Basics of email encryption, Export /Import email certificate and enable to use in Mozilla Thunderbird

May 25, 2018 in Windows and Email S MIME

Basics of Email encryption and Email signing/Export & Import, Import Certificate into Mozilla Thunderbird, enable the Certificate in Thunderbird.


Basics of Email encryption and Email signing:

The technique of S/MIME relies on complex algorithms that create the appropriate key pair:

The public key
The private key

This key pair needs to be available if any encryption or signing is being used. If one is missing, you won’t be able to use the corresponding key anymore.
The public key has to be published, the private key can be compared with your identity card or your driving license, it declares your digital identity.

Email Encryption:

When you try to secure email to make sure that no one can read the SMTP packages on its way from sender to recipient you will have to encrypt them.

This feature works the following way:

The messaging platform looks for the public key of the recipient
It now encrypts the message using this public key
The message is now being delivered to the target system
If the recipient tries to open the message his system will have to own his private key to be able to decrypt the message

Email Signature

When you want to use the digital signature you have to make sure that the recipient can recognize that you yourself wrote this email and not anyone else. In addition, you can be sure that the email has not been changed during its way.

Email Signing works the following way:

The messaging platform looks for the private key of the sender
It now hashes the message and then encrypts this fingerprint with this private key
The message is now being delivered to the target system
If the recipient tries to open the message his system will have to be able to access the recipient’s public key
If now hashes the message again, decrypts the fingerprint using the public key
If the sender’s and recipient’s fingerprint are the same you can be sure that the message was originally sent from the sender and has not been changed in between.


To Export your Certificate/Key Pair from Microsoft Internet Explorer:

1. From the menu bar, click on Tools > Internet Options.
2. Click on the Content tab.
3. Click on the Certificates button.
4. In the Personal tab, select the certificate you wish to export.
5. Click on Export.
6. Click on Next.
7. Select the Yes, export the Private Key option.
8. Click on Next.
9. Enter the password to protect the certificate and private key being exported. Enter this password again to confirm then click Next.
10. Browse to the directory where you wish to store the file and select a file name.
11. Click Save and then Next.
12. Click on Finish.
13. You should see the message 'The export was successful.'
14. Click OK.

To Import your Certificate/Key Pair into Microsoft Internet Explorer:

1. From the menu bar, click on Tools > Internet Options.
2. Click on the Content tab.
3. Click on the Certificates button.
4. Click on Import.
5. Select the certificate file.
6. Click on Next.
7. Enter the password that was used to protect the file.
8. Select the box Mark the private key as exportable.
9. Click on Next.
10. Click on Next.
Note: The box 'Automatically select the certificate store based on the type of certificate' should remain checked.
11. Click on Next.
12. Click on Finish.
13. You should see the message 'The import was successful.'
14. Click OK.


Import Certificate into Mozilla Thunderbird:

1. Open up Mozilla Thunderbird (if not already opened).
2. Go to Tools > Account Settings > Security
3. On the right-hand side, click on Manage Certificate and Devices > click on the Manage Certificates... button.
4. Under the Your Certificates tab, click on the Import button.
5. Follow the Wizard to import the Certificate and Private Key file into Thunderbird.
6. When prompted to, enter the Master Password for the Software Security Device, which was either set when you requested the certificate or when your profile was originally created on Firebird.
Click on OK.

7. Enter the Certificate backup password and click on OK.
8. Once imported, you will receive the following message: 'Successfully restored your security certificate(s) and private key(s).' Click on OK.
9. Now, you will need to enable your Certificate for use in Mozilla Thunderbird.

To enable the Certificate for use, please follow the instructions below:

1. Open up Thunderbird (if not already opened).
2. Go to Tools > Account Settings
3. On the left-hand side, click on Security > under Digital Signing > Select...
4. Make sure that the following option is selected: Digitally sign messages (by default)
5. Under Encryption
Select your Certificate from the list displayed.