Hunter Ford Hunter Ford

Digitally Signed E-Mails with Thawte Personal E-Mail Certificates

UPDATE: Thawte is doing away with Free Personal E-Mail Certificates. You can read their FAQ for more information.

Digitally signed and encrypted e-mails have been around for a long time. Unfortunately, it's never really taken off. Thawte hopes to change all that with its Web of Trust. They offer free certificates for personal use.

The biggest problem to date in my experience has been e-mail clients ability to handle digitally signed and encrypted e-mails. I use a Apple Mail to handle all of communications since its support for IMAP is top-notch.

To give you a little background, digital signatures are apart of the S/MIME specification. Here's how Wikipedia defines it.

S/MIME provides the following cryptographic security services for electronic messaging applications: authentication, message integrity and non-repudiation of origin (using digital signatures) and privacy and data security (using encryption). S/MIME specifies the application/pkcs7-mime (smime-type "enveloped-data") type for data enveloping (encrypting): the whole (prepared) MIME entity to be enveloped is encrypted and packed into an object which subsequently is inserted into an application/pkcs7-mime MIME entity.

If you want to get started using digital signature in your e-mail, you need to first sign-up with Thawte. At the bottom of the page, click the link that says "Click here". You'll then have to proceed through the wizard, verify your email, and request a certificate. After your certificate has been generated, you'll download it, and it should get added to your keychain.

After it's been added to your keychain, you need to make one adjustment so that you can use it in Mail. You'll want to double-click the certificate you just added so that you get a new pane. Then, click "Trust" to expand it. Then you need to tell it to "Always Trust" "When using this certificate".

Screen shot 2009-08-19 at 4.01.10 PM

The next time you open a composition window in Mail, you'll see a few new buttons whenever you compose an email from the email address you got the certificate for.

Screen shot 2009-08-19 at 4.11.14 PM

The following is from Mail's help:

A Signed icon (containing a checkmark) in the lower-right side of the message header indicates the message will be signed when you send it.

An Encrypt (closed lock) icon appears next to the Signed icon if you have a personal certificate for a recipient in your keychain; the icon indicates the message will be encrypted when you send it.

You can add several emails to your Thawte account, but each one will need its own certificate.

Now you're halfway there. You need to become "Trusted" so that your name can be put in the certificate. Upon doing this, and downloading new certificates, your recipients won't be presented with the message: "Unable to verify message signature". So in order to become trusted, your identity must be verified by a Web of Trust notary. Go to the website and login. You'll have to locate a few notaries in your area that will verify your information. Each notary can assign a certain number of "trust points". You need 50 trust points in order to be trusted. Each notary can give out between 10-35 trust points. You'll have to meet this person face-to-face and present them with a few documents (driver's license, passport, company photo ID) and copies of those documents for them to keep. Before you're meeting you'll have to share your details with them through the website.


  • Kevin

    I've OS X 10.6.1 and Mail App version 4.1. After got personal mail certificate from Comodo and installed in Keychain but when open the mail app, I do not see those NEW BUTTON that you have talk about. Please help... thanks.