Tech – for Everyone

Tech Tips and Tricks & Advice – written in plain English.

Continuing adventures in e-mail security

Who’s reading your e-mail? Are you sure it is only the person you sent it to? Could it hurt you, or your business, (or, your marriage?) if someone else was reading it? Wouldn’t it be great if you could ensure that only the intended recipient could read it?

Loyal Friends and True of this series will remember that I while back I wrote a series on using WinPT and GPG to encrypt your e-mail and keep your important conversations private. (If you would like to take a look, click here.) I feel compelled to confess to you, Dear Reader, that the topic was not too well received, and my stats took a bit of a downturn during its run. It is my belief that this was due to the fact that the method described is not one-click simple. It is, in fact, a bit complicated.

In the prior series, I explained (in my limited way) that the encrypting of files, and sending them to someone else, where they then need to decode them, is best done by the exchanging of “keys” in what is called “Public-key encryption” (for Wikipedia’s explanation on that, click here). I will not be lecturing on that today.. though, I invite you to click the link if you’re interested in (or curious about) cryptography.

It is not hard to understand how encrypting your writing — so that it can travel across the Internet in an unreadable format — is a “good thing”.. a desirable thing.. and would have serious benefits. The encrypting of e-mails is often required by businesses, and they install cool (and expen$ive) machines on their networks that automatically encrypts all company e-mail. But what about us? Here at home? How do we do it? Can it happen automatically.. like it does at our job? Well, yes and no. The first step is to get yourself a “key”. (GPG allows you to generate keys, btw.)

I mentioned in yesterday’s article that I had started using a new (to me) e-mail client (Windows Live Mail) to access my webmail accounts. Live Mail, and all other e-mail clients (Outlook, OE, Thunderbird, etc.) natively support the use of “keys”, and allow you so “sign” and/or encrypt your e-mail with a single click… assuming you have taken a couple of steps first.
You may have noted that I have been putting the word key inside quotes; that’s because when I’m speaking at the level of how crypto works, I am actually speaking about algorithms and when I talk about using those keys, I am talking about “Certificates”. To encrypt your e-mail you need to get a Certificate… which is really a key (pair). Confusing, I know.

Tip of the day: Get a Certificate for your e-mail account(s). There are several Certificate Authorities that offer free Certificates for the personal use in e-mail, but I have found that if you are using any Microsoft products.. or you suspect that your recipient(s) may be using Windows and/or Outlook (which is a fairly good bet), you want to get your e-mail certificate here:
Today’s free link: Comodo Free Email Certificateimage 

Fill in the form, and use the e-mail address that you want to protect with encryption (If you use more than one e-mail address regularly, repeat this process for each one: each account needs its own Cert), and click on the “Advanced Private Key Options” link, and place a check in the “User protected?” checkbox, and enter a “Revocation password (twice). Click “Agree & Cimage ontinue”.

A window will open telling you that a Certificate is being “requested on your behalf”.. agree. Now you will see the screen (pictured). Click “OK”.

If all goes as it should, the Comodo webpage will change to a “Congratulations!” page, and instructs you to check the Inbox of the account you created the Cert for. Do so. There will be an e-mail from Comodo containing a link. You will need to click it to complete the process (Copy>Paste links into the address bar of your browser, remember?!).

image

Your e-mail will look like this. When you’ve copy>pasted the e-mail’s link into your browser’s address bar, and requested the Cert download, Windows will then automatically try to install it for you, but needs your permission..

image

Click “Yes” to give it.

image

This tells you you’re done, and now you can digitally “sign” your e-mail.. which is the first real step to exchanging encrypted email.. which I will describe tomorrow.
Now, e-mail a link to this article to the person(s) you want private conversations with, and tell them to click the link and follow the Comodo wizard and get their key.. you’re going to need it. Once you and they do this, encryption is a click away.

The conclusion of this How To is now available here.

Copyright 2007-8 © Tech Paul. All rights reserved.

Share this post :

March 19, 2008 - Posted by | advice, computers, encrypting files, how to, security, tech, Windows | , , , ,

8 Comments »

  1. Just found your site through a Google search re: startup folder. I feel like I just discovered gold! Your RSS feed is now on my live bookmarks bar. I just got new laptop and used Easy Transfer to move settings. All OK for most part except I’m getting a weird error message when Outlook starts:

    Users/Me/App Data/Roaming/Microsoft/Addins/C/Programs~1/Microsoft~2/Office 11/Addins/Outbak.dll is not a valid Office Add In.

    Is there any quick answer as to why I’m getting this? Or how to remove?

    Like

    Comment by June | March 20, 2008 | Reply

  2. June–
    What a nice way to start my day. Thank you for the kind words.
    This problem is due to the fact that there is a (old) reference in the Registry to an Add-In that is not installed on the (new) machine– the MS Outlook Personal Folders Backup tool. [Or, it’s installed, but not exactly in quite the same way/place..]
    The first thing I would suggest may not work, but it’s safe so try it first– that is to re-“register” the DLL. Click Start, the Run and enter this string: regsvr32 “c:\program files\microsoft office\office11\addins\outbak.dll” and then hit Enter.
    If that doesn’t resolve your issue, you’ll need to remove the reference from your Registry.. that is, edit your Registry. Editing the Registry is not for the faint of heart nor the inexperienced, and one mistype or false move can render Windows inoperable. Always make a backup of the Registry (Export) before making any edits.
    Please look to http://support.microsoft.com/kb/319900. Here you will find the instructions for this issue in Office 2002. The procedure is correct, you will simply (mentally) substitute any reference to “Office10” with “Office11”.
    [Shameless self-promotion:] Of course, I should mention that Aplus Computer Aid (http://aplusca.com) is open 9am-9pm PST, Mon-Sat, and that I can effect these kinds of repairs over the Web.
    I hope this answers your question, and encourage you to help spread the word about Tech–for Everyone… tell your friends!

    Like

    Comment by techpaul | March 20, 2008 | Reply

  3. Thanks for the Info

    Like

    Comment by Blog Newbie | April 10, 2008 | Reply

  4. This is great. I’ve been trying to find an easy way to get family and friends to adopt secure email but it’s been an uphill battle because of the numerous hoops one needs to jump when trying to use Thawte or Verisign. Also, none of us felt at ease having to give out so much personal info to a company just to get a personal email certificate. With Comodo and your how-to it was easy and now everyone is using it.

    Again thanks.

    Like

    Comment by happy reader | July 26, 2008 | Reply

  5. Paul,
    Have you ever heard of freenigma? If yes, what is your opinion of it? Is it similar to comodo?
    K.E.

    Like

    Comment by K. Entwistle | January 7, 2010 | Reply

    • K,
      When I first read about freenigma, it was still in the “beta” stage, (I don’t fool with beta’s usually) but it is now in ‘early release’. I have not tried it yet, but confess I am intrigued.

      No, it is not like Comodo. Comodo is a “Certificate Authority”, which issues you a “certificate” (read “key”) which you can then use with whatever e-mail client you happen to use.. Outlook, Live Mail, Thunderbird, etc. (which can be used to access webmail, such as Gmail, Hotmail, etc.).
      (Freenigma is a tool that uses keys, Comodo is a key)

      Neither solution will really help you with the original question you asked me.. which was (essentially) “how do I do personal e-mail while at work, and make it so the boss can’t read my private stuff”.
      Because the short answer is, you can’t.. so don’t. (Any more than you could come and sit at my machine, and I wouldn’t be able to “know” what you did. Not!)
      E-mail encryption prevents those who would intercept your e-mail as it’s transmitted.

      Like

      Comment by techpaul | January 7, 2010 | Reply

      • Original question aside, if comodo creates the key and freenigma uses keys, then I should obtain (download), install, and do both?
        K.E.

        Like

        Comment by K. Entwistle | January 7, 2010 | Reply

        • K. Entwistle,
          Um.. no, this is more of a do one or the other type of situation. Freenigma will generate the keys it needs (using GPG).

          The advantage to the Comodo certificate is it works with your existing software (e-mail client), and so you aren’t relying on someone doing it all for you.

          Like

          Comment by techpaul | January 7, 2010 | Reply


Leave a Reply to Blog Newbie Cancel reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: