Posteo Help Help categories Article

This article is tagged with:Inbound encryptionEnd-to-end encryptionS/MIME

How do I create and use an S/MIME key pair?

Would you like to create an S/MIME key pair? Then you will need the following components:

  1. A Posteo account
  2. An internet browser with which you will create and authenticate an S/MIME key pair, such as, for example, Firefox.

If you would like to encrypt with S/MIME, you first need to create a key pair, which consists of a private and a public key. How to do this is explained in our instructions under step 1. When the key pair is created, you then authenticate with a certifying body that the public key belongs to your email address. To our knowledge, there are two providers that offer free authentication (Class 1 procedure, authentication of the email address) – InstantSSL and Secorio. This guide uses InstantSSL as an example.

Step 1: Creating a key pair

  1. Open the InstantSSL website.
  2. Enter your name or a pseudonym.
  3. Enter your Posteo email address, with which you would like to use S/MIME.
  4. Select a country.
  5. In the “Revocation Password” field, enter a password with which you can void your S/MIME key in case of emergency. Make special note of this password.
  6. Decide whether you would like to subscribe to the newsletter. If not, uncheck the box.
  7. Read and accept the terms and click Next.
  8. Now you will receive an email from "Certificate Customer Services" with a link and a Collection Password.
  9. Open the link in the email.
  10. On the page, enter your Posteo email address and the Collection Password from the email.
  11. Click on Submit & Continue.

Your browser will now create a key pair. The public key will automatically be digitally signed and authenticated by Sectigo (formerly known as Comodo). Your browser will notify you once setup of the keys has been completed and that you should create a backup copy of the key. This is indeed a necessary step, as you will need the backup copy of your key to use the S/MIME key pair in an email client.

Step 2: Creating a backup copy of your S/MIME key pair

  1. Click on the sandwich button in Firefox and then on Options. Select the menu item Privacy & Security. At the very bottom, click on View Certificates….
  2. In the section Your Certificates there will be a certificate displayed from “COMODO CA Limited”. Click on the certificate.
  3. Click now on Save to save the certificate as a file on your computer.
  4. Save your key pair with an appropriate filename and a secure password.
  5. Finished. You can now import the file in an email program – and use your S/MIME encryption there.

Related help articles