Normally I stay away from things that have “Volks-” in the name, but the Volksverschlüsselung of the Fraunhofer SIT sounds simply too tempting.
TL:DR; In the case of Volksverschlüsselung, an S/MIME certificate valid for 2 years is obtained after authentication. Unfortunately, the certificate is signed by itself, but the Fraunhofer Institute is already working on an admission to the trusted stores.
What is S/MIME?
Secure / Multipurpose Internet Mail Extensions (S/MIME) is a great way to sign and encrypt your emails. It is comparable to GnuPG but is much better integrated in all email clients and you don’t need any plugins or extensions. More information here: http://t3n.de/news/mails-verschlusseln-eigentlich-482381/
How do I get the certificate?
Since the complete own name has to be verified for the certificate, only the following verification methods are currently working:
- Personal identity card: You use the great functions of your “Personalausweis” and have a reader for it.
- Telekom: You are a Telekom landline customer and you can verify your name with the invoice
- Registration code: You can find someone from Fraunhofer at an event and have them you verified by the employee.
I have chosen the last Methdoe and describe in the following how to get the certificate.
Unfortunately, the application software is currently only available for Windows. Therefore I recommend to create a Windows VM and apply for a certificate with the software. Just download and install the tool and choose the following credentials:
Then enter your email address and application code on the card. After the verification, a confirmation code will be sent to the given email address and the application is ready.
Don’t forget to keep your locking code safe. This is required if the certificate must be revoked before the expiration date.
Export the Certificate
To export the certificate, select the gear wheel in the menu on the left and then “Export certificate”. Make sure you export a. p12 certificate. This can usually be used for all systems.
Import Certificate to Thunderbird
The integration in Thunderbird is then actually a simple matter. You go to your email accounts (using Linux: Edit – >Accounts settings -> S/MIME Security)
Then you select the correct .p12 certificate for the digital signature and encryption (enter a possible password you’ve assigned before) and that’s it.
You must then also search for the certificate from “Fraunhofer SIT” under Edit -> Settings -> Advanced -> Manage Certificates and set the “Edit Trust” and check all three boxes for all certificates.
In order to test whether everything worked, the system automatically sends an encrypted email. If everything is set up correctly, you should be able to decrypt the message without any problems.