Use your digital signature in Evolution
Before proceeding you must do
If you own a smart card reader InfoNotary but have not installed the drivers for it, follow the instructions Installation of smart card reader and smart card drivers in Linux.
- Warning: When you use smart card with direct access and a cache for certificates. When you successfully installed , YOU MUST NOT delete them from there, as you will delete them from the smart card, along with your private and public key. After that the certificate cannot be recovered.
- Warning: For you to use your certificate it is mandatory that you start the program before after you plug the device.
Installing the certification chain InfoNotary
Before working with your electronic signature certificate is required to install the base certificates InfoNotary. Certification chain can be found in directory "certificates" on the installation CD or from our website .
- For the installation run Evolution from the Edit menu and select Preferences:
- Select the section "Certificates", as shown below, press "Import" and enter the path to the setup file of the certification chain - InotaryCertChain.p12. Depending on whether you have used before electronic signature certificates with the same user opens a window in which to set a password for the certificate store or window in which to enter the password. You will then be prompted for the password file. Leave field blank and click OK.
- For each basic certificate certification authority (CA) the user must choose a level of trust. This is done by selecting the certificate and press the button "Edit". List of installed base certificates can see in the table and the "Authorities" section Certificates settings Evolution. Maybe need to close the settings window and open it again to see the new certificate in the "Authorities":
The easiest way to do this setting for the certificate "InfoNotary CSP Root" and select all options as shown:
This will make all the InfoNotary trusted certificates for all operations. If you want, you can specify only the required level of confidence. In this case, you must do the following:
- for certificates „i-Notary TrustPath Validated E-mail CA” check „This certificate can identify mail users”.
- for certificates „i-Notary Personal Q Sign CA” check „This certificate can identify mail users”.
- for certificates „i-Notary Company Q Sign CA” check „This certificate can identify mail users”.
This will allow you to check the signature on a letter signed by a certificate of InfoNotary.
Registering hardware cryptographic module
- Once you have installed the base certificates, you must set the program to use PKCS # 11 modules by the card's drivers. Evolution because no interface for adding cryptographic modules to be used the following method:
- Install the tools to work with NSS. In Debian and distributions based on it's package libnss3-tools.
- Stop Evolution, if it works.
- Create NSS database directory with the following command - mkdir -p $HOME/.pki/nssdb.
- From the terminal run the following command - modutil -add "OpenSC" -libfile opensc-pkcs11.so -dbdir sql:$HOME/.pki/nssdb -mechanisms FRIENDLY
If your card is Bit4id, you will need to replace opensc-pkcs11.so with libbit4ipki.so. In case you use a driver Siemens, the library is /usr/local/lib/libsiecap11.so.
- Insert the card into the reader and plug it into the computer, if it is not.
- Once you start Evolution, you can see the evidence of the card settings for personal certificates.
To be able to sign your outgoing e-mail, you need to associate your profile (account) with the electronic signature certificate from a smart card. This is done as follows:
- Select the Account Settings tab and "Security", as shown:
- Choose the Select ... of the box "Secure MIME (S / MIME). A window will appear to select the certificate:
- Select the desired certificate from the smart card and press OK.
If selected Digitally sign messages (by default), each sent message will be signed with the selected certificate. From the same dialog you can specify a certificate for decrypting e-mails from the field "Encryption certificate".
'To be able to sign letters of Evolution, your card must be inserted in the reader and it is connected to the computer before running the program'.