Anders Johansson wrote:
On Sunday 03 July 2005 00:02, James Knott wrote:
Mozilla and many other mail programs also support S/MIME encryption and signature. You can get a free digital certificate from www.thawte.com/email.
Doesn't encrypting using a key someone else created defeat the purpose of it? The private keys should be kept private
The only one who'd have the private key is the person who generated it. It's merely certified by Thawte. However the public key can be distributed far and wide. So if I want to send you an encrypted e-mail, I'd encrypt with your public key. The encrypted message can only be read by someone possessing the private key. The signing works in reverse. A message signed with a private key, can only be verified by the public key. Any e-mail program capable of using S/MIME keys can have them verified by the key authority. The S/MIME keys are functionally equivalent to the GPG keys, for encrypting and signing. While GPG is great for personal use, many businesses will accept only S/MIME.