[gentoo-user] Re: encrypted email (gentoo-windows)

[gentoo-user] Re: encrypted email (gentoo-windows)

[James]

Sebastian Beßler <sebastian <at> darkmetatron.de> writes:


> Mail encryption is, as far as I know, something that works on the
> client-side only. The mail server doesn't see the encryption, encrypted
> mails contain only text, just like every other mail.
>

OK let's ignore the mail server portion. Your basically implying
that encrypted mail handling from the server, does not matter if
it's an exchange server, or *nix, like postfix....

As an example.
Look at the situation where a person is using only MS technology
and has no access to support(input) on their client software nor the
MS exchange server (big corp for example that assumes the world
only uses MS software). Maybe they can make a few setting changes
only in Outlook to get encryption working between a MS (Outlook)
system and my Gentoo system using pgp and thunderbird? 


> If may answer has nothing to do with your problem, please give me more
> information what you have in mind.

I do not have a problem. I have assumed that encrypted mail between
a given client software on a gentoo system, will not work with windows.
Is this assumption incorrect?  

Or it's just install whatever I want (mail client on gentoo) and it will
auto-magically exchange encrypted mail with outlook on  a windows machine,
behind a MS Exchange server, regardless of what the MS admins
do on their side?

I assumed that is not that easy (my default experience with MS),
and things have to be coordinated, like most MS issues, to be 
able to exchange encrypted mail between a gentoo and MS workstation....

Nothing to it, or massive issues on the MS side? Obviously,
making changes on the gentoo workstation client, is easy....
What I would really like is to be able to exchange encrypted mail
with any MS user.  That, I'm sure with entail pointing them to 
documents on how to set up the software on the MS (outlook) side.
Links for MS help?

??? 
A general discussion at this point, not a specific solution.
My googling only reveals dated discussions along these lines
or information that is not useful.

James

Re: [gentoo-user] Re: encrypted email (gentoo-windows)

[Elaine C. Sharpe]

In linux.gentoo.user, James wrote:
>
>What I would really like is to be able to exchange encrypted mail
>with any MS user

What, you've never received an encrypted email from a windows user 
before? If you think about it, surely you have...

I know ms is pretty bad about standards and interoperability, but 
pgp or gpg encrypted mail is relatively common on win, *nix, and 
os x. Pretty sure the problem you're trying to solve doesn't exist.

-- 
...she kept arranging and rearranging the rabbit and kind of waving to it. I decided, "this is the person I want to sit next to".

Re: [gentoo-user] Re: encrypted email (gentoo-windows)

[Mick]

[-- Attachment #1: Type: Text/Plain, Size: 5503 bytes --]

On Sunday 27 March 2011 03:03:30 James wrote:
> Sebastian Beßler <sebastian <at> darkmetatron.de> writes:
> > Mail encryption is, as far as I know, something that works on the
> > client-side only. The mail server doesn't see the encryption, encrypted
> > mails contain only text, just like every other mail.
> 
> OK let's ignore the mail server portion. Your basically implying
> that encrypted mail handling from the server, does not matter if
> it's an exchange server, or *nix, like postfix....
> 
> As an example.
> Look at the situation where a person is using only MS technology
> and has no access to support(input) on their client software nor the
> MS exchange server (big corp for example that assumes the world
> only uses MS software). Maybe they can make a few setting changes
> only in Outlook to get encryption working between a MS (Outlook)
> system and my Gentoo system using pgp and thunderbird?

Depending on the MSWindows OS and email client versions your MS counterpart 
can try installing and running: 

http://www.gpg4win.org/about.html

Alternatively, instead of OpenPGP you can use S/MIME certificates - either 
self-signed or from a <aheam!> reputable Certification Authority.  I prefer 
the former where possible, although the average MSWindows user would struggle 
on their own to even click a (single) button, let alone generate 
public/private keys, configure a password and then negotiate with the 
MSWindows certificate manager to accept them.

gpg4win will also act as the front for managing the MSWindows S/MIME certs, 
although Outlook can manage these for SSL signing/encryption natively.

The SSL certificates offered by different CAs are mostly an expensive racket 
for big corporate clients.  Individual users are limited to a few available 
CAs (like CACert, Comodo, etc) who issue free certificates for personal 
(email) use, but only some of the browsers include them in their store of 
trusted CAs - hence the need for manual import of Root CA keys, etc in the 
user's browser/certificate store and of course the same with the recipients of 
their email messages.

Before you commit to a CA check which browsers and OS already included these 
in their trusted Root CA store.


> > If may answer has nothing to do with your problem, please give me more
> > information what you have in mind.
> 
> I do not have a problem. I have assumed that encrypted mail between
> a given client software on a gentoo system, will not work with windows.
> Is this assumption incorrect?

Yes, this is an incorrect assumption.  OpenPGP will not work with MSWindows 
natively without a 3rd party application (e.g. gpg4win), because OpenPGP does 
not satisfy the requirements of Microsoft's monopolistic business model.

However, SSL certificates will work natively with MSWindows and its Outlook 
email client.  As I said above you have a choice of obtaining such 
certificates:  self-signed or signed by trusted Root CAs (some of which are 
free for personal use).

Also, in the era of Cloud computing you have the choice of webmail 
applications (like Horde) which can use both PGP and S/MIME to 
sign/encrypt/decrypt messages, thus bypassing limitations of given OS or 
desktop based mail clients.

Finally, you have SaaS solutions for secure email, like 
http://www.hushmail.com/ but if one does not trust Root CAs why would he trust 
some hushmail company and its employees is beyond me.


> Or it's just install whatever I want (mail client on gentoo) and it will
> auto-magically exchange encrypted mail with outlook on  a windows machine,
> behind a MS Exchange server, regardless of what the MS admins
> do on their side?

Yes, as long as you manage encryption/decryption at the dekstop.  You need to 
note though that some corporate IM policies may prohibit the use of encrypted 
messages.  These can be filtered out by the corporate mail server and stopped.


> I assumed that is not that easy (my default experience with MS),
> and things have to be coordinated, like most MS issues, to be
> able to exchange encrypted mail between a gentoo and MS workstation....
> 
> Nothing to it, or massive issues on the MS side? Obviously,
> making changes on the gentoo workstation client, is easy....
> What I would really like is to be able to exchange encrypted mail
> with any MS user.  That, I'm sure with entail pointing them to
> documents on how to set up the software on the MS (outlook) side.
> Links for MS help?

They do not need to look at Internet links - just ask them look up digital 
signing or encryption in their Outlook help pages.

Configuring Outlook is the easy part.  The more confusing part might be 
obtaining an S/MIME certificate and importing the Root CA certificate if it is 
not already included in whatever Microsoft ships with.  I think that Comodo 
Root CA is already included (and the recently hacked Root CA certificate has 
not been recalled through last week's MSWindows update).


> ???
> A general discussion at this point, not a specific solution.
> My googling only reveals dated discussions along these lines
> or information that is not useful.

Google has many examples and step-by-step instructions for configuring Outlook 
to use SSL Certs (S/MIME), usually by the purveyors of all these expensive 
certificate services:

http://www.globalsign.com/support/personal-certificate/per_outlook07.html
-- 
Regards,
Mick

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 198 bytes --]

[gentoo-user] Re: encrypted email (gentoo-windows)

[James]

Mick <michaelkintzios <at> gmail.com> writes:


> Google has many examples and step-by-step instructions for configuring Outlook 
> to use SSL Certs (S/MIME), usually by the purveyors of all these expensive 
> certificate services:

> http://www.globalsign.com/support/personal-certificate/per_outlook07.html

Hello Mick,

Exactly what I was looking for. Not just the part I included, but
your entire answer. Gmane get'[s fussy about including too much
previous text in responses. Sure, I've set up numerous email clients,
like Thunderbird and such on doze systems before (encryption or not); that's
a no-brainer. Outlook in a rigid corporate environment without the 
admin's help on that side..... interesting. If their spam filters
are too aggressive, it will most likely quarantine the incoming encrypted
files. A program of encryption, but makes files look like text to
spam filters, would be keen, but most likely crackable, due to the
limited char_set? Never tried this but hey, there is ALWAYS a way
to "skin the cat".......

But I have never tried to help an ordinary Outlook user get encryption working,
so as to exchange encrypted email, with their linux bretheran without their
Admin's involvement. Most admins at corps do not care, but they are understaffed
and only support what they support. So you have articulated some options where I
can help a generic corporate user setup and use encryption, without their
admin's involvement, which I guess is what I did not clearly explain in previous
posts, as the goal all along, using Outlook or other
MS based applications.

THANKS; for sharing your knowledge and view of the landscape.
I've got it from here.

James

Re: [gentoo-user] Re: encrypted email (gentoo-windows)

[Mick]

[-- Attachment #1: Type: Text/Plain, Size: 2525 bytes --]

On Sunday 27 March 2011 15:48:53 James wrote:
> Mick <michaelkintzios <at> gmail.com> writes:
> > Google has many examples and step-by-step instructions for configuring
> > Outlook to use SSL Certs (S/MIME), usually by the purveyors of all these
> > expensive certificate services:
> > 
> > http://www.globalsign.com/support/personal-certificate/per_outlook07.html
> 
> Hello Mick,
> 
> Exactly what I was looking for. Not just the part I included, but
> your entire answer. Gmane get'[s fussy about including too much
> previous text in responses. Sure, I've set up numerous email clients,
> like Thunderbird and such on doze systems before (encryption or not);
> that's a no-brainer. Outlook in a rigid corporate environment without the
> admin's help on that side..... interesting. If their spam filters
> are too aggressive, it will most likely quarantine the incoming encrypted
> files. A program of encryption, but makes files look like text to
> spam filters, would be keen, but most likely crackable, due to the
> limited char_set? Never tried this but hey, there is ALWAYS a way
> to "skin the cat".......
> 
> But I have never tried to help an ordinary Outlook user get encryption
> working, so as to exchange encrypted email, with their linux bretheran
> without their Admin's involvement. Most admins at corps do not care, but
> they are understaffed and only support what they support. So you have
> articulated some options where I can help a generic corporate user setup
> and use encryption, without their admin's involvement, which I guess is
> what I did not clearly explain in previous posts, as the goal all along,
> using Outlook or other
> MS based applications.
> 
> THANKS; for sharing your knowledge and view of the landscape.
> I've got it from here.

Glad I could help James.  :-)

Before you start helping remotely MSWindows users I recommend you install 
MSWindows in a virtual machine (e.g. virtualbox-bin will take only a few 
minutes) and configure the OS and mail client to send and receive 
signed/encrypted messages as preferred.  Otherwise, you may quickly run 
aground when the corporate users technical knowledge stops them configuring 
their machines as necessary.

PS.  Some corporate set ups will have the MS Windows SSL certificate store 
settings access blocked for normal users.  In that case only MSWindows 
recognised S/MIME Root CAs will be usable without warnings.  As far as I 
recall Comodo is recognised.
-- 
Regards,
Mick

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 198 bytes --]

Re: [gentoo-user] Re: encrypted email (gentoo-windows)

[JM]

[-- Attachment #1: Type: text/plain, Size: 3894 bytes --]

Hi - if you want to be able to send encrypted email from a linux machine
that a person using a windows machine can de-crypt and read securely, the
simplest way is to use the Gpg4win (for the windows machine) which
incorporates Claws Mail (a port of a linux email client which is also
available on Gentoo). Claws mail is in Portage. So at the simplest level, if
you install the Claws email on your linux box, along with a pgp encryption
tool (I think it's called Gpg, not 100% sure what the Portage package is,
but any pgp encryption tool will probably work, it may already be built in
to Claws), then advise your windows recipients to install Gpg4win (google
it) which is a windows package which includes Claws mail, you will be able
to exchange encrypted emails securely between linux and windows recipients.
On the windows machine, the Gpg4win package will encrypt & decrypt email,
you will only need to find a gpg related tool for the linux machine in order
to encrypt your emails on it before sending them. I'm not really sure what
gpg uses, it may well use pgp encryption which is standard and there will be
a tool in Portage which can encrypt and decrypt email using pgp (or at least
one to encrypt and decrypt any file which can then be forwarded by email).

TBH - the encryption side of it is really OS independent, but using Gpg4win
on windows and any linux email client which supports pgp encryption /
signing should give you what you are looking for (Gpg=Gnu Privacy Guard).
You will just need to double check that whatever you use on the linux side,
is compatible with Gpg.


On 27 March 2011 03:03, James <wireless@tampabay.rr.com> wrote:

> Sebastian Beßler <sebastian <at> darkmetatron.de> writes:
>
>
> > Mail encryption is, as far as I know, something that works on the
> > client-side only. The mail server doesn't see the encryption, encrypted
> > mails contain only text, just like every other mail.
> >
>
> OK let's ignore the mail server portion. Your basically implying
> that encrypted mail handling from the server, does not matter if
> it's an exchange server, or *nix, like postfix....
>
> As an example.
> Look at the situation where a person is using only MS technology
> and has no access to support(input) on their client software nor the
> MS exchange server (big corp for example that assumes the world
> only uses MS software). Maybe they can make a few setting changes
> only in Outlook to get encryption working between a MS (Outlook)
> system and my Gentoo system using pgp and thunderbird?
>
>
> > If may answer has nothing to do with your problem, please give me more
> > information what you have in mind.
>
> I do not have a problem. I have assumed that encrypted mail between
> a given client software on a gentoo system, will not work with windows.
> Is this assumption incorrect?
>
> Or it's just install whatever I want (mail client on gentoo) and it will
> auto-magically exchange encrypted mail with outlook on  a windows machine,
> behind a MS Exchange server, regardless of what the MS admins
> do on their side?
>
> I assumed that is not that easy (my default experience with MS),
> and things have to be coordinated, like most MS issues, to be
> able to exchange encrypted mail between a gentoo and MS workstation....
>
> Nothing to it, or massive issues on the MS side? Obviously,
> making changes on the gentoo workstation client, is easy....
> What I would really like is to be able to exchange encrypted mail
> with any MS user.  That, I'm sure with entail pointing them to
> documents on how to set up the software on the MS (outlook) side.
> Links for MS help?
>
> ???
> A general discussion at this point, not a specific solution.
> My googling only reveals dated discussions along these lines
> or information that is not useful.
>
> James
>
>
>
>
>
>

[-- Attachment #2: Type: text/html, Size: 4422 bytes --]

Re: [gentoo-user] Re: encrypted email (gentoo-windows)

[Steven Susbauer]

[-- Attachment #1: Type: text/plain, Size: 782 bytes --]

On 3/27/11 5:00 AM, Elaine C. Sharpe wrote:
> In linux.gentoo.user, James wrote:
>>
>> What I would really like is to be able to exchange encrypted mail
>> with any MS user
> 
> What, you've never received an encrypted email from a windows user 
> before? If you think about it, surely you have...
> 
> I know ms is pretty bad about standards and interoperability, but 
> pgp or gpg encrypted mail is relatively common on win, *nix, and 
> os x. Pretty sure the problem you're trying to solve doesn't exist.
> 

"Outlook" uses S/MIME rather than PGP. If this user is used to being
part of a normal Windows domain infrastructure with PKI and they haven't
set up their system properly then it would appear that they cannot
exchange encrypted mail with an MS user.


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 551 bytes --]