faq for s/mime table of contents - mail.gov.in · faq for s/mime messaging services, nic 21...
TRANSCRIPT
FAQ for S/MIME
Messaging Services, NIC 1
FA Q FOR S / MI ME
Table of Contents 1. What is S/MIME? ....................................................................................................................................... 2
2. What is digital certificate? .......................................................................................................................... 2
3. What is an encrypted email? ....................................................................................................................... 2
4. Is it mandatory to use this service? ............................................................................................................. 2
5. What I need to do to start using S/MIME service? ..................................................................................... 2
6. Is it mandatory for the sender and receiver to have a NIC email id? ......................................................... 2
7. Required Hardware and Software to support S/MIME on client Machine. ............................................... 3
8. How to send digitally signed and encrypted mail using Mozilla Thunderbird? ......................................... 3
9. How to send a digitally signed email? ....................................................................................................... 10
10. How to send a digitally signed and encrypted email? ............................................................................. 16
11. How to decrypt the message? .................................................................................................................. 23
12. How to export a public certificate from your DSC? ................................................................................ 25
13. How to Install Java? ................................................................................................................................ 31
14. Why I am Getting Popup, while saving draft? ........................................................................................ 34
15. Why I am getting a Pop up, while doing spell check? ............................................................................ 35
16. I can digitally sign the mail but cannot encrypt it? .................................................................................. 36
17. I can encrypt the mail but cannot digitally sign it? .................................................................................. 36
18. Which Class of certificate to apply for? (Refer Point No. 2 of NIC CA Form) ...................................... 36
FAQ for S/MIME
Messaging Services, NIC 2
1. What is S/MIME?
1.
Secure/Multipurpose Internet Mail Extensions (S/MIME) provides a consistent way for email users to send and receive secure MIME data, using digital signatures for authentication, message integrity and non-repudiation and encryption for privacy and data security.
2. What is digital certificate?
Digital Certificates are the electronic counterparts to driver licenses, passports and membership cards. You can present a Digital Certificate electronically to prove your identity or your right to access information or services online.
Digital Certificates, bind an identity to a pair of electronic keys that can be used to encrypt and sign digital information. A Digital Certificate makes it possible to verify someone's claim that they have the right to use a given key, helping to prevent people from using phony keys to impersonate other users. Used in conjunction with encryption, Digital Certificates provide a more complete security solution, assuring the identity of all parties involved in a transaction.
A Digital Certificate is issued by a Certification Authority (CA) and signed with the CA's private key.
3. What is an encrypted email?
Ans: - Encrypted mail protects the privacy of the message by converting it from plain, readable text into cipher (scrambled) text. Only the recipient who has the private key that matches the public key you have used to encrypt the message can decipher the message. Encrypting a mail is a separate process from digitally signing a message.
4. Is it mandatory to use this service?
No, it is not mandatory to use this service. This service is issued by NIC for users who want to digitally encrypt and sign their message for security. Digitally encrypted mails can only be decrypted by sender or receiver using their digital certificate.
5. What I need to do to start using S/MIME service?
You need to have a digital certificate, which can be stored in a USB token or directly in your browser. Also ensure that you request for a DSC that contains both the Digital certificate and the encryption certificate (refer point no 3 in the form, select (tick mark) both the options i.e. individual (signing) and Encryption.
6. Is it mandatory for the sender and receiver to have a NIC email id?
Yes, the sender and receiver both need to have a NIC email id if you wish to use this service over the web interface.
FAQ for S/MIME
Messaging Services, NIC 3
7. Required Hardware and Software to support S/MIME on client Machine.
Operating system
Microsoft Windows XP or Vista or later
Browser
Microsoft Internet Explorer, Version 7 or later
Software
Java Runtime Environment (JRE) 6 Update 7 or later
Private-public keys with certificates
One or more private-public key pair with certificates. Certificates are required and they must be in standard X.509 v3 format. Obtain keys and certificates from a CA for each Convergence user who will use the S/MIME features. The keys and their certificates are stored on the client machine or on a smart card. The public keys and certificates are also stored in NIC repository.
Smart card software (only required when keys and certificates are stored on smart cards)
ActivIdentity ActiveClient, Version 6.2, or Litronic NetSign 215 Reader CAC Compliant
Smart card reader
Any model of smart card reading device complying with ISO 7816 supported by the client machine and smart card software.
Type of Certificate
Class II
8. How to send digitally signed and encrypted mail using Mozilla Thunderbird?
a) In Thunderbird, select from menu "Tools" > "Options" > "Advance
b) Click the "Certificates" tab > "Security Devices". A new window will open which displays the Security devices.
c) Click the "Load" button to load a new PCKS#11 Module. Type a name for the PKCS#11 Module or keep it default (New PKCS#11 Module) and click "Browse".
d) Select the file "aetpkss1.dll" in c:\Windows\System32 folder and click "Open", then "OK".
e) Confirm the question if you want to install this security module with "OK".
f) You will receive a message that the security module was installed.
g) The security module now will be displayed in the list.
FAQ for S/MIME
Messaging Services, NIC 4
h) Click "OK" to leave the Security Device Manager.
i) Once the email account is configured. Go to Tools----Account---- Settings----security Refer figure 8.1
Figure 8.1
FAQ for S/MIME
Messaging Services, NIC 5
Click on select under “Digital Signing”. Refer Figure 8.1
Figure 8.2
After clicking on select it will ask for your Digital Token Password. Enter Password and click on ok. Refer figure 8.2
Figure 8.3
FAQ for S/MIME
Messaging Services, NIC 6
Click on “ok” Button to select your signing certificate. Refer figure 8.3.
Figure 8.4
An alert message will prompt, as shown in figure 8.4. Click on “No”
Figure 8.5
Click on “select” button under Encryption. Refer figure 8.5.
FAQ for S/MIME
Messaging Services, NIC 7
Figure 8.6
Click on “ok” Button to select your signing certificate. Refer figure 8.6
Figure 8.7
FAQ for S/MIME
Messaging Services, NIC 8
Click on “Digital sign message”, If you want to sign every message and click on “Required” button, if you want to encrypt every message. Finally click on ok to accept those settings.
Figure 8.8
Click on Security Encrypt This Message (If you wish to send encrypted message). Refer figure 8.8
Digital signature will be automatically highlighted. Now click on “send” to send your message.
FAQ for S/MIME
Messaging Services, NIC 9
Figure 8.9
If you have your token inserted in your computer, you will be able to open the encrypted email by clicking on it as shown in the figure 8.9. The very first time you are accessing it, it will ask for token password.
FAQ for S/MIME
Messaging Services, NIC 10
9. How to send a digitally signed email?
Go to https://mail.gov.in (advanced view)
Figure: 9.1
Enter your credentials i.e. Username and Password. Refer Fig. 9.1
FAQ for S/MIME
Messaging Services, NIC 11
After logging in you will receive a popup window as below. (This window will appear very first
time you access this site.)
Figure: 9.2
Select the check box and click on “Run”. Refer Fig. 9.2.
Figure: 9.3
FAQ for S/MIME
Messaging Services, NIC 12
At this point you are logged in to mail.gov.in interface. This will be your secure webmail
interface. Refer Fig. 9.3.
Figure: 9.4 Click on “write” Refer Fig. 9.4.
FAQ for S/MIME
Messaging Services, NIC 13
Figure: 9.5
Fill the “To: address, Subject and from. Click “Security tab” check “Digitally Sign”. Then Click on
“Send”. Refer Fig. 10.5
FAQ for S/MIME
Messaging Services, NIC 14
Figure: 9.6
After Clicking on “Send” it will ask for the token password. Fill token password in the POPUP
Window and click on “Accept” Refer Fig. 9.6.
FAQ for S/MIME
Messaging Services, NIC 15
Figure: 9.7
Verifying digital signed email. Below figure illustrates the procedure to verify digitally signed
email.
Double click on the email which is signed and click on “Sign logo” Refer Fig. 9.7
Note:
DIGITALLY SIGNED MAIL
1) You can send a signed message to anyone in the internet.
2) If you want to verify the digital signature sent by you or any user, you need to have your
digital signature (Smart Token) with you.
FAQ for S/MIME
Messaging Services, NIC 16
10. How to send a digitally signed and encrypted email?
Go to https://mail.gov.in
Figure: 10.1
Enter your credentials i.e. Username and Password. Refer Fig. 10.1
After logging in you will receive a popup window as below. (This window will appear very first
time you access this mail.gov.in site.)
FAQ for S/MIME
Messaging Services, NIC 17
Figure: 10.2
Select the check box and click on “Run”. Refer Fig. 10.2.
The “Always trust content from the publisher needs to be selected” only once. You will not be
prompted for this screen again.
FAQ for S/MIME
Messaging Services, NIC 18
Figure: 10.3
At this point you are logged in to mail.gov.in interface. This will be your secure webmail
interface. Refer Fig. 10.3.
FAQ for S/MIME
Messaging Services, NIC 19
Figure: 10.4
Go to “Options” tab. Refer Fig. 10.4.
FAQ for S/MIME
Messaging Services, NIC 20
Figure: 10.5
Click on Mail----Local Account----Security Select your certificate from the drop down box and
check on “Encrypt All mails During Send”(If you want to encrypt all message you send) click on
save. Refer Fig. 10.5.
FAQ for S/MIME
Messaging Services, NIC 21
Composing an encrypted message
Figure: 10.6
Click on write to compose new message. Refer Fig. 10.6
Check if you want to encrypt and sign or only sign the message.
Write down the email address in “To” field. Write subject and type message in compose window.
And click on “send”. It will ask you the token password in a POPUP window.
FAQ for S/MIME
Messaging Services, NIC 22
Figure: 10.7
At this point you have sent signed and encrypted message.
Write down token password in the POPUP window and click on “Accept” Refer Fig. 10.7.
FAQ for S/MIME
Messaging Services, NIC 23
11. How to decrypt the message?
Click on the Encrypted message to open it. It will ask you for the “Token Password” in the
POPUP window, if. Refer Fig. 2.8.
If you have already verified your token password in current login session, it will not ask for token
password.
Figure: 11.1
FAQ for S/MIME
Messaging Services, NIC 24
Figure: 11.2
Below screen shot is after verification of token password. Now you can see the encrypted
message. Refer Fig. 11.2.
FAQ for S/MIME
Messaging Services, NIC 25
12. How to export a public certificate from your DSC?
Insert your USB token/smart card in your computer.
Figure 12.1
Go to Start---- Programs Safe Sign Standard----Token Administration utility. Refer Figure 12.1
FAQ for S/MIME
Messaging Services, NIC 26
Figure 12.2
Double click on above highlighted token. (Ensure Token status as “operational” before double Clicking)
Figure 12.3
FAQ for S/MIME
Messaging Services, NIC 27
There will be 2 certificates (private and public) as shown in Figure 12.3
Double click on certificates one by one. Refer figure 12.3
Figure 12.4
Your encryption certificate will have “Encipher secret keys”. Refer Figure 12.4.
Now click on “Save to file”. Refer figure 12.4
FAQ for S/MIME
Messaging Services, NIC 28
Figure 12.5
Write filename and click on “save”. Refer figure 12.5.
FAQ for S/MIME
Messaging Services, NIC 29
Figure 12.6
Right click on the file---- Open with----- WordPad. Refer figure 12.6 Please mail exported public certificate to NIC e-mail support at support[at]gov[dot]in for uploading public certificate to NIC repository.
FAQ for S/MIME
Messaging Services, NIC 30
Figure 12.6
FAQ for S/MIME
Messaging Services, NIC 31
13. How to Install Java?
If you are trying to access https://mail.gov.in from browsers other than IE (i.e. Firefox, Chrome, Safari, etc)), you will receive following message in popup.
“The server supports encryption and signing of messages, but these features are currently only available with Internet Explorer 7 and above”
The above message appears as this service is currently supported on IE only.
After clicking ok you will be forwarded to your mailbox.
Internet Explorer Users (IE 7 and above)
The very first time you access https://mail.gov.in, it will ask for java installation, if you are connected to internet. If you don’t have internet access in your PC, you have to download java version 6 from http://java.com .
Click “yes” to proceed.
Figure 13.1
FAQ for S/MIME
Messaging Services, NIC 32
Click on “Install” to proceed with java installation. Refer Figure 13.1. Java installation will proceed with following screen. Refer Figure 13.2
Figure 13.2
Figure 13.3
FAQ for S/MIME
Messaging Services, NIC 33
Click close to finish java installation. Refer Fig. 13.3
Figure 13.4
Check “Always trust content from this publisher” radio button and click on “Run”. Refer Figure 13.4.
FAQ for S/MIME
Messaging Services, NIC 34
Figure 13.5
You will be forwarded to you INBOX now. Refer figure 13.5
14. Why I am Getting Popup, while saving draft?
Ans.: This warning message will pop up, if you have not inserted your token in PC while saving a draft. If you don’t want to encrypt your draft click on “save anyway” button. Your draft will be saved as unencrypted
FAQ for S/MIME
Messaging Services, NIC 35
.
Figure 14.1
15. Why I am getting a Pop up, while doing spell check?
Ans.: To be spell-checked, the message must be sent without encryption to the mail server. The spell checker can only work on plain text. As our servers use Secure Socket Layer (SSL) transmission, the message is protected as it is sent. However, during spell-checking, it is still exposed in plain text inside the mail server.
FAQ for S/MIME
Messaging Services, NIC 36
Figure 15.1
16. I can digitally sign the mail but cannot encrypt it? Ans.: Ensure that you have encryption certificate along with signing certificate in your DSC.
How to ensure <insert>
17. I can encrypt the mail but cannot digitally sign it? Ans.: Ensure that you have signing certificate along with encryption certificate in your DSC.
How to ensure (refer point no 17 above)
18. Which Class of certificate to apply for? (Refer Point No. 2 of NIC CA Form)
Ans.: Class II