 Your administrator determines the level of security that FirstClass normally uses for the exchange of email.
If you want to send a message containing particularly sensitive material at a security level that is higher than normal, you can take advantage of FirstClass' S/MIME support. This support works on a per-message basis, so that you can continue to use FirstClass' normal security level for regular messages.
S/MIME is a method for sending and receiving encrypted messages, typically involving the exchange of digital certificates that contain encryption keys.
To use an S/MIME message, both you and your intended recipient must have secure certificates. For help on obtaining certificates, contact your administrator. What follows is a general description of the procedure that both you and your intended recipient must follow.
Obtaining secure certificates
You must obtain a secure certificate from a third party, known as a certificate authority. You will receive a link from the certificate authority for downloading your certificate.
To download the certificate, you normally use the same browser and computer you used when you requested the certificate. The certificate installs on your computer after the download.
After your certificate is installed on your computer, you must generate a certificate file.
Generating certificate files
You can't use FirstClass to generate your certificate file. You must use an external application, such as Outlook Express. This procedure assumes that you are using Outlook Express version 5 or 6.
To generate your certificate file:
1 Choose Tools > Options.
2 Click Digital IDs on the Security tab.
3 Choose Secure Email at "Intended purpose".
4 Select your certificate.
5 Click Export.
6 Follow the prompts.
When asked:
• export the private key
• include all certificates in the certification path
• enable strong protection.
You will also be asked to provide a password for the private key. This is actually optional, and you must be aware of the implications if you password protect your private key.
Deciding whether to password protect your private key
A password protected private key provides an additional layer of security. With a password protected private key, only you can use this certificate to send S/MIME messages, because your password must be provided with every S/MIME message that is sent.
However, FirstClass can't decrypt S/MIME messages received by someone with a password protected private key. Message recipients will see a blank message with an encrypted attachment. They will have to download the attachment and use an external application to decrypt it.
If you choose not to supply a password, FirstClass can automatically decrypt S/MIME messages.
 NoteNormally, a certificate provided by your organization doesn't require a password protected private key.
What to do with your certificate file
After you have generated your certificate file, send it to your administrator, who will store it in a location where FirstClass can access it.
You must tell your administrator the email address you used when you ordered the certificate. If you don't remember the address, do the following (again, this assumes you are using Outlook Express version 5 or 6):
1 Choose Tools > Options.
2 Click Digital IDs on the Security tab.
3 Select your certificate.
4 Click View.
5 Select "Subject" on the Details tab.
The "E =" value is the email address.
Exchanging S/MIME messages
To send a message using S/MIME:
1 Choose S/MIME Message from the Create field.
2 Update the S/MIME Message form.
If this is the first S/MIME messages you have exchanged with this recipient, choose Signed at "S/MIME type". You can't send an encrypted message to this recipient until you have the recipient's public key, as described below.
3 Send the message.
FirstClass automatically attaches a certificate containing your public key.
The first time you exchange S/MIME messages
When you send an S/MIME message to someone for the first time, that recipient must send the attached certificate to their administrator. That administrator will store your certificate in the same place as the recipient's certificate. When the recipient replies, their certificate is attached to the reply. You must now send the recipient's certificate to your administrator for storage.
Both you and your recipient now have copies of each other's public keys. From now on, each time you send an encrypted S/MIME message to this recipient, FirstClass will use the recipient's public key to encrypt it. Therefore, you can exchange future S/MIME messages without having to involve your administrators.
|