Email security certificates

What is an email security certificate?

• Email security certificates are issued by the authorities with undoubted credibility (compare with Department of State in US or Home Office in UK).
• Basically, an email security certificate is an electronic document with a lot of fields such as
  • your name
  • email address
  • your public key (which you can safely share with others)
  • your private key (this one you keep secret)
  • name of the authority issued the certificate
  • digital signature produced by the certificate's issuer
  • validity (expiration date)
• A certificate binds together email address and personal identity data which in turn sealed by digital signature produced by the trusted authority (compare with stamps used in passport issuance).
• There are revocation centers where you can revoke or even cancel your certificate (compare with a situation of lost or stolen passport)
• Email certificates are equally used to digitally sign email messages, and encrypt contents of the messages.
  • How to use email certificates to digitally sign emails in Outlook Express?
  • How to use email certificates to encrypt messages in Outlook Express?

What is an authority?

• An authority is someone who can clearly ascertain the user's identity and no one would doubt it.
• Actually, this is always a matter of two: you and your recipient must trust the authority which you choose to verify yours identities.
• Because there might be quite a lot of potential authorities (from your mutual friends to trusted third party organizations) with different levels of trust, there was a need for the authority regulating mechanisms and finally all has come to the hierarchical structure.
• There are a few top-level widely known authorities and a lot of less-known ones which obtained their own certificates from the authorities up the hierarchical ladder.
• Authorities verify user's identity by issuing a digitally signed certificate which can be free or not depending on its expiration date and level of confidence in the certificate's issuer.
• Normally, authorities attest that the public key contained in the issued certificate belongs to the person with mentioned in the certificate personal data, while the certificate's owner identity is not verified.

Where to get a certificate?

• VeriSign (Digital IDs for Secure Email 1-year certificate for 19.95 US dollars)
• Thawte (Personal E-mail Certificates - free to individuals for non-commercial use )
• GeoTrust (Client certificate for 19.95 US dollars)
• Comodo (1-year Free Email Certificate).
  • Getting Comodo email certificate for the digital signing of emails in Outlook Express
  • Getting Comodo email certificate to encrypt emails in Outlook Express

How to share a public part (a.k.a. public key) of a certificate with others?

• to whom you are going to send digitally signed emails
• from whom you wish to receive encrypted email messages

At the moment we are only dealing with email certificates installed on Outlook Express; to extract a public key from such a certificate you should use Certificate Export Wizard embedded in Outlook Express (see under "Tools" -- "Options" -- "Security" -- "Digital IDs..." -- "Export") and just follow the instructions. A public key extracted with the help of the wizard will be saved in a file typically with a .CER file type (extension), later it can be delivered by usual means to any persons concerned. Please, refer here for more information on extracting a public key from a certificate installed on Outlook Express.