Heya, I found how you can digitally sign and encrypt emails! (It even gives them a cool icon for others to see!), and I haven’t seen anything about it before so I thought I’d share how I did it!
Do you also want to send encrypted emails and sign them? Just follow these few steps!
But beforehand, let’s define some terms :
-
Signed email : Email with a valid numerical signature. Anyone can read it and know it has not been modified since it was sent.
-
Encrypted email : Email encrypted with the recipient’s public key. They can decrypt it with their private key
-
S/MIME certificate : A
.p12
file containing your private key (So keep it for yourself and don’t send it to anyone!!) and your public key.
Okay, now it’s time to…
Start the setup (Obtain an S/MIME certificate)
- You’ll need to ask to an authority for a certificate. Personally I use Actalis because they give free certificates for multiple email addresses, valid for a year (you need to redo the setup every year). If you don’t want to use Actalis, more info is avilable here.
- Don’t forget to put the website in english if you don’t understand italian.
- Go on the page to request an S/MIME certificate, create an account and follow the setup. The verification email can take a little while (~2min)
- When the setup ends, you’ll have a valid certificate in your dashboard (It can take a few minutes to appear if you just verified it) that you can download, and a password that Actalis emailed you to enable your certificate.
Install the certificate
- Download the .p12 file, then open it, type your password, and leave the default options to install the certificate on your device (Android or PC, on Android pick “For VPN and apps”). Don’t delete your old one, so you can still decrypt old messages sent on the expired certificate
- Use an S/MIME compatible email client. On PC, there is Thunderbird, on Android, FairEmail.
- In your email client settings, importer the S/MIME certificate pofor signing AND encrypting your messages. It changes depending on your client, so here it is for Thunderbird :
- In the top-right menu, go to
Account settings
,End-to-end encryption
, underS/MIME
click onManage S/MIME certificates
,Import
and pick your.p12
file. Then, pickSelect a certificate
, and pick yours from the tab “Your certificates”.
- In the top-right menu, go to
An image is worth a thousand words (Sorry for the french)
Don’t forget to check the box to sign and/or encrypt every message just below, if you want!
Communicate with someone
Once this is done, here is how you can communicate…
- …While signing your messages :
It’s easy, just click on “Sign” before sending. Usually, email clients show a small medal next to your name to show the email is signed.
- …While encrypting your messages :
For that, you’ll need your recipient’s public key. They needs to send you a signed message (not encrypted, since you don’t have each other’s key at this point) where you can get their public key from their signature, and add it to your email client, which will allow you to encrypt messages you send to them. Then, send them a signed email (you can encrypt it) so they can get your public key and add it to their client, and then you’ll be able to exchange encrypted emails!
I’m not an expert and probably made a few mistakes, if you spot any please tell me in the comments and I’ll try to fix the guide!
Be aware, that trusted Certificate Authority (CA) configuration applies to ALL certificates issued by CA. Thus, if one elects to trust “actalis” CA, then they trust ALL actalis CA users.
If the process of obtaining certificate was extremely simple, easy and did not involve identity verification steps, then bad actors can take advantage of this process and create identities that your client application will trust.
By itself the bad actor identity is of little concern to anybody, but it can have a significant impact if trusted identity is used in spam filtering, exploits of email client bugs or other hack attempts. Trusted users may be given higher access privilege at the client application level, which may be just enough for hacker to gain required access. For example, client application may be configured to trust all trusted senders with MIME attachments. An unknown trusted user sends malicious Application as file attachment. Accidental double click lunches the application, because sender is trusted. Congratulations, machine is pwned.
Question 1: What’s the point of using Actalis? Can’t you generate your own certificate?
Question 2: Is there a way to get your email.server to automatically publish your public key?
So as I understand :
- Actalis is a trusted authority among others but is the only one to issue free S/MIME certificates that I found. You need to use a trusted authority to make the signature, or else your email client will say “Cannot verify signature authenticity” and show a red badge. This explains it better
- When you sign your email, you include your public key in the signature. So just sign every email (usually an option in your client) to let anyone you email have your public key. I don’t really understand why you would need to change stuff in the email server.
Ahh gotcha, that makes sense, so like the difference between a self signed SSL certificate and something like LetsEncrypt.
Re 2: I was thinking in the scenario to allow auto discovery of your certificate, so someone who is emailing you for the first time could look up your public key automatically and use it to encrypt their email.
Also, great writeup and thank you!
Great job and spot on! I know how good it feels to figure out stuff like this. I did this back in 2018. Was useful for sending encrypted emails to an organization with PKI setup. This was before they had other means through either O365 or a separate vault like sharing web app. Since there was no regular communication between this organization, I had no reason to keep it setup. I was employed by the organization and had an internal email.
Yes, it exists.
But the receiving side needs to have its own certificate or to be more correct a private key represented by the certificate.
Most people don’t know or don’t bother to obtain one.
Same problem if PGP is considered.
Cert based solution is supported by many clients, so it is easier on end user than PGP. But PGP is easier to manage for free. So there are some trade offs on both sides.
The technology is very old for both cases. It has not caught on due to friction of key management (PGP private key or certificate in case of S/MIME).
It is perfect if you want to communicate with family or friends as you can ensure everyone in your circle has their own private key. Even then I guarantee you will experience some friction to get this through.
Organizations can have it easier as they can issue certificates to their users. But then problem of trusted certificate authority comes into play, if they use their authority. If they use well known authority, they have to pay.
So, you can see how there’s friction in the solution. IMO, It is a good solution.
Personally I’d love to see more wider usage of S/MIME and/or PGP. What I take issue with actalis, is that they don’t just sign your private key but you actually get the private key from them. It then depends on how much you trust the issuer. To me a key that wasn’t always in your possession is basically compromised from the start.
(Although, I am also using protonmail’s pgp, which arguably violates this rule as well, their transparency is more trustworthy to me. )
Personally I’d love to see more wider usage of S/MIME and/or PGP.
I’d rather see less. https://www.latacora.com/blog/2019/07/16/the-pgp-problem/ is a good summary about the issue and they have a shorter follow-up post about why encrypting mail in general is bad at https://www.latacora.com/blog/2020/02/19/stop-using-encrypted/
What I take issue with actalis, is that they don’t just sign your private key but you actually get the private key from them. It then depends on how much you trust the issuer.
By definition, that key can no longer be considered “private”.
What I take issue with actalis, is that they don’t just sign your private key but you actually get the private key from them. It then depends on how much you trust the issuer.
By definition, that key can no longer be considered “private”.
It is very important to emphasize that the key in this model is not “private” anymore. Thus, all the communication using this key is not secure anymore.
Private key is the one generated by hardware owned by the user and immediately secured with strong password. Ideally, private key does not leave the hardware that generated it. Thus, every device shall have its own private key.
In less restricted model, private key gets copied by the user to other hardware using media like USB stick or P2P communication model that does not use cloud services.
https://www.latacora.com/blog/2019/07/16/the-pgp-problem/ is a good summary about the issue
Good counter discussion about PGP security
https://www.reddit.com/r/cryptography/comments/10cfslk/exactly_how_strong_is_pgp/
I would argue that latacora could be an attempt to push users into the systems that provide 3rd party service, which by definition of 3rd party service is not secure: WhasApp, Signal.
Only true P2P can be safe. PGP provides ability to send encrypted message using any means necessary: FTP, HTTP, anonymous services, USB sticks, anything.
Also delete your expired certificate if you have one (for example after a year)
This is likely a bad mistake. Keep the old cert around.
There’s two possibilities:
The first possibility is that Actalis uses the same key pair for the new cert. This is not a great approach because it doesn’t defend against a leaked key or key overuse. After all, if the key can be trusted longer than a year, the first cert they issued should be valid for longer.
The second, and much worse possibility, is that renewing the cert gets a different private key. This can case data loss. Deleting the old identity means you lose the ability to decrypt any messages that were encrypted using that key! Even if your mail client stores the previously encrypted emails in decrypted form, you may receive a new email from a sender who does not yet have your new cert.
Actalis sends you your private key. This means they have access to your private key, and theoretically could use it to sign and decrypt your emails. A more secure but somewhat more complex system would use a certificate signing request (CSR) instead. In that case, you are the only person who ever has your private key, so only you can sign or decrypt your email.