Email settings for electronic signatures

Source: Internet
Author: User
Email Security Technology
The electronic signature technology uses a variety of encryption methods, but its principles can be briefly described through an easy-to-understand RSA (Rivest Shamir Adleman) public key system. RSA encryption is based on a mathematical assumption that a large number cannot be decomposed by a quality factor. It uses two functions with a large prime number, one as the public key and the other as the private key, since these two keys are complementary, the ciphertext encrypted by the public key can be decrypted using the private key, and vice versa. Therefore, the sender only needs to use the public key of the recipient to encrypt the email. Only the recipient with the private key in the encrypted email can decrypt and read the email, which enables the email to be encrypted, this ensures that the email will not be read by any third party, even if it is intercepted by a third party during transmission, it will not be leaked.

when a user uses his or her own e-certificate to sign a sent email, the email will be obtained by using the digest function to verify the integrity of the email, use the private key in the e-certificate to encrypt the value and then send it together with the public key and email content. Because only the corresponding public key can be decrypted in the private key encryption content, and the Digest function can collect a fixed-length summary in any size of data, even if one data change has different results for the data source to be collected, any changes to the email content cannot match the original verification email integrity value, when receiving the email, the recipient can know whether the email content has been tampered with and which electronic certificate the sender uses. However, when a third-party authoritative certificate issuer issues an electronic certificate, it will verify that the applicant has the right to use the requested email address, the recipient can also verify the electronic certificate used by the sender through the certificate issuer (see figure 1) and confirm that the received email is indeed from the user who owns the email address, so as to identify the authenticity of the sender and whether the mail content is complete.
the electronic signature technology is very complex, but it is very convenient to use. The specific steps, whether it is signature, encryption, or decryption, will be implemented by the e-mail client software. Currently, Foxmail, Outlook Express, outlook, and other mainstream email client software are supported. All you need to do is to apply for an e-certificate, and specify which e-certificate will be used for each email address on the E-mail client software. Click the corresponding button to sign or encrypt the sent email. When you receive an email with an email signature, the client automatically completes the verification and decryption of the email.
when using an instance
when using the mail security technology for the first time, it takes some time to apply for and install an electronic certificate and configure the client software, this process may be cumbersome, but it is worth the time compared with your email communication security. thawte is used as an example to describe the entire process.
Register thawte
after thawte (http://www.thawte.com/) registration, you can use the free electronic signature service provided by the website

first, open the thawte homepage in a browser and point the cursor to "Products" in the middle navigation bar ", click "free personal e-mail Certificates" (2) on the shortcut menu to go to the personal mail certificate page and click the red "join" at the top of the page to open the registration page. Before registering, you must note that almost all Web Programs On thawte have the extension "cmd.exe, therefore, if a tool software such as flash get is installed on your system that automatically downloads files based on the file extension, you need to temporarily set the download software to not monitor the click action on the browser.
thawte provides a wizard-type registration page, which has some special notes: step 2: The Registration Wizard will ask you to select the language in which you will enter your personal information from the "charset fortext input" drop-down menu. We recommend that you enter your personal information in English, avoid errors in future certificate processing. If you do not select the Chinese option in Step 4, click "Next" to use the default "use mybrowser Settings; in step 6 of the Registration Wizard, The Wizard will ask you to enter your phone number and set multiple questions and answers to verify your identity when you forget your password, you can choose to answer questions set on the website or set your own questions, but note that there are no less than five questions. Otherwise, you cannot proceed to the next step.
after all the registration options are set, the Registration Wizard prompts "E-mail message sent" and notifies you that you need to receive verification emails from the website and follow the prompts in the email to perform operations, this proves that you do have the right to use this email. Please check your mailbox to find the verification email from thawte, and use your browser to open the link "token" specified in the email.
apply for an electronic certificate
after registration, you need to apply for an electronic certificate. For an electronic signature, the most important thing is to have an electronic certificate, to prove the authenticity of the signature

You must click "Next" on the complete registration page, or go back to the homepage of the website to enter the personal email certificate page again and click "login". Then, in the logon window of the website (see figure 3) to apply for an e-certificate. When you log on to the website for the first time, the certificate application page is automatically displayed. Click "request" on the Certificate Application page to open the Certificate Application Wizard. There are many steps in the Certificate Application Wizard, you only need to keep clicking "Next" and use the default option. The only thing you need to note is that there will be two buttons when you reach "Configure x.509v3 certificate extensions" to configure the certificate, you can click "accept" in "Accept default extensions" to select the default configuration. When the Application Wizard is completed, a dialog box is displayed, asking you to confirm whether to apply for an electronic certificate on the current website.
During the process of applying for a certificate, the website will require us to select the email address to be included. Because this is your first application, the website generates a certificate only for the email address you entered during registration by default. However, you can include multiple email addresses in one certificate.
Install an electronic certificate
After applying for an electronic certificate, you must install a copy on your computer so that the electronic signature system can work properly.
After applying for a certificate, go back to the logon page and click "c e r t I f I c A T E S" * "viewcertificate status ", click the "pending" uninstalled certificate in the Status column of the displayed certificate. Click "f e t c h" at the bottom of the page for viewing certificate details ", the website will go to the "install your MSIE Certificate" Page and click "install your Cert" to install the certificate you just applied for on your system. During installation, the system displays a "creating RSA exchange key" dialog box, asking you to confirm the security level of private key protection. The default value of this option is "Intermediate Protection", which means that the private key of the e-certificate is called by the email client software and must be confirmed and approved by you, if needed, you can click "Set security level" in the dialog box to change the protection level to the advanced protection that requires a password for each call. In addition, during the certificate installation process, the system will pop up two times to confirm that the certificate is installed on the current system.
Set email customer software
After obtaining the e-certificate, you need to set related options in your own email client software before using the e-Certificate Signature or encrypted mail, the following describes how to set and use Foxmail, Outlook Express, and outlook.
(1) Foxmail

In Foxmail, you only need to select "Account" * "account attributes" * "security" * "select ", in the "select Certificate" dialog box that appears, select the check box before the thawte Certificate Name and click "OK ", return to the "account properties" dialog box and you will find the certificate information displayed on the right (see figure 4 ). Click "OK" to close the "account attributes" Storage settings. When you use Foxmail to edit emails, you can use the "signature" and "encryption" buttons on the toolbar of the mail editing window, use your own certificate signature or the recipient's certificate to encrypt the email.
(2) Outlook
in outlook, select "tool" * "option" * "security" and switch to the "Security" tab, in the "encrypted mail" column at the top of the "Security" tab, you can select whether to encrypt all sent emails or sign all sent emails through the check box. Click the "Settings" button next to "default settings". In the displayed "Change Security Settings" dialog box (see figure 5 ), click "select" to specify the electronic certificate used for encryption and signature, change the encryption algorithm and select whether to send the e-certificate together when a signed email is sent. After the settings are complete, you can use the "signature" and "encryption" on the toolbar of the mail editing window to edit emails using Outlook ", use your own certificate signature or use the recipient's certificate to encrypt the email
(3) outlook Express
in Outlook Express, select "Tools" * "options" * "security" and switch to the "Security" tab, in the "Secure Mail" column at the bottom of the "Security" tab, you can select whether to encrypt all sent emails or sign all sent emails through the check box. Click "Settings" next to it. You can make more detailed settings in the "Advanced Security Settings" dialog box (see figure 6, select whether to automatically verify the reliability of the certificate when you receive an email with an electronic signature, and whether to add the recipient's electronic certificate to the address book for future use to send encrypted emails to the recipient. After setting, you can use the "signature" and "encryption" buttons on the toolbar of the mail editing window to edit emails using outlookexpress, use your own certificate signature or the recipient's certificate to encrypt the email.
send and receive security emails
after completing the preceding operations, you have done this. You can use the electronic signature application. In this way, your email system is more secure.

the method for signing sent emails is very simple. When setting the mail client software, you can select to sign all sent emails, you can also set the certificate and click "sign" when editing the email to sign the certificate. When the recipient receives a signed or encrypted security email, the email and encrypted email are displayed in the inbox with different icons. When reading emails, the software will first display the Security Email help page. Any problems that may occur in the emails will be described in detail on this page (see figure 7 ), if a security email has a problem, a description such as "Security Warning" may appear in the message to inform the user that the email has been tampered with or is not from the so-called sender. Click "file" * "properties" in the mail View window. In the mail Properties window, click the "Security" tab, you can view the email address corresponding to the electronic certificate used by the sender to sign the electronic signature, as well as the certificate status, the electronic certificate used for encryption, and the encryption algorithm.
after the recipient receives an email signed with an e-Certificate, the client can automatically collect your certificate, you can also click "Install Certificate" under the electronic certificate when viewing the signed certificate to install your certificate on your system, you can use this certificate to encrypt the email and then send it to you. Similarly, you also need an email certificate from the recipient to send an encrypted email to the recipient. Therefore, when setting the email client, you should select the relevant items as much as possible, allows the software to automatically install the certificate on the system when receiving an email with an electronic certificate signature. When you receive an encrypted email, the operation is very simple. The software automatically requires you to confirm that private keys are allowed for decryption. You only need to click "OK" to read the email.
certificate management
you have installed an electronic certificate on your computer. It is part of your privacy and must be well protected and managed. Otherwise, security measures are useless.

when receiving an encrypted email, you only need one click to decrypt the certificate, provided that the electronic certificate containing the private key has been installed on the system. Therefore, if you are using multiple computers, you will need to install the electronic certificate to multiple computers as follows: During the Setting Process of Outlook Express, select "option" * "security" * "digital ID". Alternatively, When you click "select" to specify the certificate used for encryption and signature, run the Certificate Manager to open the certificate window (see figure 8 ). In the certificate window, you can view and select certificates, and manage certificates. In the certificate window, click the name of the thawte electronic certificate in the personal column, and then click Export to export the electronic certificate as a file, then, import the certificate on another computer through the Certificate Manager to use the e-Certificate on another computer. E-certificates of contacts can also be imported and exported in the same way, so that encrypted emails can still be sent to the recipient on different computers.
Alternatively, you can log on to the thawte personal email certificate page, select "Certificates" * "viewcertificate status", and click Select your own e-certificate, repeat the steps to install the certificate to a new computer. However, be sure to protect your e-certificate carefully and try to use it only on your PC. If you do need to install the e-Certificate on a computer that someone else may have access to, you should change the protection level of the private key to advanced so that each call to the private key requires a password to enhance security, after using the certificate, delete the certificate in the Certificate Manager.
if the certificate is unfortunately in the hands of others, you can also consider abolishing the certificate and applying for a new certificate.
I am in soft Sheng genuine software network (http://www.runsn.com/) IT skills book to see the answer, the content is very detailed, you can go to have a look .)

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.