secure email

Discussion in 'Computer Security' started by Jamie Briant, Oct 23, 2003.

  1. Jamie Briant

    Jamie Briant Guest

    I've got this email which has been digitally signed, so I have the guys
    public key. I want to send an encrypted email back. But, outlook wont let me
    because *I* dont have a certificate. Is this outlook, or will Mozilla,
    Eudora, etc all do the same thing? Is it the whole protocol: it wont let you
    use someone elses public key unless you have a key of your own? Seems a
    great way to make sure that no-one adopts secure email if you ask me.

    jamie
     
    Jamie Briant, Oct 23, 2003
    #1
    1. Advertising

  2. "Jamie Briant" <> wrote in message
    news:bn86fd$q4t$...
    > I've got this email which has been digitally signed, so I have the guys
    > public key. I want to send an encrypted email back. But, outlook wont let

    me
    > because *I* dont have a certificate. Is this outlook, or will Mozilla,
    > Eudora, etc all do the same thing? Is it the whole protocol: it wont let

    you
    > use someone elses public key unless you have a key of your own? Seems a
    > great way to make sure that no-one adopts secure email if you ask me.
    >
    > jamie


    I'm not sure what system you're using, but the method I'm familiar with to a
    certain extent, is public/private keyrings, like with PGP, or GPG on Linux.

    To send an encrypted mail to someone using these applications, you must have
    the recipients *public* key. You encrypt the mail with his/her *public* key
    (and also with your own *public* key, so you can read what you've sent), and
    then send it.

    The recipient downloads the mail and decrypts it using his/her *private*
    key. This *private* key is passphrase protected in case it falls into the
    wrong hands. Of course, the stronger the passphrase, the better the key is
    protected.

    Apologies if you knew all that already, just making sure. If it was PGP/GPG,
    then you would be able to send this guy an encrypted response if you have
    his *public* key.

    Probably not been any help to you at all, but these links might help more :

    PGP (Pretty Good Privacy) on Windows : http://www.pgpi.org
    GPG (Gnu Privacy Guard) on Linux distributions : http://www.gnupg.org

    I've been using PGP for a long time, and it's pretty easy to encrypt, sign
    and decrypt emails and files using it. I never tried the system that's used
    in Outlook/Outlook Express, so I can't help there sorry.

    SB.
     
    Superbo Barnetta, Oct 23, 2003
    #2
    1. Advertising

  3. Jamie Briant

    Richard Hunt Guest

    "Jamie Briant" <> wrote in message
    news:bn86fd$q4t$...
    > I've got this email which has been digitally signed, so I have the guys
    > public key. I want to send an encrypted email back. But, outlook wont let

    me
    > because *I* dont have a certificate. Is this outlook, or will Mozilla,
    > Eudora, etc all do the same thing? Is it the whole protocol: it wont let

    you
    > use someone elses public key unless you have a key of your own? Seems a
    > great way to make sure that no-one adopts secure email if you ask me.
    >


    Is the message something like "I will send this encrypted, but you won't be
    able to read the message in your own sent items folder because you don't
    have a certificate. Send Anyway?"

    I got a message something like that when I was experimenting with OE and
    Outlook and X.509 certificates.

    OE allowed me to send the message to my co-worker, but OE was right - I
    couldn't read the message in my own sent items folder.

    If that is not the message, please give us the actual message text.

    If that WAS the message, you have four choices:

    1. don't respond encrypted
    (which you've said you would rather not)

    2. respond encrypted and you won't be able to read it
    (danger is you'll forget what you replied)

    3. compose your reply in notepad & save it to disk.
    copy the notepad text to the clipboard & paste it into the mail
    send it encrypted... you can always refer to the notepad file

    4. get a certificate & reply encrypted
    Verisign sells certificates.
    Thawte gives them for free to individuals.
    You can also create your own:
    OPENSSL
    XCA (sourceforge)

    Richard
     
    Richard Hunt, Oct 24, 2003
    #3
  4. In article <bn86fd$q4t$>,
    says...
    > I've got this email which has been digitally signed, so I have the guys
    > public key. I want to send an encrypted email back. But, outlook wont let me
    > because *I* dont have a certificate. Is this outlook, or will Mozilla,
    > Eudora, etc all do the same thing? Is it the whole protocol: it wont let you
    > use someone elses public key unless you have a key of your own? Seems a
    > great way to make sure that no-one adopts secure email if you ask me.
    >
    > jamie
    >
    >
    >



    in order to send an encrypted message, meaning you encrypt the message
    into jibberish, you need a third party encryption program such as PGP.


    http://www.cotse.com/helpdesk/documents/security/pgp.html


    --
    Colonel Flagg
    http://www.internetwarzone.org/

    Privacy at a click:
    http://www.cotse.net

    Q: How many Bill Gates does it take to change a lightbulb?
    A: None, he just defines Darkness? as the new industry standard..."

    "...I see stupid people."
     
    Colonel Flagg, Oct 24, 2003
    #4
  5. Colonel Flagg wrote:
    > In article <bn86fd$q4t$>,
    > says...
    >
    >>I've got this email which has been digitally signed, so I have the guys
    >>public key. I want to send an encrypted email back. But, outlook wont let me
    >>because *I* dont have a certificate. Is this outlook, or will Mozilla,
    >>Eudora, etc all do the same thing? Is it the whole protocol: it wont let you
    >>use someone elses public key unless you have a key of your own? Seems a
    >>great way to make sure that no-one adopts secure email if you ask me.
    >>
    >>jamie
    >>
    >>
    >>

    >
    >
    >
    > in order to send an encrypted message, meaning you encrypt the message
    > into jibberish, you need a third party encryption program such as PGP.
    >
    >
    > http://www.cotse.com/helpdesk/documents/security/pgp.html
    >
    >


    Not so. Both O/OE support S/MIME digital certificates for encryption.
    No third party software required.
     
    Ralph A. Jones, Oct 24, 2003
    #5
  6. Jamie Briant wrote:

    > I've got this email which has been digitally signed, so I have the guys
    > public key. I want to send an encrypted email back. But, outlook wont let me
    > because *I* dont have a certificate. Is this outlook, or will Mozilla,
    > Eudora, etc all do the same thing? Is it the whole protocol: it wont let you
    > use someone elses public key unless you have a key of your own? Seems a
    > great way to make sure that no-one adopts secure email if you ask me.
    >
    > jamie
    >
    >


    I have been an email encryption advocate since the DOS PGP days when
    Phil Zimmerman (the author of PGP) was still being sued by the Justice
    Department for providing military-grade encryption to the masses (and,
    unfortunately for Phil, enemies of his home country the United States).
    In my experience over the years it has been proven to me over and over
    again that it takes a true geek/paranoid (of which I am proud to call
    myself) to "buy into" email encryption. Your average, Joe Blow user
    could hardly be less interested in email encryption because: a) it adds
    two or three clicks to processing email, whether you are using PGP or an
    S/MIME-enabled email client like O/OE; or, b) obtaining and installing a
    digital certificate or generating a PGP key set is beyond the computer
    capabilities/interests of most.

    Your friend appears to have joined the relatively small community of
    geek/paranoids. I invite you to join us. As others have suggested, you
    can pick up a Thawte certificate for free (http://www.thawte.com -- even
    though their "public trust" or "notary public" system probably inhibits
    the timid).

    Last time I checked (although this may have been changed in the most
    recent version), Netscape verions 6.x/7.x (Mozilla iterations) did *NOT*
    properly support S/MIME.
     
    Ralph A. Jones, Oct 24, 2003
    #6
  7. Jamie Briant

    Jamie Briant Guest

    Thats great, but why wont Outlook let me encrypt the outgoing email? It
    says:

    "Microsoft Outlook could not sign or encrypt this message because you have
    no certifiacates which can be used to send from the e-mail address
    <>"

    Why do *I* need a certificate when I am trying to encrypt an email using the
    recipients key????

    jamie

    "Ralph A. Jones" <rajones@SPAM_ME_NOT_AT_tconl.com> wrote in message
    news:Lq2mb.122$...
    > Jamie Briant wrote:
    >
    > > I've got this email which has been digitally signed, so I have the guys
    > > public key. I want to send an encrypted email back. But, outlook wont

    let me
    > > because *I* dont have a certificate. Is this outlook, or will Mozilla,
    > > Eudora, etc all do the same thing? Is it the whole protocol: it wont let

    you
    > > use someone elses public key unless you have a key of your own? Seems a
    > > great way to make sure that no-one adopts secure email if you ask me.
    > >
    > > jamie
    > >
    > >

    >
    > I have been an email encryption advocate since the DOS PGP days when
    > Phil Zimmerman (the author of PGP) was still being sued by the Justice
    > Department for providing military-grade encryption to the masses (and,
    > unfortunately for Phil, enemies of his home country the United States).
    > In my experience over the years it has been proven to me over and over
    > again that it takes a true geek/paranoid (of which I am proud to call
    > myself) to "buy into" email encryption. Your average, Joe Blow user
    > could hardly be less interested in email encryption because: a) it adds
    > two or three clicks to processing email, whether you are using PGP or an
    > S/MIME-enabled email client like O/OE; or, b) obtaining and installing a
    > digital certificate or generating a PGP key set is beyond the computer
    > capabilities/interests of most.
    >
    > Your friend appears to have joined the relatively small community of
    > geek/paranoids. I invite you to join us. As others have suggested, you
    > can pick up a Thawte certificate for free (http://www.thawte.com -- even
    > though their "public trust" or "notary public" system probably inhibits
    > the timid).
    >
    > Last time I checked (although this may have been changed in the most
    > recent version), Netscape verions 6.x/7.x (Mozilla iterations) did *NOT*
    > properly support S/MIME.
    >
     
    Jamie Briant, Oct 24, 2003
    #7
  8. Jamie Briant

    splatter Guest

    "Jamie Briant" <> wrote in message
    news:bnb25d$rgf$...
    > Thats great, but why wont Outlook let me encrypt the outgoing email? It
    > says:
    >
    > "Microsoft Outlook could not sign or encrypt this message because you have
    > no certifiacates which can be used to send from the e-mail address
    > <>"
    >

    You need to save his certificate from the original email first then encrypt
    your outgoing mail.

    DP
     
    splatter, Oct 24, 2003
    #8
  9. Jamie Briant

    splatter Guest


    >
    > I have been an email encryption advocate since the DOS PGP days when
    > Phil Zimmerman (the author of PGP) was still being sued by the Justice
    > Department for providing military-grade encryption to the masses (and,
    > unfortunately for Phil, enemies of his home country the United States).
    > In my experience over the years it has been proven to me over and over
    > again that it takes a true geek/paranoid (of which I am proud to call
    > myself) to "buy into" email encryption.


    More true word have not been spoken.. :) My problem is I can't get any of my
    friends to "buy into" the idea, and a one sided
    encypted message just doesn't work.
    I have heard everything from "that makes the email more suspicious", to the
    don't want to make the effort, or pay the money. Like someone earlier
    expressed I went so far as to install a server to roll my own certificate &
    have my own agency.

    DP
     
    splatter, Oct 24, 2003
    #9
  10. Jamie Briant

    Jamie Briant Guest

    > You need to save his certificate from the original email first then
    encrypt
    > your outgoing mail.
    >
    > DP


    Exactly where and how do I "save" it? Its already in the Certificates tab of
    the Contact in my personal address book. Where else does it need to be?

    jamie
     
    Jamie Briant, Oct 24, 2003
    #10
  11. Jamie Briant

    splatter Guest

    "Jamie Briant" <> wrote in message
    news:bnbc58$g87$...
    > > You need to save his certificate from the original email first then

    > encrypt
    > > your outgoing mail.
    > >
    > > DP

    >
    > Exactly where and how do I "save" it? Its already in the Certificates tab

    of
    > the Contact in my personal address book. Where else does it need to be?
    >
    > jamie


    Humm, that's where it is "saved". With that saved in your address book it
    should show you a little red ribbon in the contacts name card on your
    address book And you shouldn't have a problem encrypting except what the
    previous poster mentioned that it will tell you won't be able to read it
    because you don't have a cert.

    DP
     
    splatter, Oct 24, 2003
    #11
  12. Jamie Briant

    Richard Hunt Guest

    "Jamie Briant" <> wrote in message
    news:bnb25d$rgf$...
    > Thats great, but why wont Outlook let me encrypt the outgoing email? It
    > says:
    >
    > "Microsoft Outlook could not sign or encrypt this message because you have
    > no certifiacates which can be used to send from the e-mail address
    > <>"
    >


    [note the status of the saved certificate as outlined by splatter (DP) in
    another part of this thread; I'm replying to this part because it has the
    text of the Outlook error box]

    Is Outlook trying to *sign* the message? I'm working from memory (because I
    used Outlook at a *former* employer)--I can't remember if the if the
    encrypt -vs- sign check marks are on the Tools menu or the Message menu in
    an Outlook compose-message dialog box. In OE, under the Tools menu, there
    are two toggle items labeled

    Encrypt using S/MIME
    Digitally Sign using S/MIME

    > Why do *I* need a certificate when I am trying to encrypt an email using

    the
    > recipients key????
    >


    Jaime, you are right in that *you* don't need a certificate just to encrypt.

    So, find these menu items in the compose message window to see that only
    Encrypt using S/MIME is checked. If Digitally Sign using S/MIME is checked,
    then that would cause Outlook to require a certificate.

    Richard
     
    Richard Hunt, Oct 24, 2003
    #12
  13. On Fri, 24 Oct 2003 09:52:39 -0400, splatter wrote:

    >
    >>
    >> I have been an email encryption advocate since the DOS PGP days when
    >> Phil Zimmerman (the author of PGP) was still being sued by the Justice
    >> Department for providing military-grade encryption to the masses (and,
    >> unfortunately for Phil, enemies of his home country the United States).
    >> In my experience over the years it has been proven to me over and over
    >> again that it takes a true geek/paranoid (of which I am proud to call
    >> myself) to "buy into" email encryption.

    >
    > More true word have not been spoken.. :) My problem is I can't get any of my
    > friends to "buy into" the idea, and a one sided
    > encypted message just doesn't work.
    > I have heard everything from "that makes the email more suspicious", to the
    > don't want to make the effort, or pay the money. Like someone earlier
    > expressed I went so far as to install a server to roll my own certificate &
    > have my own agency.
    >
    > DP


    Most people I know who I'd have any kind of PC conversation with, would
    most likely look at me like I'd just farted, if I mentioned anything to do
    with encryption. PGP to them, is simply another brand of tea ...

    I'm in the same boat as yourself. I've moved 'over' to GPG on Linux RH
    now, and find that just as easy to send and receive encrypted mail, and
    encrypt files too.

    I'll keep putting in that GPG, or PGP, signature in my mails no matter
    what. Someone, somewhere, has just got to realise just how easy it is, how
    sneaky it is, and to be quite frank, how much fun it is.

    Maybe I need to get out more ...

    SB.
     
    Superbo Barnetta, Oct 25, 2003
    #13
  14. Jamie Briant

    me Guest


    > Maybe I need to get out more ...


    lol, I think we probably both do..

    DP
     
    me, Oct 27, 2003
    #14
  15. Jamie Briant

    Tim Guest

    Digital Signatures and Encryption are two different things. Signatures
    assure integrity, not privacy. If you want to digitally sign a file you have
    to have a certificate from a CA unless you are creating your own, for your
    own network.

    If you just want to encrypt files, download PGP and exchange public keys. It
    sounds to me that the key you currently have is for verifying your friend's
    signature, not encryption.
    "Jamie Briant" <> wrote in message
    news:bn86fd$q4t$...
    > I've got this email which has been digitally signed, so I have the guys
    > public key. I want to send an encrypted email back. But, outlook wont let

    me
    > because *I* dont have a certificate. Is this outlook, or will Mozilla,
    > Eudora, etc all do the same thing? Is it the whole protocol: it wont let

    you
    > use someone elses public key unless you have a key of your own? Seems a
    > great way to make sure that no-one adopts secure email if you ask me.
    >
    > jamie
    >
    >
     
    Tim, Oct 27, 2003
    #15
  16. Jamie Briant

    John Guest

    Jamie Briant wrote:

    > Thats great, but why wont Outlook let me encrypt the outgoing email? It
    > says:
    >
    > "Microsoft Outlook could not sign or encrypt this message because you have
    > no certifiacates which can be used to send from the e-mail address
    > <>"
    >
    > Why do *I* need a certificate when I am trying to encrypt an email using the
    > recipients key????


    If Outlook stores it encrypted in your Sent-box, wouldn't you want to be
    able to read it yourself afterwards? To be able to do that the message
    (well the session key really) needs to be encrypted with your public key
    as well.

    But I don't know if this is how Outlook works...


    Groetjes
    John
     
    John, Nov 11, 2003
    #16
  17. Jamie Briant

    Jimbo Guest

    I'm kinda lost and may be in the wrong message board. If so, sorry!

    I am using OE6 and over the past several months I have been receiving
    an awful lot of spam emails. They are increasing exponentially.
    Including lots of virus containing emails (detected by Norton
    Antivirus). I have some questions:

    1. I have received one email indicating that it was actually sent
    from my email address. It was for some weight loss firm. It definitely
    did not eminate from my address. Is this possible? If so, how is this
    possible? Will this be a thing of the future?

    2. I try to use "tools/block email", while in OE6, to block many
    hundreds of these unwanted emails. Is there a limit to the block email
    list? It seems that the blocked emails don't actually get blocked
    (deleted on arrival)?. Is there a better way to block this unwanted
    stuff?

    3. Lots of unwanted emails come from Microsoft addresses. Can't MS
    stop this?

    Hope someone can help me by answering the above questions, or by
    steering me to the appropriate message board. Thanks in advance.
    Jim
     
    Jimbo, Nov 12, 2003
    #17
  18. Jamie Briant

    Fowl Guest

    Get the Spam sorted on the server, by using something like Mailwasher.
    www.firetrust.com

    Microsoft doesn't send those emails, they are forged.

    Try alt.stop.spamming for further info.

    Dump OE if you can.




    On 12 Nov 2003 09:11:02 -0800, (Jimbo) wrote:

    >I'm kinda lost and may be in the wrong message board. If so, sorry!
    >
    >I am using OE6 and over the past several months I have been receiving
    >an awful lot of spam emails. They are increasing exponentially.
    >Including lots of virus containing emails (detected by Norton
    >Antivirus). I have some questions:
    >
    >1. I have received one email indicating that it was actually sent
    >from my email address. It was for some weight loss firm. It definitely
    >did not eminate from my address. Is this possible? If so, how is this
    >possible? Will this be a thing of the future?
    >
    >2. I try to use "tools/block email", while in OE6, to block many
    >hundreds of these unwanted emails. Is there a limit to the block email
    >list? It seems that the blocked emails don't actually get blocked
    >(deleted on arrival)?. Is there a better way to block this unwanted
    >stuff?
    >
    >3. Lots of unwanted emails come from Microsoft addresses. Can't MS
    >stop this?
    >
    >Hope someone can help me by answering the above questions, or by
    >steering me to the appropriate message board. Thanks in advance.
    >Jim


    To Reply Use: madballs64 (at) gmx (dot) net
     
    Fowl, Nov 12, 2003
    #18
  19. Jamie Briant

    Hank Guest

    Try going to this site and download MailCheck. From that program you
    will be able to send "forged" email addresses.
    http://ppsoft.dk/Mailcheck_eng.htm

    Hank From Pa


    On 12 Nov 2003 09:11:02 -0800, (Jimbo) wrote:

    >I'm kinda lost and may be in the wrong message board. If so, sorry!
    >
    >I am using OE6 and over the past several months I have been receiving
    >an awful lot of spam emails. They are increasing exponentially.
    >Including lots of virus containing emails (detected by Norton
    >Antivirus). I have some questions:
    >
    >1. I have received one email indicating that it was actually sent
    >from my email address. It was for some weight loss firm. It definitely
    >did not eminate from my address. Is this possible? If so, how is this
    >possible? Will this be a thing of the future?
    >
    >2. I try to use "tools/block email", while in OE6, to block many
    >hundreds of these unwanted emails. Is there a limit to the block email
    >list? It seems that the blocked emails don't actually get blocked
    >(deleted on arrival)?. Is there a better way to block this unwanted
    >stuff?
    >
    >3. Lots of unwanted emails come from Microsoft addresses. Can't MS
    >stop this?
    >
    >Hope someone can help me by answering the above questions, or by
    >steering me to the appropriate message board. Thanks in advance.
    >Jim
     
    Hank, Nov 13, 2003
    #19
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. KerplunKuK

    Secure and non secure warnings

    KerplunKuK, Aug 24, 2004, in forum: Computer Support
    Replies:
    8
    Views:
    589
    Blinky the Shark
    Aug 24, 2004
  2. Miss Mary
    Replies:
    1
    Views:
    1,485
    sean.archer
    Sep 21, 2007
  3. Replies:
    0
    Views:
    646
  4. Replies:
    0
    Views:
    858
  5. cade

    Secure Auditor secure your windows

    cade, Apr 28, 2008, in forum: Computer Security
    Replies:
    0
    Views:
    542
Loading...

Share This Page