wiki:certificates_and_identities

It is possible to tie a specific S/MIME certificate or PGP key directly to an identity. To do that you first need a way to uniquely identify the certificate or key. If the associated email address is unique, then that will suffice. However, in some cases you may have multiple certificates or keys for the same email address. In that case the certificate or key "hash" value can be used.

To specify a certificate or key edit the identity and switch to the Security tab. Active the panel via the Active checkbox. You can then choose which key to sign with using the "Sign with Key" popup:

  • "Default Key" - use a certificate/key matched by the From address of the default identity.
  • "From Address" - use a certificate/key matched by the From address of the selected identity.
  • "Reply-To Address" - use a certificate/key matched by the Reply-To address of the selected identity.
  • "Sender Address" - use a certificate/key matched by the Sender address of the selected identity.
  • "Other Key..." S/MIME - a certificate identifier can be entered in the text field to select a certificate:
    • Enter an email address to select a certificate based on that address - if more than one certificate match there is no way to determine which will be selected
    • Enter the certificate "hash" by prefixing it with a single "#" character - that will uniquely select the certificate
    • Enter the certificate "fingerprint" by prefixing it with a single "$" character - that will uniquely select the certificate (the fingerprint for certificates is visible in the "Manage Certificates" dialog that can be accessed by the Preferences/Security? panel
    • Enter the certificate "subject" by prefixing it with "cn=" - that will allow matching against the subject field of a certificate (also visible via the "Manage Certificates" dialog)
  • "Other Key..." gpg - a key identifier can be entered in the text field to select a key (see the gpg man page or online documentation for full details of what can be used, below is just a quick summary of some possible options):
    • Enter an email address to select a key based on that address - if more than one key match there gpg preferences may be used to auto-select the best one (see man gpg)
    • Enter the key "key Id" by prefixing it with "0x" - that will uniquely select the key
    • Enter the key "fingerprint" by prefixing it with "0x" - that will uniquely select the key
Last modified 6 years ago Last modified on 11/18/10 20:16:33