Digital Signatures & Encryption

How to configure an email client to add a digital signature to outgoing messages via grid certificates, or to encrypt and decrypt mail messages.

You can use your grid certificate and key to add a digital signature to your email messages, or to encrypt and decrypt messages.

Email Client Configuration

• For Linux users: see
• For OS X users:
  • For Apple Mail users: import your certificate into Certificate and Key Management in macOS
  • For Thunderbird users: see
• For Windows users: import your certificate into Windows Certificate Manager (via http://windows.microsoft.com/en-us/windows-vista/view-or-manage-your-certificates), or see

Configuring Thunderbird

Importing Certificates

1. Open the certificates dialog:
   • Linux : Edit -> Preferences -> Advanced -> Certificates -> View Certificates -> Your Certificates
   • OS X: Thunderbird -> Preferences -> Advanced -> Certificates -> View Certificates -> Your Certificates
   • Windows : Options -> Advanced -> Certificates -> View Certificates -> Your Certificates
2. Click Import , select your certificate file, and click Open.
3. You'll be prompted to enter and retype a "master password" to safeguard your certificates. This password is orthogonal from your certificate's passphrase and is meant to protect all of your installed certificates with a single, additional password. If you choose to bypass this optional password by clicking Cancel , you'll be prompted with a warning, to which you can click OK to continue.
4. In the Password Entry Dialog , enter the passphrase with which the original certificate and key pair was encrypted with your request. Click OK to confirm that the certificate and key have been imported.
5. Your certificate should now appear in the Your Certificates tab. Click the Authorities tab.
6. Download the appropriate CA chain files as described How to Import a CA Certificate Chain.
7. For each CA chain file:
   • Click Import ,
   • Browse to and select the CA chain file,
   • Click Open ,
   • Toggle all three entries (websites, mail users, and software makers) to enable trust settings,
   • And click OK.
8. To later edit CA chain files:
   • Click Edit Trust ,
   • Toggle all three entries (websites, mail users, and software makers) to enable trust settings,
   • And click OK.
9. Click OK twice to dismiss the options dialogs.

Enabling Digital Signing

1. In Account Settings - > Security, under Digital Signing , click Select , ensure the desired certificate is displayed next to Certificate , and click OK.
   You'll be prompted whether to use the same certificate and key to encrypt and decrypt messages: click Yes to enable if desired.
2. If encryption was enabled, under Encryption , choose whether to send encrypted messages by default.
3. Under Digital Signing , choose whether to include your digital signature by default in outgoing messages.
4. Click OK to dismiss the Account Settings dialog.

When composing or responding to an email message, click Options to toggle options for:

• Encrypt This Message
• Digitally Sign This Message

Additional Information

For troubleshooting and questions and answers, see:

• Grid Certificate FAQ