Encrypted Email
In the recent past, the governments have given the telecommunication companies free 'reign' and they catch each and every email that is sent. Advertising companies pay them tons of money for this data mining. Not to mention it's a breach of The Constitution. I felt it would be nice for some people to not be a statistic.
Digital ID's are a way of encrypting your email so that only the people in the conversation can read them. Most people don't really care what they say in email but, that doesn't matter. You don't want any prying eyes.
The Encryption takes place between a private key and a public key. The private key is only held on your computer and nobody else can get that key unless you allow them to. The Public key is for distribution so that people can encrypt your email. This key is ONLY responsible for "ciphering" or "encrypting" YOUR email. You cannot "decipher" or decrypt the message without the private key.
In Cryptographics there are 1024, 2048, 4096, 9068 bit encryption. NOBODY has been able to break these ciphers, ever. It's the same thing when you shop online. !!!! !!! The only exception is when the merchant holds credit card numbers in a way that are unencrypted, or a bank leaves unencrypted information around. Only then you'll see ID Theft. In these days in age we are becoming more aligned to computers to communicate, shop, get news, or just browse for whatever.
There is increasing internet identity theft going on and I am going to help you stay somewhat clear of that. Follow these instructions, and have your friends and family follow these instructions, you won't have much to worry about.
I can't even count how many viruses I cured from computers dealing with social sites without digital signatures that have a "community affliation" such as MySpace or FaceBook. This could all be avoided by cheking digital signatures or SHA-1. If you need more info, please contact me.
This is free and takes about 10 minutes
TABLE OF CONTENTS: Getting your SSL Certificate - If it isn't already, Set IE as your Default Browser. You can change it back after this is done.
Getting your SSL Certificate
Configuring it into Outlook
Exporting it for use on other machines that you use AND own
Exporting your public key for contacts to send you encrypted email
Importing your SSL Certificate for other machines that you own
Importing your SSL Certificate for your PDA to Digitally sign and encrypt email
Importing your contacts public key to send them encrypted email
Send a Digitally Signed or Encrypted Email
Do this by opening Internet Explorer and click on the following:
Tools, Options, Programs, "Make Default Browser"
Click here to open the site to get your SSL
Fill out your First, and last name
Then click on the "Advanced Private Key Options" and make it exportable. You can also get a 4096 bit or lower key from the dropdown menu. MAKE ABSOLUTE SURE "Allow Export" is ON or Checked
The revocation password instructions speak for itself.
Before you fill any info out, it may ask you to install the ActiveX control by right clicking it on the top of the browser window and selecting "Run". It's the SSL certificates for the site, there is nothing else being installed on your computer. Make sure you do that first, or it will wipe out all your data in the window and you'll need to start all over again.
Complete the application by clicking "Agree and Continue" and it will install the first part of the SSL email encryption on your computer.
You will get an email in about 3 minutes, in that email you will be prompted to click on a box that will take you back to that site to retrieve your Digital ID.
See the next step for configuring it into Outlook 2007
Back to the Table of Contents
Configuring your Digital ID in Outlook -
This is pretty quick
Outlook 2007: Tools > Trust Center > Email Security. Click the settings box and you'll see that your SSL certificates are there. Click ok and you are done..(See Below)
Outlook 2000-2003: Tools > Options > Security > Click "Settings" In "Encrypted email" and you'll see that your SSL certificates are there. (See Below)
In Outlook Be Sure that "S/MIME" is selected in the dropdown box with the arrow to the right of it. and be sure the "Send These Certificates with Signed Messages" is selected
Click ok and you are done..
Exporting your key for use on other machines that you use AND own -
If you want to use this Digital ID on other machines to Digitally sign and Encrypt Email you must do the following
Open "Internet Explorer"
Tools
Options
Content tab
Certificates button (in the center)
In the Personal tab you will see your Digital ID. Click on that (one click) and then click export below it.
You will see the MS Certificate export wizard pop up and hit "Next"
You will want to export the Private key so click Yes and next.
NOTE: DO NOT Give that key out to anyone. Import it on another computer and then put it in a safe hidden place or delete it.
The Radio button for PFX file will already be selected and you can select the box under that, and clear all other boxes of checkmarks.
Click Next
Choose a password that you will remember for this key when importing it. Then click next
Choose a place to save it to with the full path name (e.g. "C:\MyKey")
Click next and then Finish.
The key will be ready for you in the path and filename you selected.
Exporting your public key for contacts to send you encrypted email - Importing your SSL Certificate for other machines that you own -
Send any message with your Digital Signature
Back to the Table of Contents
Importing instructions for use on other PC's:
Right click on the file on the new PC
"Install PFX"
The "Certificate Import wizard" will pop up
Click Next
and verify the file name
Next
Enter the password you gave that key
You can choose to let the key be exportable again or have strict guidelines for use in the check-boxes but make sure the "Include all extended properties" is CHECKED
Next
"Automatically select the certificate store"
Next
Finish
Follow the instructions above for outlook or see your use manual on how to set up digital ID's in your email program.
Importing your SSL Certificate for your PDA to Digitally sign and encrypt email -
Move the ".pfx" file to a known folder on your PDA from your computer
Navigate on your PDA to the folder you stored the pfx file in
Click on the PFX file and it will ask you for your password
There will be a "warning box" when the certificate installation is complete
Go into "ActiveSync"
Menu
Options (You have to have the USB Cable unplugged for this)
Select the email that is checked.
Click Settings
Click Advanced
Click "Choose Certificate"
You will see your certificate in there and click on it then press the select soft button
At this point you can select whether you will sign all your email or encrypt all your email.
Importing your contacts public key to send them encrypted email -
Outlook Instructions:
Open the contact of the Digital ID's owner. In the top ribbon you will see "Certificates"
"Import" on the right
Find your "friend's" Digital ID that they sent you. And double click on it.
If you don't have their proper email in the field you can fix it later. You will get an error if that happens.
If you don't know their proper email, you can select the Certificate and to the right you will see properties.
In the Details tab look for "Subject" and that will tell you the proper email to use for their contact.
Send a Digitally Signed or Encrypted Email -
When composing a new email, you will see two "envelopes" in the toolbar. One has an "Award" by it and one has a Padlock. You can Digitally Sign it by clicking on the "award" icon with the Mail icon under it, or you can encrypt it with the padlock.