Unfortunately, this is not an option. In order to digitally sign or decrypt your messages, the private key (which is part of your digital ID) has to be installed on the PC you are using to access your webmail. Theoretically, this would be fine if you only accessed your webmail from your own PC. However, one of the main advantages of webmail is that you can access it from any Internet-connected PC. If you installed your digital ID on...
every public computer you used, you would soon find others using it to impersonate you. This would destroy the whole concept of a digital ID, as it is supposed to be "tied" to its owner. This is why current webmail programs, like Hotmail and Yahoo, are unable to handle digital certificates or encryption. So, for now you will have to use an e-mail program such as Outlook Express if you want to sign, encrypt and decrypt your e-mail. If you read your e-mail using a Web browser, it is likely to simply ignore the certificate and just show an smime.p7s attachment. The e-mail displays like any other e-mail but you won't know that it has been digitally signed.
You don't have to store your digital certificate and keys on your PC's hard drive. You can use a floppy disk or other removable media, such as a USB key or smart card. In the future, popular webmail services may be able to detect if your digital ID is stored on removable media and therefore allow it to be used. However, unless there is huge demand from the public for such a service, I doubt it will appear any time soon even though it already exists for enterprise Intra and Extranets. The latest version of Outlook Web Access supports S/MIME e-mail, for example. The user must either be using the PC that stores their digital certificate or activate the removable device on which it is stored to make the certificate available to the browser. For example, if you were using a smart card you would need to insert it into a reader and enter the Personal Identification Number (PIN) before the certificate could be used.
There are also mail applications for organizations that wish to exchange secure e-mail with external customers and partners who do not have certificates or S/MIME capabilities within their own e-mail applications, such as Entrust's Entelligence WebMail Center.
Dig deeper on PKI and Digital Certificates
Related Q&A from Michael Cobb
While the fundamentals of securing an e-commerce website haven't changed in a few years, there are new threat vectors and security risks to be aware ...continue reading
Unauthorized certificates from trusted vendors have become a big Internet security concern. Expert Michael Cobb discusses how to stay protected ...continue reading
Expert Michael Cobb explains how password change frequency and reuse for third-party apps should be addressed in enterprise password policies.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.