WHAT IS S/MIME?

In basic terms S/MIME is a way of sending and receiving encrypted and 
digitally signed messages. S/MIME uses both public and private 'keys' 
(certificates) to accomplish this. Your private key is used to sign 
messages, and your public key is used by others to encrypt messages they 
send to you. Your private key is used to decrypt the encrypted messages 
others send to you. In addition, personal certificates are usually signed by 
trusted parties, called "Root" or "Certificate Authorities (CA)."  This 
gives extra assurance to the verification process that not only was the 
message not altered, but that it was sent by someone trusted by the 
Certificate Authority.

For general information about SMIME and public-key cryptography, see:

http://eudora.com/techsupport/kb/2691hq.html

INSTALLATION

Installation of this plugin is simple:

- Unzip the 'SMIME.zip' file. It contains 2 files; this ReadMe and the 
'SMIME.dll' file
- Place the ReadMe file wherever you like
- Place the SMIME.DLL file inside the 'plugins' directory inside your 
'Eudora' directory' (typically 'C:\Program Files\Qualcomm\Eudora\plugins\'
- Restart Eudora
- You're done
- To verify that the plugin is installed, select 'Special->Message Plug-ins 
Settings...' in Eudora. Verify that the S/MIME Plugin appears in the list of 
installed plugins.


In order for the plugin to be able to sign or decrypt messages, you need to 
have a certificate correctly installed on your machine. See the section 
'CERTIFICATES' below.

SIGNING MESSAGES

To digitally sign a message using the S/MIME plugin, follow these steps:

- Create a new message in Eudora
- Address the message and enter text as normal
- Before clicking the 'Send' (or 'Queue') button, click the 'S/MIME Signer' 
toolbar button. The button is just a bit to the left of the 'Send' (or 
'Queue') button. It looks like a rubber stamp, and the tooltip says 'S/MIME 
Signer'.
- Click the Send (or Queue) button
- A dialog appears, asking you to select the certificate to use to sign the 
message
- Select your certificate and click OK

Note: If you only have one signing certificate, then it won't ask you and 
will just use that certificate.

Note: You can also encrypt digitally signed messages. See the 'ENCRYPTING 
MESSAGES' section of this ReadMe for information on encrypting messages.


- Depending on settings, you may be asked for the password associated with 
your key. Enter your password.
- The message is sent, signed using the key you selected above.

VERIFYING SIGNATURES

When you receive a message that is signed using S/MIME, Eudora displays the 
headers of the message, and instead of showing you the body of the message, 
there is an attachment (with a '.ems' extension) representing the message. 
To verify the signature:
- Click the attachment
- The signature is checked and if it verifies the body of the message 
changes to show you the text of the signed message
- If the signature does NOT verify, a warning dialog appears (or a warning 
is inserted inline in the message, depending on your settings. See 
'SETTINGS' below)

- At this point you can close the message (if the message was opened, not 
just previewed) and will be prompted to save changes.
- Select 'Yes' to have Eudora save the message 'decoded'. In other words, 
leave the message displaying all the text so that the next time you view 
this message you do not need to verify the signature.
- Select 'No' and Eudora will discard the changes to the message and keep it 
in its original state. Next time you want to view this message you will need 
to click the attachment again.

Note: If you are viewing the message in the Preview Pane, you are not 
prompted to save changes. The message remains in its encoded form, as an 
attachment.

ENCRYPTING MESSAGES

Note: To encrypt a message, you need to have the public key of all 
recipients to the message (see CERTIFICATES section below) stored in your OS 
Certificate Store (Internet Options Control Panel).

To encrypt a message:

- Create a new message in Eudora
- Address the message and enter text as normal
- Before clicking the 'Send' (or 'Queue') button, click the 'S/MIME 
Encrypter' toolbar button. The button is just a bit to the left of the 
'Send' (or 'Queue') button. It looks like a padlock, and the tooltip says 
'S/MIME Encrypter'.
- Click the Send (or Queue) button

Note: You can also digitally sign an encrypted message. See the 'SIGNING 
MESSAGES' section of this ReadMe for information on signing.

DECRYPTING MESSAGES

If you receive an S/MIME encrypted message, the encrypted contents will 
appear as an attachment to the message.

- Click the attachment
- Depending on settings, you will be prompted to enter the password 
associated with your private key.
- Enter the password.
- The attachment is decrypted and the message text is now displayed
- At this point, the process is similar to signature verification in that 
when you close the message you are prompted to save changes.

SETTINGS

The Settings for the Eudora S/MIME plugin are very simple. To access the 
settings,  select 'Special->Message Plug-ins Settings...', highlight the 
'S/MIME Plugin' and click the 'Settings..' button. Here you have 3 options 
for where error messages are displayed:

( ) Dialog
( ) Message itself
( ) Both

These settings are fairly self explanatory. If there is an error verifying a 
signature or decrypting a message, these settings govern how that error will 
be presented to you. 'Dialog' means Eudora will display a dialog box showing 
you the error. 'Message itself' means Eudora will place the error text 
inside the message after you click the attachment. 'Both' means both in a 
dialog and in the message itself.

You also have these options:

[ ] Verify Signatures on message download

This setting causes Eudora to verify the signature when the message is downloaded
and store the message in the mailbox in a verified state instead of as an attachment
that you need to click to verify the signature. This option makes reading signed
messages easier, but has the disadvantage of not verifying the validity of the signature
at the moment you read the message. If you are concerned that the sender's certificate
has been revoked and want to verify the signature at the time you open/read the message,
you should keep this option unchecked.

[ ] Add verified certificates to store

This setting governs whether or not you will be asked if you wish to add the 
public key of the sender to your certificate store. The sender's public key 
is required if you wish to send Encrypted messages to this person. See the 
'CERTIFICATES' section below for more information

[ ] Use signature for older S/MIME clients

If this setting is checked, Eudora will send signatures using an old-style MIME type so that
other mail clients that support S/MIME but do not support the new-style MIME type will
be able to verify signatures and decrypt messages sent by Eudora.

CERTIFICATES

Eudora itself does not manage certificates for you. The OS manages your 
certificates. To view/add certificates, follow these steps:

- Open the 'Internet Options' Control Panel (Start->Settings->Control 
Panel->Internet Options)
- Click the 'Content' tab
- Click the 'Certificates' button
- Here you can view your certificate(s) as well as manage the certificates 
you have for other people.
- It is up to you to manage your certificates here, and it is up to you to 
obtain a certificate and enter it into this dialog.
- There are many ways to obtain certificates, some free and some at a cost. 
For information on obtaining a certificate, see:

 http://eudora.com/techsupport/kb/2691hq.html


Note: If you use Internet Explorer to download your certificate it should 
automatically be placed in the Certificate Store (Internet Options described 
above). If you use Firefox to download your certificate, the certificate 
will be placed in the Firefox certificate manager and you will need to 
export if from there and import it into the OS Certificate Store (Internet 
Options Control Panel).

Managing public keys:

In order to send encrypted messages to another person, you need to have that 
person's public key stored in your certificate store. If you have the 'Add 
verified certificates to store' option (described above) checked, then when 
you receive an S/MIME-signed message, Eudora will prompt you to add that 
person's key to the store for you. If you choose to do so, the OS 
certificate store wizard appears walking you through the process.

If for some reason you need to send your public key to another person and 
simply signing a message you send them is not enough for them to obtain your 
public key, you can export the key from the OS Certificate Store (Internet 
Options Control Panel) and send them the exported key as an attachment. 
Remember, key management is handled by the OS Certificate Store (Internet 
Options Control Panel). No keys are maintained by Eudora itself.