Noob: Understanding Digital IDs

I’ve been reading up on Digital IDs for the last several days. I’m hoping I can get some definitive answers here, as the pages I’ve read either start halfway through the subject or don’t answer my questions.

Eg. Basics of email encryption, Export /Import email certificate and enable to use in Mozilla Thunderbird - Powered by Kayako Help Desk Software


This is for personal use.

I want to send ALL emails encrypted. Recipients could be using Windows APPS, Programs such as office, or web based apps.

I don’t care about incoming emails. If the senders of those messages don’t care about security or privacy, that’s their choice.

Unless a message they send me quotes some of all of a message I previously sent to them, then I would want my content to be encrypted.

So, trying to get my head around all this.

If I have a digital ID then I have a private key and a public key.

I send someone a digitally signed email, they must update my contact details in their address book so that they get my public key stored… Right?

From that point I can send encrypted emails to them? Regardless of their email client?

I’m going to venture a guess there are some clients that can’t handle encrypted emails. But I have no way of knowing when I send an email what client someone is using.

If they don’t have their own Digital ID they can’t send me encrypted emails?

Have I got this all backwards?

Is there a link I can get pointed to that will answer these questions that I may have missed?



Them having your email certificate stored on their email client allows them to encrypt emails TO you using that certificate.

And again, if you have someone’s email certificate stored in your email client you can encrypt emails TO them.

Hope that helps.


Thanks for your reply, Garry.

Ughh!! Not the answer I was hoping for. I want to encrypt emails TO EVERYONE I send emails to. But, if I understand your response, this means THEY have to have the Digital ID, not me.

Most of the people I correspond with will just stare blankly at me if I say “Get a digital ID”.

Darn it!


Yep…you have to their email certificate to encrypt emails to them.

Back to front I know, but that’s the way it works :slight_smile:

Tanyac, I think you’re in the same boat as me. And perhaps we need to consider our language. To “noobs” (like us) I’m realizing that “encryption” isn’t the same as general privacy or security. Encryption is a protocol that creates privacy, but there are other ways to be more in control of email security.

For one, I just switched my ISP because I discovered that my (now) prior ISP was running an old POP3 email server which didn’t even have the option of SSL messages. I was also shocked to find that MOST ISPs still run the old servers and clearly can’t bothered with security for POP3 email. Of course with everybody in the cloud now to some degree POP3 isn’t as popular as it was originally but I still like it because my messages download to me and I then store and control them.

So now with a more activist (shall we say) ISP, I AT LEAST know that their email server/system itself isn’t some old leaky boat!! The POP3, POP3S, IMAP, etc issue is another way to research and tighten email security and privacy. In short, it’s not black or white. We SURELY can get more privacy and security, even if “encryption” via certificates is beyond the ability (or interest) of our recipients.

Another way to gain privacy is to look into VPN. I’m not an expert on these things by any means but I ADORE Tunnelbear, which must be absolutely the neatest, EASIEST and funnest VPN on the planet. When I want some more privacy I turn it on and choose the location I want to appear to be from. I can also browse from that location which is fantastic. Check it out.

I agree that the whole double key thing is a pain when corresponding with average folks, i.e. personal connections or business contacts, who are either less savvy than we are, too busy, or not interested in working to learn something just to read our messages.

P.S. Have you looked into Shazzlemail? I’m trying it on my Android. It’s a different approach but simple and also it seems to do the trick without making the other folks have to do something. The only training they would need is in recognizing your shazzlemail address, but it appears to be very secure. Watch the video to see how it works.



Just been reading about Shazzlemail…looks interesting and might be an option for Tanyac. :-TU