I've been using Enigmail with Thunderbird to correspond securely (signatures and encryption) with a colleague. Recently, his IT setup at work was changed, so now he claims he no longer uses his old public key... instead, he sent me an email that shows up in TB with a "Message Signed" icon (small envelope with a red circle on it). When I click on that, I get a drop-down panel that allows me to view his signature certificate. I've managed to import this certificate into TB, and I can see it in Preferences > Advanced > View Certificates > People. But I don't know how to do this in the other direction -- that is, how to use Enigmail to sign and/or encrypt my correspondence to this person using the alternative method with certificates, rather than my existing GPG key.
Can I somehow convert my existing GPG key, which I've been using to sign via Enigmail, into a equivalent certificate to send to him? Otherwise, I don't know how I will be able to use my existing setup (TB+Enigmail+GPG) to correspond with him any longer. Or do I need to go out and create (purchase?) a separate certificate, just so I can correspond securely with him?
Note that I am NOT trying to mix the two methods (original signature/encryption using my existing key, and these new certificates) -- I'm OK using certificates to correspond securely with this colleague, and Enigmail (as before) to correspond with everyone else -- I just want to understand how it all fits together.
Apologies in advance if this is an obvious and/or stupid question, or if I'm asking in the wrong place; I'm very much a novice at this. I'd appreciate any pointers, explanations, etc.
Thanks,
-H
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
PKCS is S/MIME, which is a different standard than OpenPGP. In theory, you could convert an OpenPGP key into an S/MIME key, but in practice there is no tool that would do this.
S/MIME is part of standard Thunderbird functionality, and except for the fact that it does encryption and signing, it is not related to Enigmail.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
You can apply for a 1 year (free) S/MIME certificate from Comodo: https://secure.comodo.com/products/frontpage?area=SecureEmailCertificate
Go there using your browser (I used Firefox) and request it, using an email address that you will use for S/MIME. Save the Revocation Password in case you need it in the future.
When an email comes from Comodo, use the same browser and the Collection Password that they sent you, to install the certificate in Firefox.
Go to Firefox Options > Advanced tab > View Certificates > "Your Certificates"
Select the certificate and "Backup" to a .p12 file on your Desktop, so you can import it into Thunderbird.
Remember your backup password. More TB instructions, here: http://www.comodo.com/support/products/email_certs/thunderbird.php
Pay particular attention to the bottom "Security" settings screen. You need to select the certificate there, and likely choose to Digitally sign messages by default, and "Required..". Thus, read the next paragraph below.
Please note: PGP and S/MIME cannot be used in the same email. I found it best to request and install an S/MIME certificate for an email address that I do not use with PGP. A Per-Recipient Rule that specifies PGP, and choosing to automatically use S/MIME when sending an email, is a recipe for failure.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hello,
I've been using Enigmail with Thunderbird to correspond securely (signatures and encryption) with a colleague. Recently, his IT setup at work was changed, so now he claims he no longer uses his old public key... instead, he sent me an email that shows up in TB with a "Message Signed" icon (small envelope with a red circle on it). When I click on that, I get a drop-down panel that allows me to view his signature certificate. I've managed to import this certificate into TB, and I can see it in Preferences > Advanced > View Certificates > People. But I don't know how to do this in the other direction -- that is, how to use Enigmail to sign and/or encrypt my correspondence to this person using the alternative method with certificates, rather than my existing GPG key.
Can I somehow convert my existing GPG key, which I've been using to sign via Enigmail, into a equivalent certificate to send to him? Otherwise, I don't know how I will be able to use my existing setup (TB+Enigmail+GPG) to correspond with him any longer. Or do I need to go out and create (purchase?) a separate certificate, just so I can correspond securely with him?
Note that I am NOT trying to mix the two methods (original signature/encryption using my existing key, and these new certificates) -- I'm OK using certificates to correspond securely with this colleague, and Enigmail (as before) to correspond with everyone else -- I just want to understand how it all fits together.
Apologies in advance if this is an obvious and/or stupid question, or if I'm asking in the wrong place; I'm very much a novice at this. I'd appreciate any pointers, explanations, etc.
Thanks,
-H
PKCS is S/MIME, which is a different standard than OpenPGP. In theory, you could convert an OpenPGP key into an S/MIME key, but in practice there is no tool that would do this.
S/MIME is part of standard Thunderbird functionality, and except for the fact that it does encryption and signing, it is not related to Enigmail.
You can apply for a 1 year (free) S/MIME certificate from Comodo:
https://secure.comodo.com/products/frontpage?area=SecureEmailCertificate
Go there using your browser (I used Firefox) and request it, using an email address that you will use for S/MIME. Save the Revocation Password in case you need it in the future.
When an email comes from Comodo, use the same browser and the Collection Password that they sent you, to install the certificate in Firefox.
Go to Firefox Options > Advanced tab > View Certificates > "Your Certificates"
Select the certificate and "Backup" to a .p12 file on your Desktop, so you can import it into Thunderbird.
Remember your backup password. More TB instructions, here:
http://www.comodo.com/support/products/email_certs/thunderbird.php
Pay particular attention to the bottom "Security" settings screen. You need to select the certificate there, and likely choose to Digitally sign messages by default, and "Required..". Thus, read the next paragraph below.
Please note: PGP and S/MIME cannot be used in the same email. I found it best to request and install an S/MIME certificate for an email address that I do not use with PGP. A Per-Recipient Rule that specifies PGP, and choosing to automatically use S/MIME when sending an email, is a recipe for failure.