certificate

Apr 27 2009

Secure Your Email

Brought to you by: James



Welcome to the new age of the internet! It’s the age of fake identities, hidden motives, and stolen/intercepted email. In this day and age, it’s actually difficult to be certain about the origins of a recently received email. “Did my friend really send that virus?” “Why is my boss asking for my social security number at 2:05AM?” Not only can email addresses be spoofed, but viruses can hijack our web-based mail systems and send emails from under our noses. How can you trust that the email you just received is genuine? Using a digital signature or certificate is one way, and encryption is another. Believe it or not, both are rather easy to configure for Mail.app (OS 10.3 or higher required), Mozilla and ThunderBird. The following options are all 100% free (unless you count the cost of OS X for Mail.app).

What is a Digital Signature?
A Digital Signature is a strong way of proving that the mail you have just sent or received is of genuine origin. You can easily configure a certificate to act as a Digital Signature, and this article will show you how to do just that.

What is Encryption?
Encryption scrambles your message so that only the person you have chosen to receive your email can read it. To do this, you must have each other’s certificates. And as far as Mail.app is concerned, as soon as you read a signed email, that user’s certificate is already stored in your keychain. For example, assuming that Rick has previously sent me a signed message and I have previously sent him a signed message, we can now communicate through encrypted email.

Mail.app Configuration (OS 10.3 or higher required)

Step 1: Sign up and request a free email certificate through Thawte using Safari (Select the “Netscape Communicator or Messenger” option when you start the X.509 certificate request form. Users who don’t use Safari or find trouble using it with Thawte’s site, skip to the “Safari Won’t Work With Thawte” section).

Step 2: Once everything has been approved, select to fetch your new certificate. If you were using Safari under OS 10.3 or higher, the certificate has been automatically added to your keychain.

Step 3: Now, open Mail.app and compose an email using the email address that you created the certificate for. You will notice some new options (seen below). The lock icon (encryption) only shows if you also have the certificate for the individual to whom you are sending the email (as stated above, you automatically receive the other party’s certificate when you receive a signed email from them).

sigbar Secure Your Email

Step 4: Make sure that you have selected to sign the email (a check mark appears in the signature icon). If you also wish to encrypt the email, select the encryption icon and a closed lock should appear.

Step 5: Now, send your email. You will notice that all signed and/or encrypted email received through Mail.app displays an additional security field in the header, denoting the additional security features (seen below).

sig Secure Your Email

Note: If you have multiple email accounts, you will need a separate certificate for each account. If you have multiple computers, you will also need a separate certificate for each account on each computer.

Mozilla Configuration

Note: At some point, Mozilla will ask you to create a master password (if you have not already done so). This is to protect the certificate manager and the certificates contained within it. The icons used to sign/encrypt messages in Mozilla are similar to those used in Thunderbird.

Step 1: Sign up and request a free email certificate through Thawte using Mozilla (Select the “Netscape Communicator or Messenger” option when you start the X.509 certificate request form).

Step 2: Once everything has been approved, select to fetch your new certificate. The certificate will be automatically added to your certificate manager under the security preferences.

Step 3: Once you have opened Mozilla’s mail client, open the account settings for the email address which you created the certificate for. Under the security settings, select your new certificate.

Step 4: Choose to write an email using the account which now has the certificate selected. You will now notice that you can sign and/or encrypt the email using the menu under the lock icon.

Step 5: You will notice that singed messages in Mozilla display a pen icon.

Note: If you have multiple email accounts, you will need a separate certificate for each account. If you have multiple computers, you will also need a separate certificate for each account on each computer.

Thunderbird Configuration

Note: This is a little tricky. You will need to have Mozilla installed as well in order to do this. It is possible to use FireFox, but it has not been tested. Camino will not work. At some point, Thunderbird will ask you to create a master password (if you have not already done so). This is to protect the certificate manager and the certificates contained within it.

Step 1: Follow steps 1 and 2 of the “Mozilla Configuration”.

Step 2: Select the certificate which has just been automatically added to the certificate manager, located under the security preferences. Select the “Backup” button and save the file to your desktop.

Step 3: Open Thunderbird, and select the certificate manager under the advanced preferences. Select “Import” and select the backup file that has just been saved to your desktop. Congratulations, your certificate is finally in Thunderbird and you may now trash that certificate backup on your desktop.

Step 4: Open the account settings for the email address which you created the certificate for. Under the security settings, select your new certificate.

Step 5: Choose to write an email using the account which now has the certificate selected. You will now notice that you can sign and/or encrypt the email using the menu under the lock icon.

tsmime Secure Your Email

Note: If you have not installed enigmail, then the lock icon will be labeled as “Security”, not “S/MIME”.

Step 6: You will notice that singed messages in Thunderbird display a pen icon.

tsign Secure Your Email

Note: If you have multiple email accounts, you will need a separate certificate for each account. If you have multiple computers, you will also need a separate certificate for each account on each computer.

Safari Won’t Work With Thawte

Step 1: Follow steps 1 and 2 of the “Thunderbird Configuration”.

Step 2: Open Keychain Access and drag the file into the area which lists all of your keychain entries.

Step 3: Follow steps 3-5 of the “Mail.app Configuration”.

Note: If you have multiple email accounts, you will need a separate certificate for each account. If you have multiple computers, you will also need a separate certificate for each account on each computer.

Alternative Encryption and Signing With Mail.app and GPG

Step 1: Access the MacGPG site.

Step 2: Install GNU Privacy Guard for GPG functionality and GPGKeys to create your GPG key. You may also install GPGPreferences for further control of your GPG installation, GPGFileTool for easily accessible file encrypt/decrypt functions, and GPGDropThing for drag-and-drop file encrypt/decrypt.

Step 3: Download and install GPGMail.

Step 4: You will now notice a new field when you compose an email, which will allow you to select which key you wish to encrypt and/or sign your email (seen below).

pgpbar Secure Your Email

Note: Make sure to send your key to a keyserver using GPGKeys so that others can send encrypted messages to you. I recommend using ldap://keyserver.pgp.com (you can set this using GPGPreferences), you can find my keys there as well.

Alternative Encryption and Signing With Thunderbird/Mozilla and GPG

Step 1: Follow Steps 1 and 2 from “Alternative Encryption and Signing With Mail.app and GPG”.

Step 2: Download the correct enigmail and enigmime modules for your operating system version and application version.

Step 3: Carefully follow the given installation instructions.

Step 4: You will now notice a new decrypt button in your inbox for decrypting messages encrypted using GPG or PGP.

tdecrypt Secure Your Email

Step 5: You will also notice a new PGP button to encrypt or digitally sign your messages using GPG.

tgpg Secure Your Email

Note: Make sure to send your key to a keyserver using GPGKeys so that others can send encrypted messages to you. I recommend using ldap://keyserver.pgp.com (you can set this using GPGPreferences), you can find my keys there as well.

Congratulations, you are now one step ahead of evil in the battle to secure your email. Use this knowledge wisely.

thunderbird large Secure Your Email

By admin • Articles, Power User Monday Tip of the Week Comments Off • Tags: , , , , , , , , , , , , , , , , , ,

Dec 19 2006

Stumped for a gift? ifrogz suggests a Virtual Gift Certificates

The folks at ifrogz believe that there’s no better last-minute gift for the music lover on your list this holiday season than one of their iPod cases. But since they have such a vast selection with so many customizable options, it can be tough to know what someone else’s idea of the perfect iPod case is. It is for that reason that they suggest giving an ifrogz’s virtual gift certificate.

Virtual gift certificates from ifrogz are ideal for the last-second gift because they can be printed immediately after purchasing and allow the buyer to customize the “to” and “from” sections. And with none of the hassle that comes from shipping, virtual gift cards eliminate the worry that an online purchase won’t arrive in time for Christmas.

ifrogz custom iPod cases allow music lovers to choose from 39 colors of Wrapz, 40 colors of Bandz and more than 200 stock wheel art decals to create more than 300,000 unique iPod case combinations. In addition, customers can now upload their own custom art online through the ifrogz Screenz Creator, making the possibilities for customization truly limitless.

Note:

By admin • gadgets, General News, News Comments Off • Tags: , , , , , , , , , , , , , , , , , , ,