Now that you have your certificate and it’s been automatically installed on your system, you won’t have much to worry about after you finish configuring Outlook Express.
You’ll need to go back to the Tools>Options>Security tab (it may still be open, just as you left it before getting your certificate). There’s a button that says Digital IDs. Click that button and you go to another screen that shows your current certificates (digital IDs). You should see Thawte Freemail Member — Personal Freemail RSA 2000.8.30. (If you don’t see it, you should go back to the Thawte site and try Fetch and Install again.)
Then, on the right side of the window, you’ll see a button that says Advanced. Click on that. As with all the other clicking you’ve done, you’ll see yet another window open. (You probably only have half a zillion windows open by the time you’re finished with this operation!) This window has all kinds of options. Make sure that you check every single one of the options, as in Figure 8-7.
Figure 8-7: Advanced options in Outlook Express to use encryption
After you have checked all the boxes, click OK, and you’re ready to send an encrypted message, a signed message, or a message that is both signed and encrypted. Remember:
Signing a message proves you’re the person who sent it.
Encrypting a message scrambles it so others can’t read it.
Signing and encrypting a message proves that you’re the person who sent it and scrambles it, too.
To send an encrypted message, you have to be sure that the other person (the recipient) has a certificate, too.
Outlook Express automatically searches the public Digital Certificate servers to see if one exists for your recipient. (It searches by e-mail address.) If there is no certificate for your friend, the message will not encrypt. (If you decide to send a message to yourself using another e-mail address, you’ll have to go through the application/registration process for the other e-mail address to get another Digital Certificate.)
So, here you go.
Compose a new message in Outlook Express and address it to a friend who has a Digital Certificate. When you are finished creating the message, but before you send it, choose Tools>Encrypt Using S/MIME (see Figure 8-8). After you have done that, you will see a small blue lock appear on the far right side of the message window, by the To: box.
Then go ahead and click Send. Outlook Express will ask for your password only if you set the security setting to High when you created your certificate. (That password is the second one you gave, not the first one you gave to create the certificate. If you left the security setting at Medium, you will not be asked for a password.)
This document was created by an unregistered ChmMagic, please go to http://www.bisenter.com to register it. Thanks.
Figure 8-8: Encrypting your message.
Tip When composing an e-mail that you intend to encrypt, pay special attention to the Subject line. You wouldn’t want to accidentally give everyone a clue to your secret message by entering something like “New Product Specifications and Pricing” in the subject heading! That’s because everything in an e-mail is encrypted except the subject line.
Now your friend has received a super-secret message from you. If anyone other than your friend tries to open it, it will look roughly like this:
3QTn+zHWb7OKr7ihbxBHXcQgdbt+0R02T+nYKlyjV40ARKKYhuPDAnW188ulTzYa A28n4eldE82f57kRQHwGtmusfuMpHZJJ8ARYZf/Ba5SmHr2yr6Ycu4bkDjj5e4QU P6I3KBd0zXeRm666BxrJZ2M0ibUDkpEM5gfgZxOzFcQ6uqotpVKNEzjWiIG4zVdk NfzjH1gKwZdQnzpHvn0gZGD+mxtjRdXZgP1VR9iizGqb1xeJ0RRMQKUHNHuiI0MV JOus5ZfMJCxyKNmMjcJoTUhcwuGMiIf3holg8AkstYFykEeOZV9Zhz54YOCH3FTB
Of course this is just a pretend example. Most encrypted messages will have page upon page of text that looks like a chicken has played with a typewriter. However, when you friend gets the e-mail, he may note that there is a little blue lock attached to the sender’s name (that’s you!). When he clicks on it to open it, he may be faced with the dialog box shown in Figure 8-9.
Figure 8-9: The Outlook Express dialog box that indicated you are opening an encrypted message.
After he clicks Continue, the message automatically decrypts and he will be able to read it. Now you can both play with signed and encrypted e-mails and attachments.
You’ll have to admit that after you got the Digital Certificates all set up, it was not difficult to send encrypted emails.
However, if you were in a corporate environment, the IT department would be in charge of all this work. It’s a lot of overhead on their end, but that makes it so much easier for everyone in the long run.
Backing up your Digital Certificates
Ugh! You knew I’d bring you back to the ugly present at some point, didn’t you? Well, I have to take care of some housekeeping before I can go on to the next subject. That housekeeping involves backing up copies of your Digital Certificates. That way if you start using a different computer, or your hard drive dies, you can use your old certificates and you don’t need to go through the arduous process of applying for new certificates.
The two most common problems that users experience with e-mail encryption are:
They forget their passphrase.
1.
They lose their personal keys.
2.
No matter how experienced. No matter how intelligent. No matter if they have been trained on encryption software or not. People always make the same two mistakes! Don’t count yourself in those numbers!
Here’s how to back up your Digital Certificate. Whether you realize it or not, the Digital Certificate you’ve received actually contains two keys: your private key and your public key. You’re going to be backing them both up, but to separate floppy disks. The reason you’ll be keeping them separate is so no one can steal them and effectively steal your online identity. To save these two different keys, you’ll navigate through a series of windows and questions and you’ll do this separately for each key. First you’ll save your public key and your certificate and then you’ll do essentially the same task to save your private key and the certificate. If it seems confusing, just take your time. We’re just experimenting here, so nothing is really critical at this point.