ytbird said:
I would like to start encrypting my mail, if for no ther reason than to help
slow down the poliferation of abuse by anyone.
Does anyone have any recommendations?
You don't encrypt your outbound e-mails with your certificate. You
encrypt your e-mail using the recipient's certificate. They send you an
e-mail that is digitally signed. That gives you the public key that is
part of their certificate. You save a record in your address book or
contact list to record that portion of their certificate. When you send
e-mail to them, you use that record to identify them as the recipient.
You can then select to encrypt that e-mail because you saved their
public key. So you use their public key to encrypt your e-mail sent to
them. No one else that intercepts your encrypted e-mail can read it
because only the recipient has the other half of their certificate.
Only the recipient with the private key to match up with their public
key can decrypt the e-mail. Anyone and everyone can get their public
key. Those prospective senders can all use that same public key. None
of those other public key holders can read your e-mail as the public key
is used to encrypt and won't work to decrypt.
Have your intended recipient send you a digitally signed e-mail. It is
always up to the recipient if they want to receive encrypted e-mails,
not the sender. You get permission to send encrypted e-mail to the
recipient by having the recipient give you their public key. Then later
you can send your encrypted e-mails to that particular recipient.
Outlook already has a button in its security options to let you go
through the process of getting an e-mail certificate. Some CAs
(certificate authorities) are free but they don't put much data within
your certificate. Usually all that gets recorded into your free cert is
your e-mail address (which must match when you install the cert). It
costs time and perhaps money to get more information in your cert to
identify you personally. Freemail certs are available from Thawte (who
Verisign acquired but still gives out the freemail certs through their
Thawte division). If you want more than your e-mail address in your
cert so the other person really knows who you are, you go through
Thawte's Web-o-Trust procedure to get their registrars to add more
information to your cert. Some of Thawte's WOT registrars are free,
some charge a fee. If you buy a cert, all your personal info is already
in the cert. You then digitally sign an e-mail that you send to someone
so they can save your public key. Later they can send you encrypted
e-mails. For you to send encrypted e-mails to them, they have to go
through the process mentioned above and send you a digitally signed
e-mail.
Encryption is by invite from the recipient that will get your encrypted
e-mail.
