for encrypting and signing messages are found, you need to know a few things about how to use your new certificate. First, in order for someone to send you an encrypted message, you must first send them your certificate s public key. To do that, you must send that person a signed message. This attaches a copy of your public key to the message. When that person receives your message, assuming they are using an appropriate e-mail reader, your public key will be remembered and automatically associated with your e-mail address. From that point on, that person can send you encrypted e-mail. Second, note that you can sign any message, but you can only encrypt a message if you have a certificate for everyone you are sending it to. For example, suppose you know that John Smith has sent you his certificate but Jane Doe has not. You will be able to send an encrypted e-mail to John, but not to Jane. You also will not be able to encrypt a message if you are trying to send it to both John and Jane. However, if you also have a certificate for Bob, you can send an encrypted message to both John and Bob. If you need to send encrypted e-mail to someone who does not work at KidsLink, feel free to give them this guide so that they can get their own certificate. If you have questions or comments about this guide, please let me know. Thomas Reed treed@kidslinkohio.com