3

Is there a way to create a public certificate for a S/MIME email certificate?

I would like to share the public key on my website so people can send me encrypted emails. However I can only find "tutorials" where I need to send someone a signed mail first so their mail program can obtain the key. But I want to share my public key over HTTP so people don't have to ask for a signed mail in order to send an encrypted one. It is common to share public PGP keys, is S/MIME different in this aspect?

I have a S/MIME cert set up in Thunderbird but it can only export the whole (private) key.

Guest154845123
  • 31
  • 2
  • If all else fails I suppose you could always send a signed email to yourself, then follow those tutorials... – user Dec 29 '13 at 15:41
  • My program will ignore it since it's already known. But I can actually export .crt's or .pem's from people who sent me signed mails, just not my own. But I could send a mail to another program and export it there. :) – Guest154845123 Dec 29 '13 at 15:44
  • This seems to work: `openssl pkcs12 -in cert.p12 -out publickey.pem -clcerts -nokeys` However the .pem will have _Bag Attributes_ information which usually isn't in there, is it? – Guest154845123 Dec 29 '13 at 16:03
  • I mean `openssl pkcs12 -in cert.p12 -out publickey.pem -nokeys` without `-clcerts` – Guest154845123 Dec 29 '13 at 16:09
  • 2
    I found out that it's actually possible to export their own certificate from Thunderbird or Firefox. Instead of saving the certificate in the cert manager open the cert, go to details and click export. – Guest154845123 Dec 29 '13 at 16:20
  • 1
    You should post that as a self-answer, rather than as a comment. Comments are supposed to be ephemeral, whereas answers can be expected to remain. It will also give you the chance of earning reputation from it, which comments don't. – user Dec 29 '13 at 16:31
  • I know but as a new user I can't. – Guest154845123 Dec 29 '13 at 17:19

1 Answers1

0

I realize it's 8 years old post, but we're still struggling with the data privacy here in 2021.

Here's an article I wrote about getting a public S/MIME certificate from a Trusted Certificate Authority on your Mac.

https://medium.com/reactivelions/best-ways-to-send-encrypted-email-in-2021-f76284db0d51

Eugene Hauptmann
  • 101
  • 2