Wednesday, March 19, 2008

Continuing adventures in e-mail security

Who's reading your e-mail? Are you sure it is only the person you sent it to? Could it hurt you, or your business, (or, your marriage?) if someone else was reading it? Wouldn't it be great if you could ensure that only the intended recipient could read it?

Loyal Friends and True of this series will remember that I while back I wrote a series on using WinPT and GPG to encrypt your e-mail and keep your important conversations private. (If you would like to take a look, click here.) I feel compelled to confess to you, Dear Reader, that the topic was not too well received, and my stats took a bit of a downturn during its run. It is my belief that this was due to the fact that the method described is not one-click simple. It is, in fact, a bit complicated.

In the prior series, I explained (in my limited way) that the encrypting of files, and sending them to someone else, where they then need to decode them, is best done by the exchanging of "keys" in what is called "Public-key encryption" (for Wikipedia's explanation on that, click here). I will not be lecturing on that today.. though, I invite you to click the link if you're interested in (or curious about) cryptography.

It is not hard to understand how encrypting your writing -- so that it can travel across the Internet in an unreadable format -- is a "good thing".. a desirable thing.. and would have serious benefits. The encrypting of e-mails is often required by businesses, and they install cool (and expen$ive) machines on their networks that automatically encrypts all company e-mail. But what about us? Here at home? How do we do it? Can it happen automatically.. like it does at our job? Well, yes and no. The first step is to get yourself a "key". (GPG allows you to generate keys, btw.)

I mentioned in yesterday's article that I had started using a new (to me) e-mail client (Windows Live Mail) to access my webmail accounts. Live Mail, and all other e-mail clients (Outlook, OE, Thunderbird, etc.) natively support the use of "keys", and allow you so "sign" and/or encrypt your e-mail with a single click... assuming you have taken a couple of steps first.
You may have noted that I have been putting the word key inside quotes; that's because when I'm speaking at the level of how crypto works, I am actually speaking about algorithms and when I talk about using those keys, I am talking about "Certificates". To encrypt your e-mail you need to get a Certificate... which is really a key (pair). Confusing, I know.

Tip of the day: Get a Certificate for your e-mail account(s). There are several Certificate Authorities that offer free Certificates for the personal use in e-mail, but I have found that if you are using any Microsoft products.. or you suspect that your recipient(s) may be using Windows and/or Outlook (which is a fairly good bet), you want to get your e-mail certificate here:
Today's free link: Comodo Free Email Certificateimage

Fill in the form, and use the e-mail address that you want to protect with encryption (If you use more than one e-mail address regularly, repeat this process for each one: each account needs its own Cert), and click on the "Advanced Private Key Options" link, and place a check in the "User protected?" checkbox, and enter a "Revocation password (twice). Click "Agree & Cimageontinue".

A window will open telling you that a Certificate is being "requested on your behalf".. agree. Now you will see the screen (pictured). Click "OK".

If all goes as it should, the Comodo webpage will change to a "Congratulations!" page, and instructs you to check the Inbox of the account you created the Cert for. D

o so. There will be an e-mail from Comodo containing a link. You will need to click it to complete the process (Copy>Paste links into the address bar of your browser, remember?!).

image

Your e-mail will look like this. When you've copy>pasted the e-mail's link into your browser's address bar, and requested the Cert download, Windows will then automatically try to install it for you, but needs your permission..

image

Click "Yes" to give it.

image

This tells you you're done, and now you can digitally "sign" your e-mail.. which is the first real step to exchanging encrypted email.. which I will describe tomorrow.
Now, e-mail a link to this article to the person(s) you want private conversations with, and tell them to click the link and follow the Comodo wizard and get their key.. you're going to need it. Once you and they do this, encryption is a click away.

To read the final steps, click here.

Copyright 2007-8 © Tech Paul. All rights reserved.


Share this post :

No comments: