FAQ for S/MIME
FAQ FOR S/MIME
Table of Contents
1. What is S/MIME? ....................................................................................................................................... 2
2. What is digital certificate? .......................................................................................................................... 2
3. What is an encrypted email? ....................................................................................................................... 2
4. Is it mandatory to use this service? ............................................................................................................. 2
5. What I need to do to start using S/MIME service?..................................................................................... 2
6. Is it mandatory for the sender and receiver to have a NIC email id? ......................................................... 2
7. Required Hardware and Software to support S/MIME on client Machine. ............................................... 3
8. How to send digitally signed and encrypted mail using Mozilla Thunderbird? ......................................... 3
9. How to send a digitally signed email? ....................................................................................................... 10
10. How to send a digitally signed and encrypted email? ............................................................................. 16
11. How to decrypt the message? .................................................................................................................. 23
12. How to export a public certificate from your DSC? ................................................................................ 25
13. How to Install Java? ................................................................................................................................ 31
14. Why I am Getting Popup, while saving draft? ........................................................................................ 34
15. Why I am getting a Pop up, while doing spell check? ............................................................................ 35
16. I can digitally sign the mail but cannot encrypt it? .................................................................................. 36
17. I can encrypt the mail but cannot digitally sign it? .................................................................................. 36
18. Which Class of certificate to apply for? (Refer Point No. 2 of NIC CA Form) ...................................... 36
Messaging Services, NIC
1
FAQ for S/MIME
1. What is S/MIME?
1.
Secure/Multipurpose Internet Mail Extensions (S/MIME) provides a consistent way for email users
to send and receive secure MIME data, using digital signatures for authentication, message integrity
and non-repudiation and encryption for privacy and data security.
2. What is digital certificate?
Digital Certificates are the electronic counterparts to driver licenses, passports and membership
cards. You can present a Digital Certificate electronically to prove your identity or your right to
access information or services online.
Digital Certificates, bind an identity to a pair of electronic keys that can be used to encrypt and sign
digital information. A Digital Certificate makes it possible to verify someone's claim that they have
the right to use a given key, helping to prevent people from using phony keys to impersonate other
users. Used in conjunction with encryption, Digital Certificates provide a more complete
security solution, assuring the identity of all parties involved in a transaction.
A Digital Certificate is issued by a Certification Authority (CA) and signed with the CA's private key.
3. What is an encrypted email?
Ans: - Encrypted mail protects the privacy of the message by converting it from plain, readable text
into cipher (scrambled) text. Only the recipient who has the private key that matches the public key
you have used to encrypt the message can decipher the message. Encrypting a mail is a separate
process from digitally signing a message.
4. Is it mandatory to use this service?
No, it is not mandatory to use this service. This service is issued by NIC for users who want to
digitally encrypt and sign their message for security. Digitally encrypted mails can only be
decrypted by sender or receiver using their digital certificate.
5. What I need to do to start using S/MIME service?
You need to have a digital certificate, which can be stored in a USB token or directly in your
browser.
Also ensure that you request for a DSC that contains both the Digital certificate and the encryption
certificate (refer point no 3 in the form, select (tick mark) both the options i.e. individual (signing)
and Encryption.
6. Is it mandatory for the sender and receiver to have a NIC email id?
Yes, the sender and receiver both need to have a NIC email id if you wish to use this service over
the web interface.
Messaging Services, NIC
2
FAQ for S/MIME
7. Required Hardware and Software to support S/MIME on client
Machine.
Operating system
Microsoft Windows XP or Vista or later
Browser
Microsoft Internet Explorer, Version 7 or later
Software
Java Runtime Environment (JRE) 6 Update 7 or later
Private-public keys with
certificates
One or more private-public key pair with certificates.
Certificates are required and they must be in standard X.509 v3
format. Obtain keys and certificates from a CA for each
Convergence user who will use the S/MIME features. The keys
and their certificates are stored on the client machine or on a
smart card. The public keys and certificates are
also
stored in NIC repository.
Smart card software
(only required when
keys and certificates are
stored on smart cards)
ActivIdentity ActiveClient, Version 6.2, or
Litronic NetSign 215 Reader CAC Compliant
Smart card reader
Any model of smart card reading device complying with ISO
7816 supported by the client machine and smart card
software.
Type of Certificate
Class II
8. How to send digitally signed and encrypted mail using Mozilla
Thunderbird?
a) In Thunderbird, select from menu "Tools" > "Options" > "Advance
b) Click the "Certificates" tab > "Security Devices". A new window will open which displays the
Security devices.
c) Click the "Load" button to load a new PCKS#11 Module. Type a name for the PKCS#11
Module or keep it default (New PKCS#11 Module) and click "Browse".
d) Select the file "aetpkss1.dll" in c:\Windows\System32 folder and click "Open", then "OK".
e) Confirm the question if you want to install this security module with "OK".
f) You will receive a message that the security module was installed.
g) The security module now will be displayed in the list.
Messaging Services, NIC
3
FAQ for S/MIME
h) Click "OK" to leave the Security Device Manager.
i) Once the email account is configured. Go to Tools----Account---- Settings----security
Refer figure 8.1
Figure 8.1
Messaging Services, NIC
4
FAQ for S/MIME
Click on select under “Digital Signing”. Refer Figure 8.1
Figure 8.2
After clicking on select it will ask for your Digital Token Password. Enter Password and click on ok.
Refer figure 8.2
Figure 8.3
Messaging Services, NIC
5
FAQ for S/MIME
Click on “ok” Button to select your signing certificate. Refer figure 8.3.
Figure 8.4
An alert message will prompt, as shown in figure 8.4. Click on “No”
Figure 8.5
Click on “select” button under Encryption. Refer figure 8.5.
Messaging Services, NIC
6
FAQ for S/MIME
Figure 8.6
Click on “ok” Button to select your signing certificate. Refer figure 8.6
Figure 8.7
Messaging Services, NIC
7
FAQ for S/MIME
Click on “Digital sign message”, If you want to sign every message and click on “Required”
button, if you want to encrypt every message. Finally click on ok to accept those settings.
Figure 8.8
Click on Security Encrypt This Message (If you wish to send encrypted message). Refer figure
8.8
Digital signature will be automatically highlighted. Now click on “send” to send your message.
Messaging Services, NIC
8
FAQ for S/MIME
Figure 8.9
If you have your token inserted in your computer, you will be able to open the encrypted email by
clicking on it as shown in the figure 8.9. The very first time you are accessing it, it will ask for token
password.
Messaging Services, NIC
9
FAQ for S/MIME
9. How to send a digitally signed email?
Go to https://mail.gov.in (advanced view)
Figure: 9.1
Enter your credentials i.e. Username and Password. Refer Fig. 9.1
Messaging Services, NIC
10
FAQ for S/MIME
After logging in you will receive a popup window as below. (This window will appear very first
time you access this site.)
Figure: 9.2
Select the check box and click on “Run”. Refer Fig. 9.2.
Figure: 9.3
Messaging Services, NIC
11
FAQ for S/MIME
At this point you are logged in to mail.gov.in interface. This will be your secure webmail
interface. Refer Fig. 9.3.
Figure: 9.4 Click on “write” Refer Fig. 9.4.
Messaging Services, NIC
12
FAQ for S/MIME
Figure: 9.5
Fill the “To: address, Subject and from. Click “Security tab” check “Digitally Sign”. Then Click on
“Send”. Refer Fig. 10.5
Messaging Services, NIC
13
FAQ for S/MIME
Figure: 9.6
After Clicking on “Send” it will ask for the token password. Fill token password in the POPUP
Window and click on “Accept” Refer Fig. 9.6.
Messaging Services, NIC
14
FAQ for S/MIME
Figure: 9.7
Verifying digital signed email. Below figure illustrates the procedure to verify digitally signed
email.
Double click on the email which is signed and click on “Sign logo” Refer Fig. 9.7
Note:
DIGITALLY SIGNED MAIL
1) You can send a signed message to anyone in the internet.
2) If you want to verify the digital signature sent by you or any user, you need to have your
digital signature (Smart Token) with you.
Messaging Services, NIC
15
FAQ for S/MIME
10. How to send a digitally signed and encrypted email?
Go to https://mail.gov.in
Figure: 10.1
Enter your credentials i.e. Username and Password. Refer Fig. 10.1
After logging in you will receive a popup window as below. (This window will appear very first
time you access this mail.gov.in site.)
Messaging Services, NIC
16
FAQ for S/MIME
Figure: 10.2
Select the check box and click on “Run”. Refer Fig. 10.2.
The “Always trust content from the publisher needs to be selected” only once. You will not be
prompted for this screen again.
Messaging Services, NIC
17
FAQ for S/MIME
Figure: 10.3
At this point you are logged in to mail.gov.in interface. This will be your secure webmail
interface. Refer Fig. 10.3.
Messaging Services, NIC
18
FAQ for S/MIME
Figure: 10.4
Go to “Options” tab. Refer Fig. 10.4.
Messaging Services, NIC
19
FAQ for S/MIME
Figure: 10.5
Click on Mail----Local Account----Security Select your certificate from the drop down box and
check on “Encrypt All mails During Send”(If you want to encrypt all message you send) click on
save. Refer Fig. 10.5.
Messaging Services, NIC
20
FAQ for S/MIME
Composing an encrypted message
Figure: 10.6
Click on write to compose new message. Refer Fig. 10.6
Check if you want to encrypt and sign or only sign the message.
Write down the email address in “To” field. Write subject and type message in compose window.
And click on “send”. It will ask you the token password in a POPUP window.
Messaging Services, NIC
21
FAQ for S/MIME
Figure: 10.7
At this point you have sent signed and encrypted message.
Write down token password in the POPUP window and click on “Accept” Refer Fig. 10.7.
Messaging Services, NIC
22
FAQ for S/MIME
11. How to decrypt the message?
Click on the Encrypted message to open it. It will ask you for the “Token Password” in the
POPUP window, if. Refer Fig. 2.8.
If you have already verified your token password in current login session, it will not ask for token
password.
Figure: 11.1
Messaging Services, NIC
23
FAQ for S/MIME
Figure: 11.2
Below screen shot is after verification of token password. Now you can see the encrypted
message. Refer Fig. 11.2.
Messaging Services, NIC
24
FAQ for S/MIME
12. How to export a public certificate from your DSC?
Insert your USB token/smart card in your computer.
Figure 12.1
Go to Start---- Programs Safe Sign Standard----Token Administration utility. Refer Figure 12.1
Messaging Services, NIC
25
FAQ for S/MIME
Figure 12.2
Double click on above highlighted token. (Ensure Token status as “operational” before double
Clicking)
Figure 12.3
Messaging Services, NIC
26
FAQ for S/MIME
There will be 2 certificates (private and public) as shown in Figure 12.3
Double click on certificates one by one. Refer figure 12.3
Figure 12.4
Your encryption certificate will have “Encipher secret keys”. Refer Figure 12.4.
Now click on “Save to file”. Refer figure 12.4
Messaging Services, NIC
27
FAQ for S/MIME
Figure 12.5
Write filename and click on “save”. Refer figure 12.5.
Messaging Services, NIC
28
FAQ for S/MIME
Figure 12.6
Right click on the file---- Open with----- WordPad. Refer figure 12.6
Please mail exported public certificate to NIC e-mail support at support[at]gov[dot]in for uploading
public certificate to NIC repository.
Messaging Services, NIC
29
FAQ for S/MIME
Figure 12.6
Messaging Services, NIC
30
FAQ for S/MIME
13. How to Install Java?
If you are trying to access https://mail.gov.in from browsers other than IE (i.e. Firefox, Chrome,
Safari, etc)), you will receive following message in popup.
“The server supports encryption and signing of messages, but these features are currently only
available with Internet Explorer 7 and above”
The above message appears as this service is currently supported on IE only.
After clicking ok you will be forwarded to your mailbox.
Internet Explorer Users (IE 7 and above)
The very first time you access https://mail.gov.in, it will ask for java installation, if you are
connected to internet. If you don’t have internet access in your PC, you have to download java
version 6 from http://java.com .
Click “yes” to proceed.
Figure 13.1
Messaging Services, NIC
31
FAQ for S/MIME
Click on “Install” to proceed with java installation. Refer Figure 13.1. Java installation will proceed with
following screen. Refer Figure 13.2
Figure 13.2
Figure 13.3
Messaging Services, NIC
32
FAQ for S/MIME
Click close to finish java installation. Refer Fig. 13.3
Figure 13.4
Check “Always trust content from this publisher” radio button and click on “Run”. Refer Figure
13.4.
Messaging Services, NIC
33
FAQ for S/MIME
Figure 13.5
You will be forwarded to you INBOX now. Refer figure 13.5
14. Why I am Getting Popup, while saving draft?
Ans.: This warning message will pop up, if you have not inserted your token in PC while saving a draft. If
you don’t want to encrypt your draft click on “save anyway” button. Your draft will be saved as
unencrypted
Messaging Services, NIC
34
FAQ for S/MIME
.
Figure 14.1
15. Why I am getting a Pop up, while doing spell check?
Ans.: To be spell-checked, the message must be sent without encryption to the mail server. The
spell checker can only work on plain text. As our servers use Secure Socket Layer (SSL)
transmission, the message is protected as it is sent. However, during spell-checking, it is still
exposed in plain text inside the mail server.
Messaging Services, NIC
35
FAQ for S/MIME
Figure 15.1
16. I can digitally sign the mail but cannot encrypt it?
Ans.: Ensure that you have encryption certificate along with signing certificate in your DSC.
How to ensure <insert>
17. I can encrypt the mail but cannot digitally sign it?
Ans.: Ensure that you have signing certificate along with encryption certificate in your DSC.
How to ensure (refer point no 17 above)
18. Which Class of certificate to apply for? (Refer Point No. 2 of NIC CA
Form)
Ans.: Class II
Messaging Services, NIC
36