LAB ASSIGNMENT #1 CS6525

E-MAIL SECURITY, X.509 CERTIFICATES

 

FIRST TRY TO USE MORE ALTERNATIVE WAYS

 

 

In this assignment, You will be able to send and receive a signed and an encrypted e-mail message with Microsoft outlook. For signature and encryption, you will be using X.509 certificates.

 

  1. OBTANING A X.509 CERTIFICATE.
  1. Open your Microsoft Outlook
  2. Go to Tools
  3. Select Options
  4. Select Security Tab
  5. Click on “Get a Digital ID
  6. Select VeriSign Inc. (https://onsite.verisign.com/services/WorldIntellectualPropertyOrganizationWIPOCustomerCAV2/digitalidCenter.htm)
  7. Select 60-day free trial option
  8. Fill in the form and follow the instructions.
  9. You are going to receive an e-mail from VeriSign shortly after submitting the form
  10. Install Your certificate
  11.  Check the details of the certificate (Serial number, issuer name, subject name, Signature algorithm, encryption algorithm and the public key)

 

  1. SENDING SIGNED MESSAGE

 

  1. Go back to your Outlook and In the Tools menu select Options, then the Security tab
  2. Click "Add digital signature to outgoing messages", click the "Change Settings" button
  3. On the next screen click the "Choose..." button. Select the Digital ID you want to use for signing e-mail in Outlook.
  4. Then Send an e-mail to this address mathcsgrader@gmail.com. Write “CS6525LABASSIGNMENT #1Signed Message” in the subject field of the Mail
  5. Which signature algorithm are you using?

 

      C. SENDING ENCRYPTED MESSAGE

 

  1. When you receive a signed message from this address  mathcsgrader@gmail.com add Anita's certificate to your contact list.

  

Adding a recipient's digital ID to your contact list

When you receive digitally signed messages, you can validate the signer's digital ID (certificate) to determine that no forgery or false representation has occurred. To have the sender attach a digital ID to a message, ask him or her to send you a digitally signed e-mail message.

  1. Open a message that has a digital ID attached.
  2. Right-click the name in the From field, and then click Add to Contacts on the shortcut menu.
  3. If you already have an entry for this person, select Update new information from this contact to the existing one.

The digital ID is now stored with your contact entry for this recipient. You can now send encrypted e-mail messages to this person.

To view the certificates for a contact, double-click the person's name, and then click the Certificates tab.

4.      To view the certificates for a contact, in the Contacts folder, double-click the person's name to open the contact, and then click the Certificates tab.

 

  1. Go back to your Outlook and In the Tools menu select Options, then the Security tab.
  2.  Select “Encrypt Contents and attachments for outgoing messages” and “Request secure receipt for all S/MIME signed messages
  3. Send an encrypted e-mail message to mathcsgrader@gmail.com. Write “CS6525LABASSIGNMENT #1Encrypted Message” in the subject field of the Mail.
  4. Which algorithm are you using for encryption?

Get a digital ID: OUTLOOK 2010
A digital ID enables you to send digitally signed messages using Microsoft Outlook. A digital ID, that is also known as a digital certificate, helps prove your identity and helps prevent message tampering to protect the authenticity of an email message. You can also encrypt messages for greater privacy.

NOTE A digital signature isn’t the same as a message signature, which is a customizable salutation. A digital signature adds unique code to a message which only comes from the digital ID held by the true sender.

Get a digital ID for sending messages


Get a digital ID from a certifying authority
A digital ID is issued by an independent certification authority.

Click the File tab.
Click Options.
Click Trust Center.
Under Microsoft Outlook Trust Center, click Trust Center Settings.
On the E-mail Security tab, under Digital IDs (Certificates), click Get a Digital ID.
Your organization may have policies that require a different procedure. See the network administrator for more information.
Your web browser opens and displays a webpage on the Microsoft Office Online Web site that lists several certification authorities. Click the one that you want to use and follow the instructions on the webpage to register for a digital ID. The certification authority will then send you a digital ID and instructions via email. You can also look here to find other sources of digital certificates.

Specify the digital ID to use
You might choose to have more than one digital ID — one for your digital signature, which in many areas can have legal significance, and another for encryption.

Click the File tab.
Click Options.
Click Trust Center.
Under Microsoft Outlook Trust Center, click Trust Center Settings.
On the E-mail Security tab, under Encrypted e-mail, click Settings.
NOTE If you have a digital ID, the settings to use the digital ID are automatically configured for you. If you want to use a different digital ID, follow the remaining steps in this procedure.
Under Security Setting Preferences, click New.
In the Security Settings Name box, enter a name.
In the Cryptography Format list, click S/MIME. Depending on your certificate type, you can choose Exchange Security instead.
Next to the Signing Certificate box, click Choose, and then select a certificate that is valid for digital signing.
NOTE To learn if the certificate is intended for digital signing and encryption, on the Select Certificate dialog box, click View Certificate. An appropriate certificate for cryptographic messaging (such as digital signing) might say, for example, "Protects email messages."
Select the Send these certificates with signed messages check box unless you'll be sending and receiving signed messages only within your organization.
NOTE The settings that you choose become the default when you send cryptographic messages. If you don’t want these settings to be used by default for all cryptographic messages, clear the Default Security Setting for this cryptographic message format check box.


Add a recipient's digital ID to your Contacts
To send and receive encrypted email messages, both sender and receiver must share their digital ID certificates with the other.

Open a message that is digitally signed. A signed message is indicated in the message list by a Signature icon.
Right-click the name in the From box, and then click Add to Outlook Contacts.
If you already have an entry for this person, in the Duplicate Contact Detected dialog box, select Update information of selected Contact. A backup copy is saved in Deleted Items Folder.
The certificate is now stored with your contact entry for this recipient. You can now send encrypted messages to this person.
To view the certificate for a contact, double-click the person's name, and then click the Certificates tab.

http://office.microsoft.com/en-us/outlook-help/get-a-digital-id-HP010355070.aspx

 

Installing a Certificate into Mozilla Thunderbird

Part 1: Getting the Certificate
1. Go to VeriSign (or some alternate CA) and go through the process of registering for a Certificate.
2. Check your e-mail.
3. (In Mozilla Firefox) When you follow the URL from the e-mail it will prompt you to install the Certificate into Firefox. Allow this.
4. Go to Tools -> Options, then tab to Advanced, with the Encryption sub tab. Click the "View Certificates" button.
5. Select your new Certificate and "backup" it (button below). This will allow you to import it into Thunderbird.
5b. It will ask you to provide a import pass phrase for the backup.
 

Part 2: Installing the Certificate into Thunderbird (assumes you have configured some e-mail address already)
1. Tools -> Options, then tab to Advanced, with the Encryption sub tab. Click "View Certificates" button.
2. Import your backup certificate you made in Part 1. It will prompt you for the import pass phrase.
3. You are done.
Optionally: In either program you can view the certificate's information
in the same place you backup/import certificates.

Part 3: Using your Certificate when writing e-mail.
1. When composing a new email, there is a Security button above (also found under options). The down triangle can be used to "Digitally Sign
This Message."
2. When you send the message Thunderbird will prompt you for the usage pass phrase you entered when you made the certificate. *Failure to provide the pass phrase will result in sending the e-mail without being signed.* If you don't have your e-mail password saved, it will prompt you for both, so carefully read the prompt before typing something in.

Part 4: Installing/Viewing someone else's Certificate when you receive
an e-mail.
1. Receive the e-mail, Thunderbird automatically adds it to "Other's Certificate" under your Certificates area.
2. To view the certificate someone else signed with, double click the picture of an envelope "sealed" with a red dot (it represents wax pressed with a signet object).
 

 

MORE ALTERNATIVE WAYS