Friday, November 20, 2009

Comodo Personal Email Security

Until this month, I have used Thawte freemail certificates for years to secure my personal email.  This month, Thawte stopped providing certificates for personal email and have basically handed over their subscribers to Verisign as consolation.  I think they offered me a free year, but then it would be $20 or so beyond that.

I started to look around for a replacement and decided to check out Comodo since I recently switched from Verisign to Comodo for one of my application servers and I’m reasonably happy with them for service.

I was pleased to find out that Comodo ( offers a free certificate signed by their CA.  This last part is the important part because certificates form the basis of something called ‘trust’ on the internet.

A certificate in itself is basically just the result of a calculation performed on a big random number that is then used to encode information that cannot be modified without someone knowing about it.  The calculation is performed in such a way that only the owner of the certificate can possibly come up with the result because the owner holds on to a separate ‘secret’ that allows this to happen.  This secret is really big, very random and not likely to be guessed.  So if someone signs an email, a text message, a file or even another certificate, you can be reasonably sure that it is legitimate.

All that has to happen is that people you send stuff to have to establish some kind of comfort with what your signature looks like.  Think of it like an endorsement; you get a letter from your mom that says “I got bob to sign this” and you see your mom’s signature right underneath Bob’s signature.  Since you know what your mom’s signature looks like, you now have a good reason to believe you know what Bob’s signature looks like.  Now when Bob sends you a message and signs it, you know it is from Bob, because your mom endorsed Bob through a separate channel and you know Bob’s signature.

The Comodo certificate is trusted by everyone by virtue of the fact that the people that provide your web browser already trust them; so when they sign a certificate for you, you can then sign stuff and people can trust that it was signed by you, (or at least someone who has access to your email account).

If you want your own secure email certificate, check out:

Once you have your certificate, you should be good to go, but in Outlook, you can check it out by clicking on your email options.



If your Certificate is selected in outlook you can then just choose to sign email by clicking the signature button on the toolbar. (it is likely hidden at first, you will probably have to click the little arrow button for ‘add/remove buttons’ on the toolbar).


If you want to encrypt email (make it hard for other people to read), you first have to get a copy of the persons certificate that you want to send encrypted email to.  I usually just get them to send me an email that they’ve signed (yes, they have to set up their own certificate first) and then I just reply to them and click the ‘encrypt’ button on my reply.