Mail protection
The time has come for the third part of our article, in which we will tell you about the email encryption plugin for CyberSafe Mail . Recall that in the first part of the article we discussed the possible ways to protect e-mail. In the second part , it was shown how this same email can be hacked.
In the first part of the article, it was noted that using the S / MIME standard is the most reliable way to protect email. But, unfortunately, not the most convenient. There are two main drawbacks - a program is needed that would generate user certificates, and you need to think of a way to exchange public keys.
Based on the analysis of the threats described in previous articles, taking into account the experience and user requests, community opinion on providing source codes, the CyberSafe Mail plugin for Microsoft Outlook was created, eliminating the drawbacks of using S / MIME.
')
As they say, it's better to see once than hear a hundred times. Therefore, we suggest watching the following video , which allows you to get a complete picture of the plugin.
CyberSafe Mail Plugin is an open source product. Anyone can get acquainted with the source code of the plugin .
Consider the advantages of mail encryption plugin:
Of course, we can not fail to mention the shortcomings. Unfortunately, the plugin is currently available only for Microsoft Outlook. However, CyberSoft plans to implement a similar plug-in for other email clients.
In fig. Figure 1 shows the Microsoft Outlook 2016 window (hereinafter referred to as Outlook) with the CyberSafe Mail plug-in installed.
Fig. 1. CyberSafe Mail Plugin Installed
The first on the CyberSafe panel are the certificate management buttons. To start working with the plugin, you need to create your personal certificate (Fig. 2), and also ask your friends / colleagues / relatives to do the same. The plugin uses the OpenSSL open library to encrypt messages. An asymmetric encryption system is used - the message is encrypted with the public (public) key of the recipient, for decryption, the private (private) key of the recipient is needed.
Fig. 2. Creating a certificate
The plugin supports all necessary operations with certificates, namely, creation, publication, search, import, export. After the certificate is created, it is advisable to publish the public key on the key server (enable the Publish checkbox after creation ) so that other users can find your public key and encrypt emails addressed to you. If you did not publish the certificate when you created it or imported the previously created certificate using the Import button, you can publish the certificate using the Public button .
The plugin allows you not only to encrypt a message, but also supports the work with an electronic digital signature. To send an encrypted and signed message, you need to enable both switches — Encrypt before sending and Sign before sending (Fig. 3).
Fig. 3. Creating a new message
The plugin automatically checks the electronic signature and informs the user about it. In fig. 4 shows that the signature is correct. You can also click the Check Signature button to explicitly verify the EDS (Fig. 5)
Fig. 4. The plugin decrypted the message and verified the signature
Fig. 5. Manual checking of digital signature
In fig. 6 shows what an encrypted and signed message arrived. A simple encrypted message is marked as a lock by a plugin, and an encrypted with a signature is a medal. Note that the default message is not decrypted, as it happens in Outlook when you configure S / MIME. In fig. Figure 7 shows what the message looks like in the mailbox's web interface. As you can see, there are two attachments - one with the signature, the other - the encrypted message itself.
To decrypt a message, you need to click the Decrypt button, after which the plug-in will ask for a password (Fig. 8) and, if it is correct, will display the decrypted message (Fig. 9).
Fig. 6. Encrypted message
Fig. 7. Encrypted message in the web interface
Fig. 8. Enter password
Fig. 9. Message text
When the user closes the window with the message, the plugin will ask him: should the message be encrypted (Fig. 10). Such an algorithm makes working with e-mail simultaneously more comfortable and more secure. It is better to leave very secret letters encrypted, to decrypt them you will need to enter the password again. Not very important letters for you can be left decrypted in order not to re-enter the password.
Fig. 10. Leave the message encrypted?
Imagine that you are on vacation, the laptop where the CyberSafe Mail plug-in is installed is left at home, and your colleagues have sent encrypted messages that you need to decrypt. What to do? Most likely, no one in the hotel or Internet cafe will be allowed to install third-party software. And here you will find the portable version of the encryption program CyberSafe Portable Email Encryption useful. Together with your keys, you can write it on a USB flash drive and take it with you. Keys (personal and other users) are placed in the certs subdirectory. Keys can be generated by a free trial version of the plug-in or CyberSafe Top Secret program.
Let's see how CyberSafe Portable Email Encryption works. In fig. Figure 11 shows the S / MIME encrypted message in the GMail web interface. An encrypted message is a regular message with an attachment of the smime.p7m file.
Fig. 11. This is how the encrypted message is displayed in GMail
To decrypt it, you need to download the smime.p7m file to your computer and run CyberSafe Portable Email Encryption. Click the Open button, select the p7m file, then the program will prompt you to select a certificate (the certificates are in the certs subdirectory) and enter its password. After that, the program will display the text of the encrypted message (Fig. 12).
Fig. 12. Portable version for encryption
Similarly, you can write a message (the answer to the sent encrypted message, see fig. 13) and click the Save button. The created p7m file must be attached to an empty message in Gmail. The message created in this way can be decrypted in different email clients, even in the mobile MailDroid (Fig. 14 and 15).
Fig. 13. Reply to message
Fig. 14. Encrypted message in MailDroid
Fig. 15. The encrypted message is decrypted.
The CyberSafe Mail plugin is the most reliable and easiest (as you can see by viewing the video above) email protection.
On the CyberSoft website you can download the products mentioned in the article absolutely free. A 30-day trial version is available for the plugin, and the CyberSafe Portable Email Encryption portable version is free.
In the first part of the article, it was noted that using the S / MIME standard is the most reliable way to protect email. But, unfortunately, not the most convenient. There are two main drawbacks - a program is needed that would generate user certificates, and you need to think of a way to exchange public keys.
Based on the analysis of the threats described in previous articles, taking into account the experience and user requests, community opinion on providing source codes, the CyberSafe Mail plugin for Microsoft Outlook was created, eliminating the drawbacks of using S / MIME.
')
As they say, it's better to see once than hear a hundred times. Therefore, we suggest watching the following video , which allows you to get a complete picture of the plugin.
CyberSafe Mail Plugin is an open source product. Anyone can get acquainted with the source code of the plugin .
Advantages and disadvantages of the mail encryption plugin
Consider the advantages of mail encryption plugin:
- S / MIME encryption standard is used - the most reliable way to protect mail.
- No need to install / use any additional programs, except, of course, the plugin itself.
- Certificates, encryption and decryption of letters are managed from the Microsoft Outlook email client.
- By default, Microsoft Outlook automatically decrypts encrypted emails. If the user moves away from the computer, anyone can get behind his computer and read the correspondence. The plugin asks for a password to decrypt each letter.
- Contains tools for working with electronic signature.
- Messages encrypted by the plugin can be decrypted in other email clients if they are properly configured. In fact, the plugin makes working with S / MIME encryption more convenient, but does not invent new encryption standards, which makes its use more convenient.
- Open source
- The plugin supports all current versions of Microsoft Outlook - 2003/2007/2010/2013/2016.
Of course, we can not fail to mention the shortcomings. Unfortunately, the plugin is currently available only for Microsoft Outlook. However, CyberSoft plans to implement a similar plug-in for other email clients.
Plugin in work
In fig. Figure 1 shows the Microsoft Outlook 2016 window (hereinafter referred to as Outlook) with the CyberSafe Mail plug-in installed.
Fig. 1. CyberSafe Mail Plugin Installed
The first on the CyberSafe panel are the certificate management buttons. To start working with the plugin, you need to create your personal certificate (Fig. 2), and also ask your friends / colleagues / relatives to do the same. The plugin uses the OpenSSL open library to encrypt messages. An asymmetric encryption system is used - the message is encrypted with the public (public) key of the recipient, for decryption, the private (private) key of the recipient is needed.
Fig. 2. Creating a certificate
The plugin supports all necessary operations with certificates, namely, creation, publication, search, import, export. After the certificate is created, it is advisable to publish the public key on the key server (enable the Publish checkbox after creation ) so that other users can find your public key and encrypt emails addressed to you. If you did not publish the certificate when you created it or imported the previously created certificate using the Import button, you can publish the certificate using the Public button .
The plugin allows you not only to encrypt a message, but also supports the work with an electronic digital signature. To send an encrypted and signed message, you need to enable both switches — Encrypt before sending and Sign before sending (Fig. 3).
Fig. 3. Creating a new message
The plugin automatically checks the electronic signature and informs the user about it. In fig. 4 shows that the signature is correct. You can also click the Check Signature button to explicitly verify the EDS (Fig. 5)
Fig. 4. The plugin decrypted the message and verified the signature
Fig. 5. Manual checking of digital signature
In fig. 6 shows what an encrypted and signed message arrived. A simple encrypted message is marked as a lock by a plugin, and an encrypted with a signature is a medal. Note that the default message is not decrypted, as it happens in Outlook when you configure S / MIME. In fig. Figure 7 shows what the message looks like in the mailbox's web interface. As you can see, there are two attachments - one with the signature, the other - the encrypted message itself.
To decrypt a message, you need to click the Decrypt button, after which the plug-in will ask for a password (Fig. 8) and, if it is correct, will display the decrypted message (Fig. 9).
Fig. 6. Encrypted message
Fig. 7. Encrypted message in the web interface
Fig. 8. Enter password
Fig. 9. Message text
When the user closes the window with the message, the plugin will ask him: should the message be encrypted (Fig. 10). Such an algorithm makes working with e-mail simultaneously more comfortable and more secure. It is better to leave very secret letters encrypted, to decrypt them you will need to enter the password again. Not very important letters for you can be left decrypted in order not to re-enter the password.
Fig. 10. Leave the message encrypted?
CyberSafe Portable Email Encryption
Imagine that you are on vacation, the laptop where the CyberSafe Mail plug-in is installed is left at home, and your colleagues have sent encrypted messages that you need to decrypt. What to do? Most likely, no one in the hotel or Internet cafe will be allowed to install third-party software. And here you will find the portable version of the encryption program CyberSafe Portable Email Encryption useful. Together with your keys, you can write it on a USB flash drive and take it with you. Keys (personal and other users) are placed in the certs subdirectory. Keys can be generated by a free trial version of the plug-in or CyberSafe Top Secret program.
Let's see how CyberSafe Portable Email Encryption works. In fig. Figure 11 shows the S / MIME encrypted message in the GMail web interface. An encrypted message is a regular message with an attachment of the smime.p7m file.
Fig. 11. This is how the encrypted message is displayed in GMail
To decrypt it, you need to download the smime.p7m file to your computer and run CyberSafe Portable Email Encryption. Click the Open button, select the p7m file, then the program will prompt you to select a certificate (the certificates are in the certs subdirectory) and enter its password. After that, the program will display the text of the encrypted message (Fig. 12).
Fig. 12. Portable version for encryption
Similarly, you can write a message (the answer to the sent encrypted message, see fig. 13) and click the Save button. The created p7m file must be attached to an empty message in Gmail. The message created in this way can be decrypted in different email clients, even in the mobile MailDroid (Fig. 14 and 15).
Fig. 13. Reply to message
Fig. 14. Encrypted message in MailDroid
Fig. 15. The encrypted message is decrypted.
The CyberSafe Mail plugin is the most reliable and easiest (as you can see by viewing the video above) email protection.
On the CyberSoft website you can download the products mentioned in the article absolutely free. A 30-day trial version is available for the plugin, and the CyberSafe Portable Email Encryption portable version is free.
Source: https://habr.com/ru/post/271639/
All Articles