In today’s blog post you’ll find how to generate your own set of cryptographic keys and revocation certificate on macOS with Thunderbird email client. If you’re still not sure why would you need cryptographic keys and what is revocation certificate for, we covered those topics here too. And, as always, we made another instructional video that will guide you through the process.
To be able to sign, encrypt or decrypt e-mails, you have to generate your keys[1] first. You’re going to get three types of keys: signature key, authentication key and decryption key. All of them are pairs of private and public keys. Public key, as you can guess by its name, is for others to use to send you encrypted e-mails and to verify your signature. Private key is known only to you and you’ll be using it to sign your e-mails and to decrypt messages sent to you.
Keep reading to find out how to generate your keys or watch the instructional video here.
To get to the key generation window, follow these steps in Thunderbird email client:
Now we got to the key generation dialog window!
Picture 1: Key generation window
You just have to set few things now:
During the process, you’ll be asked to enter your PIN codes (both user PIN 1 and administrative PIN 3) several times. Enter them using Cryptoucan’s keypad, don’t forget to confirm them by pressing the hexagon symbol in the bottom right corner of the keypad.
Picture 2: entering PIN
If you’re not going to get the certificate in the next step (Which would be a mistake, as you may find out in the following paragraph.), disconnect Cryptoucan™ and connect it again to ensure that your private material inside the device is safe.
You’ll be asked whether you want to get the certificate right after you generate your keys. Well, what is it for, why should you get it and how can you get it?
Revocation certificate is a special type of a public key signature[2]. There are three common situations which will make you appreciate having revocation certificate:
Once one of those situations happens, you can upload this certificate to key servers[3], basically saying: „I’m the owner of this key and I’m saying that the key is no longer to be valid“ this way.
We strongly recommend you getting the certificate as it only takes a minute to get and it can save you a lot of trouble.
Picture 3: Revocation certificate generating window
After the key generation process is done, you’ll be asked whether you want to get the revocation certificate or not:
At the end of this process, reconnect the USB cable to make sure your information is safely locked inside the device.
You can watch the step by step guide in this video!
Video 1: Cryptoucan™ usage: Generating keys
And that’s all for today’s blog post! Next week we will discover how to personalize Cryptoucan™ on macOS. Thank you very much for reading!
1. More info: Key management – introduction
2. More info: RFC 4880, Section 5.2.1
3. More info: Key server