Friday, September 19, 2008

If that email is supposed to be private, then really make it private, encrypt it! And Comodo is offering free Personal Certificates to help you do just that…

Huddled Masses - Be a responsible geek - encrypt your email (free)

“…

Anyway. The point of this email is to point out that Comodo (one of the biggest SSL Certificate vendors, and one who’s trust certificates are pre-installed on Windows) is giving away free secure email certificates which you can use in Outlook, Thunderbird, or whatever your favorite email client is. They’re actually on the recommendation list from Microsoft, but inexplicably listed under “other” office versions (they work fine in Outlook 2007, just to be clear).

All you need to do now is run off and sign up and then tell all your friends and family to do the same thing.”

Once you run through it once (which Comodo helps you with), setting up and using encrypted emails is not hard at all, at least in my email client of choice, Outlook. It takes a little coordination with friends and family, but again, once past the initial setup phase (i.e. their getting their own certs, adding your public key to their Contact list, etc) using it is easy as pie (why is pie easy?)

And let me tell you, encrypted emails are a pain if you’re on the outside trying to peek into them. Professionally I’ve had to deal with encrypted emails, and if you don’t have a certificate to decrypt the email, then you are pretty much out of luck (unless you have the NSA behind you, etc). Once you encrypt an email, ONLY the person with the right key can decrypt it.

It works by using Public/Private key encryption. You use someone’s Public key to encrypt an email and then the only way to decrypt it is via that person’s Private key (which is something they keep very secure and secret)

It’s this Public key exchange that is the initial hard part.

The way I’ve found it easiest, is to send them a Digitally Signed email. This email will contain your Public key (which can then be used to verify that email has not been tampered with in transmission). Once they get that message, in Outlook, I have them right click on my name and “Add to Contacts”. This will take my Public key and add it to their Contacts record of me/my email address (or update their record of me, adding my Public key to it).

From then on, Outlook will be smart and when they send me (i.e. that same email address) an encrypted message, Outlook will look up my Public key in their Contacts list and use that. All auto-magically and with no fuss or muss…

While it’s not super easy, it’s really not all that hard either and the security you gain is hard to beat.

IMPORTANT NOTE: Don’t loose your Certificates (your Private key)! Without that you WILL NOT be able to open those encrypted emails that were sent to you…

2 comments:

problem with comodo free ssl certificate said...

Hi Greg, I was wondering if you could help me. I've got comodo's free certificate for emailing but I get this pop up error message that says "Windows Live Mail was unable to locate the digital IDs of the following recipients". Do you know where I'm going wrong and could you offer some advice, I'd really appreciate it.

Gary

Greg said...

Part of encrypting messages is that it's a two way street, that both you and them need cert's.

When you send them a message, you (WIndows Live) will use their public key to encrypt the message. At that point the only way the message can be encrypted is with their private key.

So Windows Live needs their Public Key, which is what Windows Live is asking for in its Digital ID request...

Does that make sense?