Advertisements

Archive for August, 2013

Getting started with S/MIME-encrypted email

Just because you can’t protect the metadata of your email doesn’t mean you don’t have a right to protect the actual content of your messages, whether-or-not you feel you have “nothing to hide.”

Would you send all of your mail on the back of a postcard? Probably not, because it’s just none of some peoples’ business.

There’s a lot of material out there on how to use PGP/GPG for encrypted email, but it’s difficult to get started with and required some moderately-technical know-how. S/MIME is much easier, requiring only a bit of time, a few mouse clicks, and most importantly, an S/MIME-compatible mail client.

Here’s a list of a few common clients and whether they are natively S/MIME-compatible or not. Note that I’m considering the latest version of available software. If I’m wrong, please feel free to correct me in the comments :)

  • Webmail (reading email using your web browser) – NO (not without a plugin)
  • Outlook – Yes
  • iPhone / iPad (iOS) – Yes
  • Android – NO

So, how to get started?

First, you need to get an S/MIME certificate.

Here’s a link to a few providers known to provide free S/MIME certificates for at least personal use:

  1. Go to the above CA (Certificate Authority) and get a free certificate. That certificate will install in your browser. For this example, I’ll show you how to get a Comodo certificate installed. First, click the above URL. You’ll be taken to a page where your browser will prompt if you wish to perform a certificate operation. Say yes.
  2. Next, fill out the web form. Your first and last name and email address are essential parts of the email certificate, so use your real ones. Create a long and strong revocation password, and save it in a safe place. You’ll need it if you ever decide to revoke your certificate.
  3. Once the certificate is installed in your browser, you’ll need to export it to move it to your applications.

Exporting from Internet Explorer 10:

  1. Open Internet Options > Content > Certificates and you’ll see your certificate under the Personal tab. Click it and click Export
  2. Select ‘Yes, export the private key’ (you’ll need this to encrypt email!), and accept the default options. Make sure you add a long and strong password. Eventually you’ll be able to click browse, select a location and give it a filename, and export it.

Exporting from Google Chrome:

  1. Click the menu button > Settings > Advanced Settings > Manage Certificates and you’ll see your certificate under the Personal tab. Click it and click Export
  2. Select ‘Yes, export the private key’ (you’ll need this to encrypt email!), and accept the default options. Make sure you add a long and strong password. Eventually you’ll be able to click browse, select a location and give it a filename, and export it.

Installing in Outlook 2013

  1. Click File > Options > Trust Center > Trust Center Settings > Email Security. Under Digital ID’s, click Import/Export, and Import the file you exported in the previous steps.
  2. Next, check ‘Encrypt contents and attachments…’ and ‘Add digital signature…’.
  3. Next to the grayed-out Default settings box, click Settings. Since you will likely only have one certificate installed, the default settings are okay. Click Ok. Click Ok two more times to return to Outlook.

If you’re having trouble with Outlook freezing after installing your S/MIME certificate, the workaround originally posted here will take care of the issue:

  1. Delete certificate from User personal store (with IE)
  2. Import certificate from Internet Explorer. Go to IE options > Content > Certificates > Import. Important: Select the option that certificate export is allowed. (You still need the certificate password to do the export.)

Installing to iPhone.

  1. Since you’ve protected your certificate with a long and strong password, simply write an email to an address your phone receives, and attach your certificate.
  2. (Workaround for Outlook freezing when trying to send this email: Click the view tab, then turn off sign and encrypt before sending.)
  3. Once that email arrives, open it on your iPhone, and tap the attachment. When Install Profile appears, install it, providing the certificate password when prompted.
  4. Now, activate S/MIME signing and encryption by going to Settings > Mail, Contacts, Calendars > (your email account) > Account. Turn S/MIME on and turn on sign and encrypt, clicking Done when done.

Have any feedback on the above, or like to add anything I may have missed? Please feel free to do it in the comments sections below. Thank you!

Advertisements

Leave a comment

Personalizing your YubiKey in a Windows VMware virtual machine

I was initially frustrated at the apparent lack of a ready-built package for customizing the Yubikey for any Linux distro other than Ubuntu, until I found out that you can use a VMware virtual machine to do it.

First, download the Windows personalization tools from:

http://www.yubico.com/products/services-saoftware/personalization-tools/use/

Next, open the .vmx file of your Windows VMware image in your favorite text editor

Add the following line at the end of the .vmx file:

usb.generic.allowHID = "TRUE"

Save the .vmx file and start the Windows VMware image

From: http://forum.yubico.com/viewtopic.php?f=6&t=653

Leave a comment

QoS bug in Netgear WNDR4300 V1.0.1.42 will kill your Internet speed

The Netgear WNDR4300 is seemly a great router, with one huge flaw in the QoS system.

Without going into a great deal of explanation, Quality of Service (QoS) is a technology that prioritizes network packets to keep sensitive transmissions (such as online gaming, VoIP, etc) strong while slowing down other connections when bandwidth becomes limited. It does this by slowing down transmissions on certain groups, or “classes” of traffic. The most important thing QoS needs to know to work properly is the speed of your Internet connection.

If you go to Advanced > Setup > QoS setup you’ll see that this Netgear router has a handy-dandy feature that will automatically detect your upstream bandwidth. This is great because most ISP connections limit the upstream to a far-lower amount than the downstream, so as long as the upstream number is accurate, traffic can be managed appropriately.

Here’s the problem: It’s badly broken. Very badly.

Take a look at the following screenshot, which shows my router after having clicked the “Check” button to have it detect my upstream bandwidth:

qos_236k

Well, that can’t be right, but okay, let’s go with it. Now, I perform a Speed Test:

2885618596

That’s spot on with what was detected, but far slower than my ISPs advertised rate.

So what’s the solution to this? Simply uncheck the bandwidth limiting option, or select “Uplink Bandwidth” and enter the speed manually. Then you can get your full connection speed, like so:

29033691321

You don’t want to know how much time or frustration it took me to find this issue.

Leave a comment