Tech – for Everyone

Tech Tips and Tricks & Advice – written in plain English.

How to encrypt your e-mail, the easy way

Great! You have exchanged e-mails with Comodo, and completed the free certificate installation {and so has the person(s) with whom you want to exchange private messages} as I described in the proceeding article. That was easier than you thought, right? You are now mere clicks away from simple-and-easy private exchanges.
All we have to do is associate the new certificate with the (appropriate) e-mail account. Once that is done, the encryption will be virtually transparent.. as in “automatic”.

1) Verify install (Optional): Open an instance of Internet Explorer (if it isn’t already) and click on the “Tools” menu item in the upper-right. Select “Internet Options” from the Context Menu. Now click on the “Content” tab. Look to the middle for the “Certificates” button, as shown below.
IOs 
Now you should see your new Certificate listed…
Certs 
As shown here. If you don’t see this, it means that Windows did not complete the certificate installation. You will need to re-open the Comodo e-mail, and revisit the link, and repeat the Install process.
But, that’s thinking negative, so let’s proceed as if everything (so far) looks right.

2) Associate Cert with e-mail: Close IE and open your e-mail client. In my screenshots I am using Live Mail, but the process steps apply to Mail, Outlook, and OE as well. (Thunderbird and AppleMail are slightly different menu choices, but the principle is the same.) Click on “Tools”, and then select “Accounts”.
This will list your configured e-mail accounts.
Accts 
Select the account you requested the Certificate for by clicking (once) on it, {For demonstration purposes, I am associating the Cert with this site’s e-mail account.} and then click on the “Properties” button. Select the “Security” tab.
AcctProps 
Start by clicking the “Select” button for the “Signing certificate”..
SetCert 
And click on the certificate shown (if you have more than one personal Certificate showing, use the dates issued to choose the correct one) and then “OK”. Repeat this for the “Encrypting preferences” “Select” button.
Your e-mail account is now “Certified”! And you are ready for…

3) Send a “Signed” e-mail to your friend: Address a “New” e-mail to the person(s) you want to exchange encrypted messages with, and click the “Sign” button, then “Send”. By “signing” your e-mail, you are sending them your “Digital ID” and a copy of your “public key”.
image
4) Have the other party do #3 to you: Having the other party send a “signed” e-mail to you, gives you a copy of their DID and their public key. Now you both have the keys you need to exchange secure, private, encrypted e-mails to each other.

5) Click the “Encrypt” button before you click “Send”: That’s it.. it is now that simple. Your e-mail will appear in their Inbox like this..
Enc1 
And when they open it (no special actions needed) they will see this…
Enc2

.. and visa versa. From now on, it will be so smooth and easy, you might begin to wonder if your mail really is being scrambled/unscrambled. (It is.)

To read the How to on getting the free e-mail Certificate (part 1 of this article), click here.

Copyright 2007-8 © Tech Paul. All rights reserved.

Share this post :

March 21, 2008 Posted by | advice, computers, e-mail, how to, PC, privacy, security, tech, Windows | , , , , , , , , , | Leave a comment

Wow! + Securing your e-mail, Part 5

Folks, I am just not sure that I have it in me to write today — I’m still staggered by yesterday’s Super Bowl. I’m reeling. Stunned. And.. chagrined.
At the very start of the season I predicted (to anyone who would listen) that the New England Patriots would win the Super Bowl. I repeated this prediction — with growing assurance — each week.
(“But what about the Colts?” was the main objection/reaction I received.)

The omniscience of my prediction was bolstered by an undefeated season, and the Pats went into yesterday’s game something like 12-point favorites. They were playing (against) a wildcard team (only once before has a wildcard team made it all the way to Super Bowl victory) led by a young and untested QB.
I think you can figure where I placed my bet. Who could not say that the Patriots were the best team this year?
Wow. The reality was like a Disney movie. I expect the scientists to announce that the Earth’s magnetic poles have flipped positions any day now.

Now, back to work:
Now that we have WinPT installed and configured, it is time to start using GPG to encrypt our e-mails. Our public and private keys have been generated, and our public key is has been made into a transferable file (“Export”).

But first, lets review:
a: You will have downloaded and Installed WinPT, as I described in Part 3 of this series. (Those of you using a e-mail client other than Outlook Express will also need to download+Install the appropriate “plug-in”.)
b: And you will have configured the encryption program (GPG) and generated your keypair, as described in Part 4.
c: Those of you using Outlook Express (as I am for this demonstration) also need to launch the OE plug in (GPGOEInit). Simply click on it in the WinPT folder of your Programs list. Start >All Programs >Windows Privacy Tools >GPGOEInit. (also, please note the “Documentation” option.)
gpgoe.jpg

If you have played along, you should see two icons in your System Tray (by the clock), the WinPT “key”, and the OE plug-in’s “padlock”.
icons.jpg
d: You will also have “Exported” your private key, and sent your key to the person(s) you want to exchange encrypted e-mail with. (The documentation, and my previous articles, discuss key exchange methods.) They will use your key to encrypt the e-mails they send to you.

Congratulations! You have come far. But, it should be fairly clear that for encryption to work, both ends of the transaction need to have the encoding/decoding tools– in short, the person you are exchanging encrypted messages with also needs to have GPG installed, and they will have needed to send you their public key (which you will have “Import”-ed onto your keyring).
If they have not (yet) installed WinPT/GPG, you can point them to this series by copy>pasting this URL https://techpaul.wordpress.com/2008/01/28/whos-reading-your-e-mail-part-1/ and sending it to them.

If these thing are in place, open OE and create a new message.

send.jpg

When using GPG, the appropriate method to encrypt the message is to issue a hotkey command: when your e-mail is typed and ready to go out, hit Ctrl+Alt+E. You will see a WinPT window tell you that the encryption was successful. Now click Send.
When you receive an encrypted message, open it and hit the Ctrl+Alt+D key.

The screenshot below shows the sample e-mail (encrypted) as viewed by a machine which does not have GPG capability. This is how it looks to anyone who might intercept it.
scrambled.jpg

Clearly, this “after” picture is quite a bit different than the “before” picture, and my e-mail is unreadable by unwanted eyes.
Now you can safely and securely exchange sensitive, private, e-mail with only the intended recipient.

I will continue this series with more ways to use WinPT/GPG, and describe other tools/methods for encrypting e-mail, but will take a bit of a break before doing so — there is much in news I want to discuss first.

[Please note: the e-mail accounts and keys shown were temporary and have already been deleted.]

Today’s free link: For many people, the best part of any Super Bowl is the commercials. If you would like to view this year’s ads again, click here. You can even vote for your favorite.

Copyright 2007-8 © Tech Paul. All rights reserved.

Share this post :

February 4, 2008 Posted by | advice, computers, encrypting files, IE 7, PC, privacy, security, tech, Windows | , , , , , , | Leave a comment

Encrypt your e-mail for privacy+security, Part 2

While e-mail is wonderfully efficient and fast (not to mention, free), it is not a terribly private nor secure communications medium. As I mentioned in the introduction to this series, Who’s reading your e-mail?, e-mail is transmitted in very-easy-to-open plain text (or HTML), travels through many different devices, and sometimes gets mis-delivered, or lost.. or ‘stolen’.

There are times when the material we need to communicate to someone else could really hurt us if the wrong eyes saw it. Some things should remain “confidential” (For Your Eyes Only) or/and private (Top Secret). These subjects may be your account numbers, business plans, bids or cost-estimates, love letters, travel plans, and whatnot. Unencrypted e-mail is really not the way to transmit these things.

Tip of the day: Encrypt your private communications. This series of articles will tell you how to implement a free method of encrypting your e-mail messages using GPG.
(For those readers who took my advice in yesterday’s article and looked at the description of Public-key cryptography on Wikipedia, this next will be review…) GPG uses “keys” to encrypt and decrypt files, as do most such tools. The problem with encrypting communications is — how do you give a copy of the key (so they can ‘unlock’ the file you have ‘locked’) to the person you’re sending to?
This dilemma is solved with the concept of key pairs– we are going to use GPG to generate a key pair: a “public” key, which we can send to anyone we like (or publish, for all to see), and one “private” (aka “secret”) key. It will take both keys for the system to work. (As the name implies, it is rather important to keep your private key to yourself… and to store a copy in a safe location.)

The way it works is:
1) you will encrypt your file/letter using your private key. Which you then Send to your intended recipient.
2) Your recipient uses you public key to decrypt and read your letter/file.

When your correspondent wants to send you a reply:
1) they encrypt it using your public key, and..
2) you decrypt the reply with your private key.
It takes both keys to work, and only you will have the private key.

The tool we are going to use, GPG (as part of WinPT [Windows Privacy Tools]), is quite flexible and adept, but works best (at encrypting e-mail) as a “plug-in” for your e-mail client (Outlook, Thunderbird, Outlook Express, ie.)
and your ‘private’ e-mail accounts.. such as the account your are provided with by your ISP.
(I will, also, demonstrate how it can used with browser accessed “web mail” accounts, such as the free services like Hotmail, Gmail, and Yahoo Mail.)

Those of you already using a client to access and mange your e-mail accounts will simply have to download GPG (Apple) or WinPT (and the appropriate plug-in) and install it, generate a key pair, and send your public key to those folks you want private correspondence with. Once that’s done you will be able to either automatically encrypt your e-mails (and their attachments), or right-click >encrypt.
WinPT comes with a built-in Outlook Express plug-in; and GPG offers plug-ins for the popular e-mail clients, and some of the less-popular clients too, such as Apple Mail and Eudora. For a complete list of compatible e-mail clients, click here.

For those of you who typically log into your e-mail via a web browser (IE, Firefox, etc.), I believe that in the long run — if you want to encrypt your mail — you will find it easier to get into the habit of using a client instead. I will be using Outlook Express for my demonstration (since all Windows machines come with it), but for everyday use I recommend using today’s free link.

To skip to Part 3, click here.

Today’s free link: I have posted this free tool before, but since it is so in-step with our topic (and it’s a darned-good program to boot) I will repost it. Thunderbird 2, from Mozilla. Access and manage various accounts from one place, and get great spam filtering.

Copyright © 2007-8 Tech Paul. All rights reserved.

Share this post :

January 30, 2008 Posted by | advice, Apple, computers, encrypting files, how to, PC, security, tech, Windows | , , , , , , | 3 Comments

Safer e-mail: HTML and image spam

There has been a shift in e-mail away from simple “plain text” format to the more dynamic HTML ‘language’. This is due, in large extent, to the popularity of the Web-based e-mail accounts (GMail, Hotmail, Yahoo Mail) which has led most of us use our Web browser to access our Inboxes. HTML is (one of) the language(s) used to build websites.

There are many advantages — particularly to businesses — to using HTML to create an e-mail: HTML allows special fonts, colors, and characters, advanced formatting, and the embedding of images — such as the corporate logo. However, the very same characteristics of HTML which allows hackers to created poisoned websites allows them to create poisoned e-mails (which can infect your computer with malware, and allow a hacker to gain a “backdoor” to your system).

Tip of the day: Thwart the bad guys, set your e-mail client to “view as plain text”. (If you use Web-based mail, these changes can be made to your Settings as well; usual found in the E-mail Options menu.)
When HTML is viewed as plain text, the dynamic aspects (the dangerous ones) no longer issue commands but appear as ‘gibberish’, and the images are not downloaded to your browser (the very act of which tells a spammer that your e-mail address is valid).

When viewed as plain text, an HTML e-mail will look something like this…
> Content-Type: text/html; charset=ISO-8859-1 MIME-Version: 1.0
> Message-Id: 200801027772801.B6301EA@www.acme.com
> Date: Wed, 2 Jan 2008 12:28:01 -0500 (EST)
> X-NAS-Language: Unknown
> X-NAS-Bayes: #0: 1.83836E-098; #1: 1
> X-NAS-Classification: 0
> X-NAS-MessageID: 12651
> X-NAS-Validation: {5D10C463-FDBA-462F-8117-435D5F76DB08}
>
> <!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN”

…which is quite different than, “Hi Joe! What do you know?” But if you scroll down through all that ‘gibberish’ (HTML code), you will come to the > <body> entry, which is the “meat” of the e-mail, and you’ll see..
> <body>Hi Joe! What do you know?</br>
…ignore the funny code and you’ll be able to read your e-mail without fear of “drive-by” worms and trojan horses, exploit code, giving away your address; and, you’ll — over time — reduce the amount of spam you receive.

I’m going to demonstrate changing your Settings in Outlook Express, but the method applies to other clients as well…though the menu names/locations may be slightly different.
Click on the Tools menu and select “Options”. You are going to change the way you read your e-mail, so click on the Read tab.
oe_opts.jpg
Find the setting for “Read as plain text” and select it– In OE, that means placing a check in the checkbox “Read all messages in plain text”. The “Apply” button will become active: click on it to effect the change.

Now click on the Security tab. Because spammers and hacker use images as their attack vector, and to bypass your spam filter, (images are downloaded from a server: the e-mail itself only contains a link), we’re going to block embedded images.
oe_opts2.jpg
Place a check in the “Block images and other external content in HTML e-mail” and click the Apply button. That’s it, you’re done.

*When an occasion occurs that someone sends you an e-mail that has a graphic embedded that you do wish to see — a map, say — open this tab and uncheck the checkbox and view the email. When you’re done, set it back to the protected mode.

Today’s free link: Glary Utilities. From website: “Glary Utilities is the #1 free, powerful and all-in-one utility in the world market! It offers numerous powerful and easy-to-use system tools and utilities to fix, speed up, maintain and protect your PC.

Copyright 2007-8 © Tech Paul. All rights reserved.

Share this post :

January 3, 2008 Posted by | advice, computers, how to, PC, security, spam and junk mail, tech, Windows | , , , , | Leave a comment