Continuing adventures in e-mail security
Who’s reading your e-mail? Are you sure it is only the person you sent it to? Could it hurt you, or your business, (or, your marriage?) if someone else was reading it? Wouldn’t it be great if you could ensure that only the intended recipient could read it?
Loyal Friends and True of this series will remember that I while back I wrote a series on using WinPT and GPG to encrypt your e-mail and keep your important conversations private. (If you would like to take a look, click here.) I feel compelled to confess to you, Dear Reader, that the topic was not too well received, and my stats took a bit of a downturn during its run. It is my belief that this was due to the fact that the method described is not one-click simple. It is, in fact, a bit complicated.
In the prior series, I explained (in my limited way) that the encrypting of files, and sending them to someone else, where they then need to decode them, is best done by the exchanging of “keys” in what is called “Public-key encryption” (for Wikipedia’s explanation on that, click here). I will not be lecturing on that today.. though, I invite you to click the link if you’re interested in (or curious about) cryptography.
It is not hard to understand how encrypting your writing — so that it can travel across the Internet in an unreadable format — is a “good thing”.. a desirable thing.. and would have serious benefits. The encrypting of e-mails is often required by businesses, and they install cool (and expen$ive) machines on their networks that automatically encrypts all company e-mail. But what about us? Here at home? How do we do it? Can it happen automatically.. like it does at our job? Well, yes and no. The first step is to get yourself a “key”. (GPG allows you to generate keys, btw.)
I mentioned in yesterday’s article that I had started using a new (to me) e-mail client (Windows Live Mail) to access my webmail accounts. Live Mail, and all other e-mail clients (Outlook, OE, Thunderbird, etc.) natively support the use of “keys”, and allow you so “sign” and/or encrypt your e-mail with a single click… assuming you have taken a couple of steps first.
You may have noted that I have been putting the word key inside quotes; that’s because when I’m speaking at the level of how crypto works, I am actually speaking about algorithms and when I talk about using those keys, I am talking about “Certificates”. To encrypt your e-mail you need to get a Certificate… which is really a key (pair). Confusing, I know.
Tip of the day: Get a Certificate for your e-mail account(s). There are several Certificate Authorities that offer free Certificates for the personal use in e-mail, but I have found that if you are using any Microsoft products.. or you suspect that your recipient(s) may be using Windows and/or Outlook (which is a fairly good bet), you want to get your e-mail certificate here:
Today’s free link: Comodo Free Email Certificate
Fill in the form, and use the e-mail address that you want to protect with encryption (If you use more than one e-mail address regularly, repeat this process for each one: each account needs its own Cert), and click on the “Advanced Private Key Options” link, and place a check in the “User protected?” checkbox, and enter a “Revocation password (twice). Click “Agree & C
ontinue”.
A window will open telling you that a Certificate is being “requested on your behalf”.. agree. Now you will see the screen (pictured). Click “OK”.
If all goes as it should, the Comodo webpage will change to a “Congratulations!” page, and instructs you to check the Inbox of the account you created the Cert for. Do so. There will be an e-mail from Comodo containing a link. You will need to click it to complete the process (Copy>Paste links into the address bar of your browser, remember?!).
Your e-mail will look like this. When you’ve copy>pasted the e-mail’s link into your browser’s address bar, and requested the Cert download, Windows will then automatically try to install it for you, but needs your permission..
Click “Yes” to give it.
This tells you you’re done, and now you can digitally “sign” your e-mail.. which is the first real step to exchanging encrypted email.. which I will describe tomorrow.
Now, e-mail a link to this article to the person(s) you want private conversations with, and tell them to click the link and follow the Comodo wizard and get their key.. you’re going to need it. Once you and they do this, encryption is a click away.
The conclusion of this How To is now available here.
Copyright 2007-8 © Tech Paul. All rights reserved.
| Share this post : |  |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
8 Comments »
Post your Comment/Question
• About Tech Paul
I am a Retired computer & network technician. I used to think the machines were pretty cool. Now I don’t.
They’re anything but.
I regularly posted how-to’s and tricks & tips and general computing advice here starting in 2007. (Use the Search tool to find answers. But be aware, many are rather dated.) Sometimes I answered (your) specific questions in an article if I believed the answer was generally helpful to “everyone”. All the writing you see was my own, typos and all. There always is/was an implied “IMHO” in what you see here.
Note: You are responsible for using this blog and its content. I am in no way liable for any losses caused by user error, viruses and/or other malware, hardware or software failure, or any other conceivable reason.
-
Say "thank you!" Buy Tech Paul a cup of coffee (and keep T4E ad free).
-
-
McAfee® Cybersafety Resource Portal, an online help center designed to assist victims of computer crime and provide information on how to avoid becoming a victim.
-
Subscribe to Tech--for Everyone by EmailRecent Comments
-
-
-
-
Also:
-
-
Tech - for Everyone 
Just found your site through a Google search re: startup folder. I feel like I just discovered gold! Your RSS feed is now on my live bookmarks bar. I just got new laptop and used Easy Transfer to move settings. All OK for most part except I’m getting a weird error message when Outlook starts:
Users/Me/App Data/Roaming/Microsoft/Addins/C/Programs~1/Microsoft~2/Office 11/Addins/Outbak.dll is not a valid Office Add In.
Is there any quick answer as to why I’m getting this? Or how to remove?
LikeLike
June–
What a nice way to start my day. Thank you for the kind words.
This problem is due to the fact that there is a (old) reference in the Registry to an Add-In that is not installed on the (new) machine– the MS Outlook Personal Folders Backup tool. [Or, it’s installed, but not exactly in quite the same way/place..]
The first thing I would suggest may not work, but it’s safe so try it first– that is to re-“register” the DLL. Click Start, the Run and enter this string: regsvr32 “c:\program files\microsoft office\office11\addins\outbak.dll” and then hit Enter.
If that doesn’t resolve your issue, you’ll need to remove the reference from your Registry.. that is, edit your Registry. Editing the Registry is not for the faint of heart nor the inexperienced, and one mistype or false move can render Windows inoperable. Always make a backup of the Registry (Export) before making any edits.
Please look to http://support.microsoft.com/kb/319900. Here you will find the instructions for this issue in Office 2002. The procedure is correct, you will simply (mentally) substitute any reference to “Office10” with “Office11”.
[Shameless self-promotion:] Of course, I should mention that Aplus Computer Aid (http://aplusca.com) is open 9am-9pm PST, Mon-Sat, and that I can effect these kinds of repairs over the Web.
I hope this answers your question, and encourage you to help spread the word about Tech–for Everyone… tell your friends!
LikeLike
Thanks for the Info
LikeLike
This is great. I’ve been trying to find an easy way to get family and friends to adopt secure email but it’s been an uphill battle because of the numerous hoops one needs to jump when trying to use Thawte or Verisign. Also, none of us felt at ease having to give out so much personal info to a company just to get a personal email certificate. With Comodo and your how-to it was easy and now everyone is using it.
Again thanks.
LikeLike
Paul,
Have you ever heard of freenigma? If yes, what is your opinion of it? Is it similar to comodo?
K.E.
LikeLike
K,
When I first read about freenigma, it was still in the “beta” stage, (I don’t fool with beta’s usually) but it is now in ‘early release’. I have not tried it yet, but confess I am intrigued.
No, it is not like Comodo. Comodo is a “Certificate Authority”, which issues you a “certificate” (read “key”) which you can then use with whatever e-mail client you happen to use.. Outlook, Live Mail, Thunderbird, etc. (which can be used to access webmail, such as Gmail, Hotmail, etc.).
(Freenigma is a tool that uses keys, Comodo is a key)
Neither solution will really help you with the original question you asked me.. which was (essentially) “how do I do personal e-mail while at work, and make it so the boss can’t read my private stuff”.
Because the short answer is, you can’t.. so don’t. (Any more than you could come and sit at my machine, and I wouldn’t be able to “know” what you did. Not!)
E-mail encryption prevents those who would intercept your e-mail as it’s transmitted.
LikeLike
Original question aside, if comodo creates the key and freenigma uses keys, then I should obtain (download), install, and do both?
K.E.
LikeLike
K. Entwistle,
Um.. no, this is more of a do one or the other type of situation. Freenigma will generate the keys it needs (using GPG).
The advantage to the Comodo certificate is it works with your existing software (e-mail client), and so you aren’t relying on someone doing it all for you.
LikeLike