Go to http://www.thawte.com and sign up for an account. They're going to want some form of unique ID, issued by a government. I used my drivers licence.
They're going to send you a message to confirm that the email address you gave them is actually yours. Follow the instructions in the message. Be sure to remember to use Mozilla and not Safari.
- Login on Thawte.com
- Select Certificates
- Select Request a Certificate
- Select Request X.509 Certificate
- Select Netscape Communicator
- Ignore the organization question and choose Next
- Pick one of your email addresses. You need to get a separate X.509 certificate for each email account you want to be able to encrypt and sign mail with.
- If you have to ask what one is, you don't have an extranet identity. Choose Next
- You don't want to monkey with the extension list. Select the defaults.
- Pick a nice long key length, like 2048 bit. Longer keys are more secure than shorter keys. Select Next
- Wait around for a long time. Eventually you'll get an email telling you your certificate is ready. Paste the link from the email into Mozilla, and go to that page.
- Click Navigator, then Fetch. Nothing will appear to happen, but the key has been downloaded into Mozilla.
- Open Preferences in Mozilla
- Select Security
- Select Certificates
- Select Certificate Manager
- Select your key. Select Backup
- Pick a decent password when prompted, then save the certificate to your disk.
- Open the file in the Finder. It will automatically fire up Keychain Access for you and import the key.
- Now would be a good time to burn a CD with your key file and store it somewhere safe.
- Quit Mail and restart it so it loads the key information.
The next time you send Mail using the account with the email address you made the key for, you'll see a little seal icon in the compose window. Click on it to sign your message.
All you need to do to give someone your public key is send them a signed message. Once you get a signed message from someone, when you write a new mail to them, you'll see a little lock icon. Click on it so the lock is visibly locked, and the mail will automatically be encrypted. As a matter of policy, you should really encrypt as much of your mail as possible.
No comments:
Post a Comment