Unfortunately, this is not an option. In order to digitally sign or decrypt your messages, the private key (which...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
is part of your digital ID) has to be installed on the PC you are using to access your webmail. Theoretically, this would be fine if you only accessed your webmail from your own PC. However, one of the main advantages of webmail is that you can access it from any Internet-connected PC. If you installed your digital ID on every public computer you used, you would soon find others using it to impersonate you. This would destroy the whole concept of a digital ID, as it is supposed to be "tied" to its owner. This is why current webmail programs, like Hotmail and Yahoo, are unable to handle digital certificates or encryption. So, for now you will have to use an e-mail program such as Outlook Express if you want to sign, encrypt and decrypt your e-mail. If you read your e-mail using a Web browser, it is likely to simply ignore the certificate and just show an smime.p7s attachment. The e-mail displays like any other e-mail but you won't know that it has been digitally signed.
You don't have to store your digital certificate and keys on your PC's hard drive. You can use a floppy disk or other removable media, such as a USB key or smart card. In the future, popular webmail services may be able to detect if your digital ID is stored on removable media and therefore allow it to be used. However, unless there is huge demand from the public for such a service, I doubt it will appear any time soon even though it already exists for enterprise Intra and Extranets. The latest version of Outlook Web Access supports S/MIME e-mail, for example. The user must either be using the PC that stores their digital certificate or activate the removable device on which it is stored to make the certificate available to the browser. For example, if you were using a smart card you would need to insert it into a reader and enter the Personal Identification Number (PIN) before the certificate could be used.
There are also mail applications for organizations that wish to exchange secure e-mail with external customers and partners who do not have certificates or S/MIME capabilities within their own e-mail applications, such as Entrust's Entelligence WebMail Center.
Dig Deeper on PKI and Digital Certificates
Related Q&A from Michael Cobb
A privacy breach at ClixSense led to user account details being put up for sale. Expert Michael Cobb explains how companies should be held ...continue reading
A password-verification flaw in iOS 10 allowed attackers to decrypt local backups. Expert Michael Cobb explains how removing certain security checks ...continue reading
HTTP public key pinning, a security mechanism to prevent fraudulent certificates, was not used by Firefox, and left it open to attack. Expert Michael...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.