SecExMail - Secure Email Utility Protecting Your Right to Privacy

This page is an unformatted version of the SecExMail product pages provided for easy searching. If you would like to view the formatted version, with index, please click here or on the link above.

Product: SecExMail
Operating Systems: Windows 2000, windows NT, Windows XP, Windows 98, ME.
Category: Email and Network Security
Keywords: secure email, privacy, internet privacy, pc privacy, secure e-mail, encryption software, corporate email encryption, corporate e-mail encryption, corporate email security, corporate e-mail security, email security, email encryption, e-mail security, e-mail encryption, email, e-mail, security, secure, confidential, symmetric, encrypt, encrypting, encryption, online encryption, crypto, software, free software, program, download, cryptography, privacy, communication, ecommerce, pgp, aes, des, rsa.


Introduction

What is SecExMail ?

SecExMail - Secure Email Made Easy

Maintaining your privacy on the net is not easy in today's world. Until now, secure email could only be achieved by encryption solutions that were not user friendly. SecExMail changes all that, bringing you secure encrypted email that is so easy to use, you will forget it is there!

SecExMail implements open standard encryption algorithms to create a seamless security framework to protect the privacy of your email on the public internet. SecExMail operates as a relay agent between your email client to your mail server encrypting and decrypting email streams in real-time and therefore requires no additional plugin software for your favorite email client program.

 

How SecExMail works :

 

 

General Features :

 

SecExMail requires no plugins or other email client specific software. Simply configure SecExMail to communicate

with your email server and set your favorite email client to talk to SecExMail. That's it.

Probably the greatest obstacle to wide-spread use of secure email is that most encryption systems don't integrate seamlessly with popular email clients. In some cases the use of plugins means that encrypted messages held in mail folders are not searchable via the standard email client interface. In other cases, encrypted messages held in mail folders become irretrievable once the encryption plugin is unloaded. In most cases security is an after-thought and the normal work flow is disrupted to accommodate security. Because SecExMail operates unobtrusively in the background, encrypting and decrypting email streams to and from your email client in real-time, you continue to work with your email client as usual.

Many plugin based encryption systems require the user to treat secure mail differently from ordinary mail. Some require the user to remember that mail to a specific recipient should always be encrypted and take special action to invoke the encryption. If the user forgets, the message is sent in plain text and confidential information may be compromised. Equally, if a plugin is accidentally unloaded or crashes, sensitive information may be compromised because messages designated secure are inadvertently spilled onto the internet in clear text. SecExMail is engineered from the ground up to provide fail safety. Because SecExMail acts as a relay agent or mail proxy and requires the email client to be configured to communicate with its mail server via this proxy, a failure in SecExMail simply means that no mail is sent until the error condition is alleviated. Once the public key for a particular recipient is entered into SecExMail, all mail to that recipient will be sent encrypted by default and without further user intervention.

SecExMail does not stop at simply encrypting your email messages. It also provides for message stealth at the protocol level. The information contained in the header of most emails provides a wealth of information to the cryptanalyst. For example, the header contains a subject line which tells the cryptanalyst which messages are worth examining. Furthermore the header contains information about the type of message being sent, the so called "MIME type". The MIME type indicates to the cryptanalyst if the message contains only text or perhaps a photograph and if so in what format the photograph is stored ( JPG, GIF, etc ). The latter can be exploited in a known plain text attack. For this reason, SecExMail not only encrypts the message subject but also obscures MIME type information. This means a hacker can neither deduce whether the message is worth examining nor what file attachments, if any, are being sent.

Exchanging keys with friends and business associates is child's play. SecExMail has a built in "one touch" SMTP client and automatic key update feature to facilitate easy distribution of SecExMail keys.

 

Most conventional email communication involves the exchange of clear text passwords. This means that anyone with the right wire tapping equipment, or in fact any skilled system administrator working for your telecommunications company, can collect your password information and subsequently read all your email without your knowledge. SecExMail can protect your user and password information by encapsulating all email traffic in a Secure Socket Layer ( SSL ) or Transport Layer Security (TLS) tunnel. See Mail Server configuration for details. (Offshore and Corporate edition only )

SecExMail protects against attempts to trick you into revealing your password information to third parties. See IP/DNS spoofing for technical details. (Offshore and Corporate edition only )

SecExMail is engineered with a focus on transparency to give you the assurance that no backdoor keys or key recovery is embedded in encrypted messages. See Key Transparency.

Technical Features :

SecExMail uses standard RSA based public key encryption. Supported key sizes are 2048, 4096 and 8192 bits ( up to 10240 bits for offshore edition and corporate edition ). Two messages are never encrypted with the same session key. Instead the public key associated with the recipient of a message is used to encrypt a random session key which is used to encrypt the message. Generation of strong session keys is based on a sophisticated entropy collection system.

Individual messages are double encrypted via 64 bit ISAAC and 256 bit Twofish encryption . See SecExMail Cipher.

 

SecExMail encrypts the mail stream and therefore does not interfere with existing methods of encryption. As such, it is possible to encrypt with PGP or GPG first, and then send the resulting cipher text through SecExMail for further encryption. On the remote end, the recipients SecExMail restores the PGP cipher text which can then be decrypted by the user's email client or associated PGP decryption module.

Quick Start

This is the "manual" quick guide to getting you up and running with SecExMail !

For information on wizard based setup, see Configuration Wizard.

Start the SecEx Key Generator and create your own SecExMail keys. Click here to learn how.

Open SecExMail by right-clicking the SecExMail icon in bottom right corner of your screen as shown below and configure your mail server . Click here to learn how.

If you cannot see the SecExMail icon in bottom right corner of your screen, you will need to start SecExMail manually first.

Configure your email client program to use SecExMail as a relay agent. Click here to learn how.

Send your SecExMail key to your friends. Click here to learn how.

Tell your friends about SecExMail and let SecExMail defend your privacy !

 

 

 

 

 

 

 

Acknowledgements

 

At the time of writing, the ISAAC home page can be found at http://burtleburtle.net/bob/rand/isaacafa.html.

ISAAC has been placed into the public domain by its author, Bob Jenkins in 1996.

-----------------------------------------------------------------------------------------------------------

My random number generator, ISAAC.

(c) Bob Jenkins, March 1996, Public Domain

You may use this code in any way you wish, and it is free. No warrantee.

-----------------------------------------------------------------------------------------------------------

The RSA algorithm was patented until September 2000 when RSA® Security Inc. released the algorithm into the public domain. "BEDFORD, Mass., September 6, 2000 -- RSA® Security Inc. (NASDAQ: RSAS) today announced it has released the RSA public key encryption algorithm into the public domain, allowing anyone to create products that incorporate their own implementation of the algorithm." At the time of writing a copy of this statement can be found at http://www.rsasecurity.com/news/pr/000906-1.html

The Twofish block cipher by Counterpane Labs was developed and analyzed by Bruce Schneier, John Kelsey, Doug Whiting, David Wagner, Chris Hall and Niels Ferguson. Twofish was one of the five Advanced Encryption Standard finalists. At the time of writing the Twofish homepage can be found at http://www.counterpane.com/twofish.html. The cipher has been made available to the general public by the following statement on http://www.counterpane.com/about-twofish.html :

" Twofish is unpatented, and the source code is uncopyrighted and license-free; it is free for all uses. Everyone is welcome to download Twofish and use it in their application. There are no rules about use, although I would appreciate being notified of any commercial applications using the algorithm so that I can list them on this website. "

ZLIB is a lossless data-compression library written by Jean-loup Gailly and Mark Adler. ZLIB is made

available as free, unpatented software to the general public at http://www.gzip.org/zlib/. The license

conditions are set forth at http://www.gzip.org/zlib/zlib_license.html and reproduced below :

 

" Copyright (C) 1995-2002 Jean-loup Gailly and Mark Adler

This software is provided 'as-is', without any express or implied

warranty. In no event will the authors be held liable for any damages

arising from the use of this software.

Permission is granted to anyone to use this software for any purpose,

including commercial applications, and to alter it and redistribute it

freely, subject to the following restrictions:

1. The origin of this software must not be misrepresented; you must not

claim that you wrote the original software. If you use this software

in a product, an acknowledgment in the product documentation would be

appreciated but is not required.

2. Altered source versions must be plainly marked as such, and must not be

misrepresented as being the original software.

3. This notice may not be removed or altered from any source distribution.

Jean-loup Gailly jloup@gzip.org

Mark Adler madler@alumni.caltech.edu "

 

The RIPE message digest was written by Antoon Bosselaers for Katholieke Universiteit Leuven, Department of Electrical Engineering ESAT/COSIC, Belgium. License conditions ask us to quote the following :

" RIPEMD-160 software written by Antoon Bosselaers,

available at http://www.esat.kuleuven.ac.be/~cosicart/ps/AB-9601/ "

Katja Bengtsson of Stockholm, Sweden ( katja@offshoremailroom.com )

 

SecExMail contains Mozilla web browser software from the The Mozilla Organization. Mozilla is licensed under the Mozilla Public License (MPL) which can be found at http://www.mozilla.org/MPL/MPL-1.1.html. SecExMail uses unmodified Mozilla executable code; the source code for this executable code is freely available at http://www.mozilla.org. Software distributed under the MPL is distributed on an "AS IS" basis, without warranty of any kind, either express or implied. See the MPL License for the specific governing rights and limitations.

 

SecExMail contains cryptographic software from the OpenSSL project at www.openssl.org which is licensed under a "BSD-style" open source licenses. These licenses asks us to state the following :

"This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

"This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com)."

SecExMail is an independent, derived work and no endorsement of SecExMail by the OpenSSL project is implied. The full text of the OpenSSL license and the original SSLeay License is reproduced below.

OpenSSL License

====================================================================

Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.

Redistribution and use in source and binary forms, with or without

modification, are permitted provided that the following conditions

are met:

1. Redistributions of source code must retain the above copyright

notice, this list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright

notice, this list of conditions and the following disclaimer in

the documentation and/or other materials provided with the

distribution.

3. All advertising materials mentioning features or use of this

software must display the following acknowledgment:

"This product includes software developed by the OpenSSL Project

for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

endorse or promote products derived from this software without

prior written permission. For written permission, please contact

openssl-core@openssl.org.

5. Products derived from this software may not be called "OpenSSL"

nor may "OpenSSL" appear in their names without prior written

permission of the OpenSSL Project.

6. Redistributions of any form whatsoever must retain the following

acknowledgment:

"This product includes software developed by the OpenSSL Project

for use in the OpenSSL Toolkit (http://www.openssl.org/)"

THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR

ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

OF THE POSSIBILITY OF SUCH DAMAGE.

====================================================================

This product includes cryptographic software written by Eric Young

(eay@cryptsoft.com). This product includes software written by Tim

Hudson (tjh@cryptsoft.com).

Original SSLeay License

 

Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)

All rights reserved.

This package is an SSL implementation written

by Eric Young (eay@cryptsoft.com).

The implementation was written so as to conform with Netscapes SSL.

This library is free for commercial and non-commercial use as long as

the following conditions are adhered to. The following conditions

apply to all code found in this distribution, be it the RC4, RSA,

lhash, DES, etc., code; not just the SSL code. The SSL documentation

included with this distribution is covered by the same copyright terms

except that the holder is Tim Hudson (tjh@cryptsoft.com).

Copyright remains Eric Young's, and as such any Copyright notices in

the code are not to be removed.

If this package is used in a product, Eric Young should be given attribution

as the author of the parts of the library used.

This can be in the form of a textual message at program startup or

in documentation (online or textual) provided with the package.

Redistribution and use in source and binary forms, with or without

modification, are permitted provided that the following conditions

are met:

1. Redistributions of source code must retain the copyright

notice, this list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright

notice, this list of conditions and the following disclaimer in the

documentation and/or other materials provided with the distribution.

3. All advertising materials mentioning features or use of this software

must display the following acknowledgement:

"This product includes cryptographic software written by

Eric Young (eay@cryptsoft.com)"

The word 'cryptographic' can be left out if the routines from the library

being used are not cryptographic related :-).

4. If you include any Windows specific code (or a derivative thereof) from

the apps directory (application code) you must include an acknowledgement:

"This product includes software written by Tim Hudson (tjh@cryptsoft.com)"

THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

SUCH DAMAGE.

The licence and distribution terms for any publicly available version or

derivative of this code cannot be changed. i.e. this code cannot simply be

copied and put under another distribution licence

[including the GNU Public Licence.]

 

Chris Kohlhepp and Mark Robertson, Bytefusion Ltd.

 

Working with SecExMail

Starting SecExMail

To start SecExMail, click "Start", "Programs", "SecExMail" and "SecEx Mail" as shown below. This will start the SecExMail service and place the icon into the system tray.

 

Right-click on the system tray icon with your mouse and select "Open SecEx Mail" as show below to open the configuration screen.

 

Mail server tab

SecExMail operates as a relay agent between your email client software and your internet service provider's mail server. Therefore you need to tell your email client to check and send mail via SecExMail and tell SecExMail about your mail server. To do so, select the Mail Server tab and enter the details provided for SMTP server and POP3 server by your internet service provider ( ISP ) as shown below.

 

This is the Internet email server which stores your incoming mail. You may specify either a DNS host name or IP address here. The server must be POP3 compliant. Modifying this setting will have immediate effect.

If you are behind a firewall and your incoming mail server operates on a non-standard port, please update the POP3/POP3S port setting here accordingly. Modifying this setting will have immediate effect.

If your service provider supports secure POP3 (POP3S) via Secure Socket Layer (SSL) or Transport Layer Security (TLS), set the port type here to "pop3s". Otherwise set the port type to "pop3". The standard port for POP3 is 110. The standard port for POP3S is 995. POP3S not available in Home Edition. Modifying this setting will have immediate effect.

This is the Internet email server you use to send outgoing mail. You may specify either a DNS host name or IP address here. The server must be SMTP compliant. Modifying this setting will have immediate effect.

If you are behind a firewall and your outgoing mail server operates on a non-standard port, please update the SMTP/SMTPS port setting here accordingly. Modifying this setting will have immediate effect.

If your service provider supports secure SMTP (SMTPS) via Secure Socket Layer (SSL) or Transport Layer Security (TLS), set the port type here to "smtps". Otherwise set the port type to "smtp". The standard port for SMTP is 25. The standard port for SMTPS is 465. Note that only *fully* encrypted SMTP is supported here. This feature does not support RFC 2487 demand encryption of SMTP over port 25. SMTPS not available in Home Edition. Modifying this setting will have immediate effect.

 

Click Filter to configure the SMTP filter.

Encryption tab

The Encryption tab allows you to configure SecExMail keyed encryption services for your computer. The default values set by the installation program will serve most people. However, if you operate a firewall or other proxy service on your computer, you might have to adjust these settings. All users will need to configure their email client to work with SecExMail.

Check this option if you want SecExMail to encrypt outgoing messages when sending mail to recipients listed on "Friends" page. Modifying this setting will take effect the next time you restart SecExMail.

This specifies the POP3 port your email client will connect to on your computer (localhost) when retrieving new messages from the internet. Modifying this setting will take effect the next time you restart SecExMail.

 

Check this option if you want SecExMail to scan incoming mail for SecExMail encrypted messages and decrypt them. Modifying this setting will take effect the next time you restart SecExMail.

This specifies the SMTP port your email client will connect to on your computer (localhost) when sending messages. Modifying this setting will take effect the next time you restart SecExMail.

 

Desktop tab

This page configures how SecExMail integrates with your desktop environment. See option descriptions below.

 

Check this option if you want SecExMail to be loaded automatically when you start your computer. Modifying this setting will take effect the next you restart your computer.

Set this option if you want SecExMail to be minimized into the system tray when started. Modifying this setting will take effect the next time you restart SecExMail.

Enables SecExMail splash screen at program start. Modifying this setting will take effect the next time you restart SecExMail.

Set this option if you want SecExMail to write its "Watch" tab log to disk. Modifying this setting will take effect the next time you restart SecExMail.

Check this option if you want to be able to disable keys without deleting them. Modifying this setting will have immediate effect.

Set this option if you want to be able to view the "raw content" of inbound messages. Modifying this setting will have immediate effect.

Check this option if you want to be able to view the "raw content" of outgoing messages. This is useful to view the encrypted versions of messages you have sent. Modifying this setting will have immediate effect.

Check this option if you want SecExMail to exchange keys with other users automatically. If this option is enabled, SecExMail will append your public key to outgoing e-mails as a tag line and accept such public key updates from other people. Once secure communication with another person is established, your public key is no longer appended to emails sent to that person.

Check this option if you want SecExMail to notify you via small pop-up screens when encrypting and decrypting mail.

 

My Keys tab

The My Keys tab lists your own SecExMail keys. From here you can create new keys, change the passphrase on existing keys, back up and restore keys to and from disk, email your key to others and manage the passphrase cache. Technically, keys shown here are private keys while keys listed on the Friends tab are public keys. See SecExMail Keys for details.

 

 Key Activation State :

Use this check box to enable / disable encryption to the person associated with the respective key. If unchecked, messages sent to the key owner via SecExMail will be transmitted in the clear. If checked, messages send to the key owner via SecExMail will be encrypted. Since the My Keys tab shows your own keys, this feature will mainly affect messages you

carbon copy or "CC" to yourself.

New Key Button

Use this button to generate a new key for yourself. This will invoke the SecEx Key Generator as shown below. Technically the SecEx Key Generator will generate a two component key for you, comprised of one public key and one private key. The private key will appear here on the My Keys tab and will be used to decrypt incoming messages. The public key component will be sent to your friends so as to enable your friends to encrypt messages to you. It is also used to encrypt messages you carbon copy or "CC" to yourself. See SecExMail Keys for details.

Key Properties Button :

Use this button to display the properties of a selected key. The key properties include details of the key owner, the email address associated with the key, the key type and size as well as the key fingerprint. The properties for a typical key are shown below.

Export Key Button :

Use this button to save your keys to floppy or hard disk for backup purposes or to exchange them with others.

Because your own keys are comprised of a public and a private key component, exporting your own key involves a two stage process. During the first stage the public key component is exported - a typical dialog to export SecEx public keys is shown below.

 

Your will then be prompted to decide if you wish to export the private key component also. See image below.

 

 

This is the second stage. If you are backing up your key to floppy or similar such medium, you will probably want to export your private key component also since you will not be able to fully restore your key later without the private key component. If you are sending your key to a friend to enable that person to send encrypted email to you, you will only need to export the public key component, NOT the private key component. Private keys are stored in 3DES encoded, chained block cipher format and protected with a passphrase. See SecExMail Key File Format.

Change Key Passphrase Button :

Use this button to change the passphrase on the selected key. See image below.

 

Delete Key Button :

Use this button to remove a selected key from the list.

 

Import Key Button :

Use this button to import new keys or restore backups from floppy or hard disk.

Email Key to Friend Button :

Use this button to email the public key component of your SecExMail key to others. This will enable the receiver to send encrypted mail to you. See Distributing SecExMail Keys.

Clear Passphrase Cache Button :

Use this button to clear a passphrase for the associated key from the registry. See passphrase cache for details.

 

Friends tab

The Friends tab lists people on your secure contact list. Email sent via SecExMail to people on the Friends list will be encrypted automatically and without the need for further interaction by you, the user. On this screen you can add and remove friends from your secure contact list, display key properties including fingerprints, and email the keys of friends to other people. Technically, a secure friend is someone for whom only a public key is held on file, i.e. you can encrypt messages to this person, but you cannot decrypt messages sent to this person. See SecExMail Keys for details.

 Key Activation State :

Use this check box to enable / disable encryption to the person associated with the respective key. If unchecked, messages sent to the key owner via SecExMail will be transmitted in the clear. If checked, messages send to the key owner via SecExMail will be encrypted.

Key Properties Button :

Use this button to display the properties of a selected key. The key properties include details of the key owner, the email address associated with the key, the key type and size as well as the key fingerprint. The properties for a typical key are shown below.

Import Key Button :

Use this button to import new keys from floppy or hard disk. Friend keys stored on disk must end "#.pubrsa".

A typical dialog to import SecEx public keys is shown below.

Export Key Button :

Use this button to save friend keys to floppy or hard disk for backup purposes or to exchange them with others.

A typical dialog to export SecEx public keys is shown below.

Delete Key Button :

Use this button to remove a friend from the secure contact list.

Email Key to Friend Button :

Use this button to email a friend's key to others. See Distributing SecExMail Keys.

 

 

 

In-Tray Tab

The In-Tray tab shows incoming messages that SecExMail has processed. It is similar to your email client's inbox. Here you can view messages as they "came in off the wire" and decrypt messages which were encrypted to keys for which you hold the private key component.

 

Refresh View Button :

Use this button to refresh the list on the In-Tray tab. This list is updated when it is first displayed and thereafter only when you click the refresh view button.

Open Message Button :

Use this button to open a selected message. This feature will allow you to view "raw wire" message in notepad.

Delete Message Button :

Use this button to delete selected message(s).

 

 

 

 

Out-Tray Tab

The Out-Tray tab shows outgoing and sent messages that SecExMail has processed. It is similar to your email client's sent items folder. Here you can view messages exactly as they have been send and decrypt messages which were encrypted to keys for which you hold the private key component. Note that you will not be able to decrypt messages which have been encrypted to your friends unless you have carbon copied ( "CC" ) them to yourself.

Refresh View Button :

Use this button to refresh the list on the Out-Tray tab. This list is updated when it is first displayed and thereafter only when you click the refresh view button.

Open Message Button :

Use this button to open a selected message. This feature will allow you to view "raw wire" message in notepad.

Delete Message Button :

Use this button to delete selected message(s).

 

Watch tab

The Watch tab shows SecExMail log information in real-time as you send and receive email. A full record of all log entries can be found in the SecExMail application directory under "secexmail.log".

 

Distributing SecExKeys

Sending friends your public key "manually" is easy. See also Automatic Key Exchange. Simply click the "Email Key to Friend" button on the Friends tab. See image.

Finally, select the key you wish to send from the list of keys in the "Key" drop-down box, enter your own email address in the "From" field, enter the recipient's email address in the "To" field, and optionally a short personal message in the "Short Message" field. Click "OK". The display will switch to the Watch tab for the sending of the key via your email server.

If your send mail server requires you to authenticate in order send mail, see SMTP AUTH.

Send Mail Authentication

If your send mail server requires you to authenticate in order send mail click the SMTP AUTH link on the Email Key to Friend dialog. This will invoke the dialog shown below. Enter your user name and password as issued by your internet service provider and click Ok.

The SecExMail Email Key to Friend facility uses the Extended Simple Mail Transfer Protocol ( ESMTP ) AUTH LOGIN command to support user authentication.

Passphrase cache

When SecExMail starts you will be prompted to enter the passphrase for any private keys loaded from the registry or disk. This passphrase is required to decode private keys which are stored in 3DES encrypted format.

 

 

Optionally, you can instruct SecExMail to cache the passphrase for your key in the registry by checking the "Store Passphrase" option. This will prompt SecExMail to write the passphrase for your key to your computer's registry in Blowfish encrypted format. Nonetheless, this option is only recommended if you can safeguard access to your computer and its registry. In particular you should disable the remote registry service (Windows NT / 2000 / XP). You can clear the passphrase cache for your key on the My Keys tab.

Outgoing Mail Filter

This page configures how SecExMail filters SMTP email headers to further protect your privacy.

 

 

Every email message bears a unique fingerprint or message identifier which may be used to track the message across a network or indeed across the global internet. Further, each email reply contains a fingerprint correlator that allows the reply to be uniquely associated with the original message. SecExMail allows you to remove both message fingerprints as well as fingerprint correlators. Note that this will also disable message threading functionality in email client software.

Check this option if you want SecExMail to eliminate "Message-ID:" header information from encrypted emails. Modifying this setting will have immediate effect.

Shown below is an excerpt from a typical SMTP header containing a Message-ID fingerprint :

Return-Path: <yourname@offshoremailroom.com>

Delivered-To: john_doe@offshoremailroom.com

Received: from (HELO yourmachine_name) (yourname@203.134.3.41)

by localhost with SMTP; 23 Jul 2002 09:52:57 -0000

From: "Your Name" <yourname@offshoremailroom.com>

To: <john_doe@offshoremailroom.com>

Subject: Testing

Date: Tue, 23 Jul 2001 10:55:35 +0100

Message-ID: <000221c27717$gax278f1$0800a8c0@yourname>

MIME-Version: 1.0

The same header would appear as follows with the Remove message fingerprint option checked :

Return-Path: <yourname@offshoremailroom.com>

Delivered-To: john_doe@offshoremailroom.com

Received: from (HELO yourmachine_name) (yourname@203.134.3.41)

by localhost with SMTP; 23 Jul 2002 09:52:57 -0000

From: "Your Name" <yourname@offshoremailroom.com>

To: <john_doe@offshoremailroom.com>

Subject: Testing

Date: Tue, 23 Jul 2001 10:55:35 +0100

MIME-Version: 1.0

 

Check this option if you want SecExMail to eliminate "In-Reply-To:" header information from encrypted emails. Modifying this setting will have immediate effect.

Shown below is an excerpt from a typical SMTP header containing a fingerprint correlator :

Return-Path: <yourname@offshoremailroom.com>

Delivered-To: john_doe@offshoremailroom.com

Received: from (HELO yourmachine_name) (yourname@203.134.3.41)

by localhost with SMTP; 23 Jul 2002 09:52:57 -0000

From: "Your Name" <yourname@offshoremailroom.com>

To: <john_doe@offshoremailroom.com>

Subject: Testing

Date: Tue, 23 Jul 2001 10:55:35 +0100

Message-ID: <000221c27717$gax278f1$0800a8c0@yourname>

In-Reply-To: <000801c23789$3r040dc0$1441a8c0@nimitz>

MIME-Version: 1.0

The same header would appear as follows with the Remove fingerprint correlators option checked :

Return-Path: <yourname@offshoremailroom.com>

Delivered-To: john_doe@offshoremailroom.com

Received: from (HELO yourmachine_name) (yourname@203.134.3.41)

by localhost with SMTP; 23 Jul 2002 09:52:57 -0000

From: "Your Name" <yourname@offshoremailroom.com>

To: <john_doe@offshoremailroom.com>

Subject: Testing

Date: Tue, 23 Jul 2001 10:55:35 +0100

Message-ID: <000221c27717$gax278f1$0800a8c0@yourname>

MIME-Version: 1.0

 

Check this option if you want SecExMail to eliminate "Message-ID:" header information from clear text emails. Modifying this setting will have immediate effect.

Check this option if you want SecExMail to eliminate "In-Reply-To:" header information from clear text emails. Modifying this setting will have immediate effect.

Email clients initiate the SMTP handshake with the EHLO command or "Hello" command. Usually the EHLO command will be used to identify your computer to the mail server. If you operate on a private network and behind a firewall the EHLO command will disclose your computer's true identity even if the firewall is used to mask your private IP address. This can be useful information to a hacker in locating sensitive information on a corporate network should firewall security ever be compromised. Check "Erase Computer Name" if you want SecExMail to erase your computer's identity from the EHLO command. Modifying this setting will have immediate effect.

Shown below is an excerpt from a typical SMTP header containing EHLO computer identity information :

Return-Path: <yourname@offshoremailroom.com>

Delivered-To: john_doe@offshoremailroom.com

Received: from (HELO yourmachine_name) (yourname@203.134.3.41)

by localhost with SMTP; 23 Jul 2002 09:52:57 -0000

Date: Tue, 23 Jul 2001 10:55:35 +0100

The same header would appear as follows with the Erase Computer Name option checked :

Return-Path: <yourname@offshoremailroom.com>

Delivered-To: john_doe@offshoremailroom.com

Received: from (HELO ) (yourname@203.134.3.41)

by localhost with SMTP; 23 Jul 2002 09:52:57 -0000

Date: Tue, 23 Jul 2001 10:55:35 +0100

The exact message layout depends on your mail server and email client software.

The SMTP protocol uses the HELO command. EHLO is used by the Extended Simple Mail Protocol ( ESMTP ).

 

 

Incoming Mail Filter

SecExMail supports a number of privacy filter options. Incoming HTML messages may be converted from their native HTML format to plain text. The HTML filter is not enabled by default.

Check this option if you want SecExMail to convert incoming HTML messages to plain text messages. Enabling this filter is highly recommended as HTML mail may contain active components which in turn may be used to distribute viruses or stage malicious attacks on your computer. HTML email is especially dangerous, because malicious exploits may execute as soon as the email is being viewed and without your knowledge. Modifying this setting will have immediate effect.

Enabling this filter will not impact your ability to receive HTML attachments.

Configuration Wizard

When you start SecExMail for the first time you will have the option to configure SecExMail using the configuration wizard. The configuration wizard will attempt to detect existing e-mail accounts and import the settings into SecExMail as well as adjust your e-mail client program to work with SecExMail. At present, automatic configuration is supported for the following e-mail client programs : Microsoft Outlook, IncrediMail, and Opera Mail.

All SMTP/POP3 compliant e-mail clients are SecExMail compatible. Some e-mail clients may require manual configuration.

 

SecExMail allows automatic discovery of encryption keys, so you don't have to manually exchange encryption keys with other SecExMail users. Keys are processed automatically as tag lines in incoming and outgoing mail.

After secure communication between yourself and another user is established, key tag lines are omitted. Automatic key exchange is enabled by default.

SecExMail supports a number of privacy filter options. Incoming HTML messages may be converted from their native HTML format to plain text. This feature protects your computer against malicious HTML containing exploits based on active message content which may be embedded in HTML code. The HTML filter is not enabled by default. Enabling this filter will not impact your ability to receive HTML attachments.

Microsoft Outlook, IncrediMail, and Opera Mail are registered trademarks or trademarks of their respective owners.

 

 

Automatic Key Exchange

If the "Enable auto keys" option is checked on the Desktop Tab, SecExMail will discover the encryption keys of other SecExMail users automatically - without any user intervention. SecExMail will simply append your public key to outgoing e-mails as a tag line and accept such public key updates from other people. Once secure communication with another person is established, your public key is no longer appended to emails sent to that person.

 

SecEx Key Generator

Create your personal SecExMail keys

The SecEx Key Generator creates encryption keys for you which will enable your friends to send you encrypted mail and enable you to decrypt mail sent to you by your friends. To invoke the SecEx Key Generator, click "Start", "Programs", "SecExMail" and "SecEx KeyGenerator" as shown below.

 

This will start the SecEx Key Generator which will guide you through the process of creating your own SecExMail keys.

Click Next to proceed to the Personal Details screen.

Personal Details Screen

 

The Personal Details screen collects information about you and your email address. This information will later appear on the My Keys tab in SecExMail. SecEx Key Generator will not disclose your information to anyone and you control whom you share your key information with.

Click Next to go to the Key Size screen.

Key Size Screen

Deciding on the key size of your new email key is a matter of personal judgement. It is commonly held that RSA keys of 1024 bits will withstand conventional cryptanalytic attacks while key sizes of 512 bits or less are to be regarded as insecure. In general, the cryptographic community is divided over the recommended key size for asymmetric keys and what is referred to as the "huge key debate". If 1024 bit keys are secure, why use larger keys ? The counter argument is that the only disadvantage to using larger keys is the longer time required to process them. CPU cycles are cheap and getting cheaper every year. This aids the cryptographer and cryptanalyst alike. So why not use the largest key size contemporary computers can handle ? The decision is yours ...

 

Click Next to proceed to the Passphrase screen.

Passphrase Screen

Your new key will be stored in your computer's registry. To protect confidential key information from unauthorized access, it will be encrypted and protected with a passphrase that only you know. Please chose a long phrase containing both letters and numbers and avoid using the names of girlfriend, wife, boyfriend or husband. Do not use your date of birth.

Click Next to proceed to the Entropy screen.

Entropy Screen

Your new key will be generated from prime numbers produced by a random number generator. In order for your key to be unpredictable we need to collect a large amount of random data from the only source in the system which is unique : you. This data will be used to seed the random number generator. To ensure maximum security, the SecEx Key Generator does not avail itself of previously calculated prime numbers or so called "canned primes." All prime numbers are generated "on the spot".

Click Next to proceed to the Progress screen.

 

Progress Screen

 

The progress screen shows the estimated time to completion. The estimated time to finish may be readjusted during key generation and you will be advised when key generation is complete. At that time, click Finish to save your keys and restart SecExMail if necessary.

 

 

 

Email client configuration

Basic Email Client Configuration

Configuring your email client to send and receive email via SecExMail is easy. Simply set your email client

to receive mail at "localhost" or IP address "127.0.0.1" on port 110 and send email via "localhost" or IP address "127.0.0.1" on port 25. The port settings may vary and should match the decryption and encryption port settings on the Encryption tab. Detailed guides for popular email clients are provided in this section.

 

Outlook XP/2002

To configure Outlook XP/2002 to work with SecExMail, you will need the password given to you by your internet service provider (ISP) or your system administrator. SecExMail operates as a go-between or relay agent between Outlook XP/2002 and your ISP's mail server. It encrypts and decrypts messages to and from people on your Friends list so Outlook XP/2002 must be configured to send and receive mail via SecExMail. Follow the steps detailed below to configure a new email account in Outlook XP/2002 for use with SecExMail.

If you are modifying an existing Outlook XP/2002 email account for use with SecExMail, please refer to modifying Outlook XP/2002 accounts.

 

In Outlook XP/2002, click on the Tools menu and choose Email Accounts from the available options. The E-Mail Accounts screen shown below will appear.

 

 

Select "Add a new e-mail Account" and click the Next button. This invokes the Server Type screen as shown below.

 

 

Select "POP3" and click the Next button. The invokes the Internet E-Mail Settings screen as shown below.

 

 

Enter your name and the e-mail address as provided by your ISP or system administrator under User Information. Enter the IP address 127.0.0.1 for both POP3 and SMTP server under Server Information. This IP address is the loopback address for all computers running the Internet Protocol and is located on your computer. SecExMail is listening on this IP address and will process all incoming and outgoing e-mail messages. Do not enter your internet service providers (ISP) mail server details here - see "Configuring your mail server". Enter your user name and password as provided by your ISP under Logon Information. Click Next. This invokes the Congratulations screen as shown below.

 

 

Click Finish to complete the Outlook XP/2002 configuration. Finally, enter your internet service providers (ISP) mail server details on the Mail Server tab - see "Configuring your mail server".

 

Modifying Outlook XP/2002

To modify an existing Outlook XP/2002 email account for use with SecExMail, please follow the steps detailed below.

Click on the Tools menu and choose E-Mail Accounts from the available options. The window below will appear.

 

Select View or change existing e-mail accounts and click Next. The window below will appear.

 

Choose the account you wish to configure for use with SecEx Mail and click Change. The window below will appear.

 

Enter your name and the e-mail address as provided by your ISP or system administrator under User Information. Enter the IP address 127.0.0.1 for both POP3 and SMTP server under Server Information. This IP address is the loopback address for all computers running the Internet Protocol and is located on your computer. SecExMail is listening on this IP address and will process all incoming and outgoing e-mail messages. Do not enter your internet service providers (ISP) mail server details here - see "Configuring your mail server". Enter your user name and password as provided by your ISP under Logon Information. Click Next. This will return you to the E-Mail Accounts screen. Click Finish.

Outlook 98/2000/Express

To configure Outlook 98/2000/Express to work with SecExMail, you will need the password given to you by your internet service provider (ISP) or your system administrator. SecExMail operates as a go-between or relay agent between Outlook 98/2000/Express and your ISP's mail server. It encrypts and decrypts messages to and from people on your Friends list so Outlook 98/2000/Express must be configured to send and receive mail via SecExMail. Follow the steps detailed below to configure a new email account in Outlook 98/2000/Express for use with SecExMail.

If you are modifying an existing Outlook 98/2000/Express email account for use with SecExMail, please refer to modifying Outlook 98/2000/Express accounts.

 

In Outlook 98/2000/Express, click on the Tools menu and choose Accounts from the available options. The window below will appear.

 

 

Click on the Add button and choose Mail... This invokes the new mail account wizard as shown below.

 

 

Enter your name in the box provided and click Next. The window shown below will appear.

 

 

Enter your e-mail address as provided to you by your ISP or system administrator and click Next. The window shown below will appear.

 

 

Enter the IP address 127.0.0.1 for both POP3 and SMTP servers. This IP address is the loopback address for all computers running the Internet Protocol and is located on your computer. SecExMail is listening on this IP address and will process all incoming and outgoing e-mail messages. Do not enter your internet service providers (ISP) mail server details here - see "Configuring your mail server". Click Next and the window shown below will appear.

 

Enter your user name and password for your e-mail account as given to you by your ISP or system administrator. If you do not want Outlook 98/2000/Express to remember your password, uncheck the "Remember Password" box. Outlook 98/2000/Express will then ask you for your password every time it checks your mail. Click Next and the window shown below will appear.

 

Outlook Express users skip this step. Choose "Connect using my local area network (LAN)" if you are on a local area network or broadband connection. Choose "Connect using my phone line" if you have a conventional modem connection to the internet. Click Next to complete the Outlook 98/2000/Express configuration.

Finally, enter your internet service providers (ISP) mail server details on the Mail Server tab - see "Configuring your mail server".

 

 

Modifying Outlook 98/2000/Express

To modify an existing Outlook 98/2000 email account for use with SecExMail, please follow the steps detailed below.

Click on the Tools menu and choose Accounts from the available options. The window below will appear.

 

Choose the account you wish to configure for use with SecExMail and click Properties. The window below will appear.

 

Click on the Servers tab and modify the POP3 and SMTP server settings to 127.0.0.1 or "localhost" as shown below.

Click OK to complete your configuration.

 

 

The BAT

To configure The BAT to work with SecExMail, you will need the password given to you by your internet service provider (ISP) or your system administrator. SecExMail operates as a go-between or relay agent between The BAT and your ISP's mail server. It encrypts and decrypts messages to and from people on your Friends list so The BAT must be configured to send and receive mail via SecExMail. Follow the steps detailed below to configure a new email account in The BAT for use with SecExMail. These instruction apply to The BAT version 1.6.

If you are modifying an existing The BAT email account for use with SecExMail, please refer to modifying The BAT email accounts.

 

Open The Bat and click on Accounts and New. This will invoke the new user account screen.

Enter your name the email account name. Click Next to continue.

 

Enter your full name and the e-mail address as provided by your ISP or system administrator. Click Next to continue.

 

Enter the IP address 127.0.0.1 for both POP3 and SMTP servers. This IP address is the loopback address for all computers running the Internet Protocol and is located on your computer. SecExMail is listening on this IP address and will process all incoming and outgoing e-mail messages. Do not enter your internet service providers (ISP) mail server details here - see "Configuring your mail server". Click Next to continue.

Enter your user name and password for your e-mail account as given to you by your ISP or system administrator. Click Next to continue.

 

Choose "Local Area Network or manual connection" if you are on a local area network or broadband connection. Choose "Dial-up connection" if you have a conventional modem connection to the internet. Click Next to continue.

Click Finish to complete The Bat account setup.

 

Finally, enter your internet service providers (ISP) mail server details on the Mail Server tab - see "Configuring your mail server".

 

 

 

Modifying The BAT

To modify an existing The BAT email account for use with SecExMail, please follow the steps detailed below.

Open The BAT, highlight the account you wish to configure for use with SecEx Mail using your mouse, then select Account and Properties... from the menu. This will invoke the properties dialog for your email account. Click the Transport label. Enter the IP address 127.0.0.1 for both SMTP and POP3 under Send mail - SMTP Server and Receive Mail - Mail Server respectively. This IP address is the loopback address for all computers running the Internet Protocol and is located on your computer. SecExMail is listening on this IP address and will process all incoming and outgoing e-mail messages. Do not enter your internet service providers (ISP) mail server details here - see "Configuring your mail server". Enter your user name and password as provided by your ISP under Receive mail. Click Ok.

 

Pegasus

To configure Pegasus Mail to work with SecExMail, you will need the password given to you by your internet service provider (ISP) or your system administrator. SecExMail operates as a go-between or relay agent between Pegasus Mail and your ISP's mail server. It encrypts and decrypts messages to and from people on your Friends list so Pegasus Mail must be configured to send and receive mail via SecExMail. Follow the steps detailed below to configure a new email account in Pegasus Mail for use with SecExMail. These instructions apply to Pegasus 7.0

If you are modifying an existing Pegasus Email account for use with SecExMail, please refer to Modify an Existing Pegasus Account.

 

Pegasus Mail Internet Setup Wizard runs automatically the first time Pegasus Mail is used, click Next > to continue.

To start the wizard from within Pegasus Mail select Tools > Internet Options > the wizard can be accessed from the General Tab.

A pop-up menu will appear. Enter your E-mail address and click on Next >

 

 

 

 

Enter the IP address 127.0.0.1 as the incoming mail server. This IP address is the loopback address for all computers running the Internet Protocol and is located on your computer. SecExMail is listening on this IP address and will process all incoming e-mail messages. Do not enter your internet service providers (ISP) mail server details here - see "Configuring your mail server". Click Next > to continue.

 

 

Enter your user ID and password as given to you by your ISP or system administrator. Click Next > to continue

 

 

Enter the IP address 127.0.0.1 as the outgoing SMTP mail server. Click Next > to continue

 

 

Check the button that best describes how you connect to the Internet and click Next > to finish

 

Click Finish to complete your Pegasus setup.

 

Finally, enter your internet service provider's (ISP) mail server details on the Mail Server tab - see "Configuring your mail server".

 

 

 

 

 

Modifying Pegasus

To modify an existing Pegasus mail account for use with SecExMail, please follow the steps detailed below.

Open Pegasus Mail and select Tools > Internet Options >

 

A pop-up menu will appear Select the Receiving (POP3) Tab and in the POP3 host box type 127.0.0.1.

 

 

Then select the Sending (SMTP) Tab and in the SMTP host box type 127.0.0.1 and check the box alongside Login using my POP3 settings for user name and password

 

Finally, enter your internet service providers (ISP) mail server details on the Mail Server tab - see "Configuring your mail server".

 

 

 

 

Eudora

To configure Eudora Mail to work with SecExMail, you will need the password given to you by your internet service provider (ISP) or your system administrator. SecExMail operates as a go-between or relay agent between Eudora Mail and your ISP's mail server. It encrypts and decrypts messages to and from people on your Friends list so Eudora Mail must be configured to send and receive mail via SecExMail. Follow the steps detailed below to configure a new email account in Eudora Mail for use with SecExMail. These instructions apply to Eudora 5.1

If you are modifying an existing Eudora Email account for use with SecExMail, please refer to modifying Eudora email accounts

Eudora Email Account Setup Wizard runs automatically the first time Eudora Mail is used, click Next > to continue.

 

A pop-up menu will appear. Select Create a brand new email account and click on Next >

 

Enter your name as you wish it to appear in the "Your Name" field on your emails and click Next >

 

Enter your email address and click Next >

 

Enter your user ID as given to you by your ISP or system administrator. Click Next >

Select POP as the incoming mail server type. Enter the IP address 127.0.0.1 as the incoming mail server. This IP address is the loopback address for all computers running the Internet Protocol and is located on your computer. SecExMail is listening on this IP address and will process all incoming e-mail messages. Do not enter your internet service provider's (ISP) mail server details here - see "Configuring your mail server". Click Next >

Enter the IP address 127.0.0.1 as the outgoing SMTP mail server and check the box against "allow authentication". Click Next > to continue.

 

Click Finish to complete the Eudora setup.

Finally, enter your internet service provider's (ISP) mail server details on the Mail Server tab - see "Configuring your mail server".

 

 

 

 

 

 

 

 

 

Modifying Eudora

To modify an existing Eudora mail account for use with SecExMail, please follow the steps detailed below.

Open Eudora Mail and click on Tools > Options

 

 

A pop-up menu will appear. Select Getting Started. In the box labelled Mail Server (Incoming) enter 127.0.0.1and likewise in the box labelled SMTP server (Outgoing) enter 127.0.0.1.

 

Select Sending Mail in the left column and make sure the box labelled Allow authentication is checked, click OK to finish.

Finally, enter your internet service provider's (ISP) mail server details on the Mail Server tab - see "Configuring your mail server".

 

 

 

Calypso

To configure Calypso to work with SecExMail, you will need the password given to you by your internet service provider (ISP) or your system administrator. SecExMail operates as a go-between or relay agent between Calypso and your ISP's mail server. It encrypts and decrypts messages to and from people on your Friends list so Calypso must be configured to send and receive mail via SecExMail. Follow the steps detailed below to configure a new email account in Calypso for use with SecExMail. These instruction apply to Calypso version 3.2 and version 3.3

If you are modifying an existing Calypso email account for use with SecExMail, please refer to modifying Calypso email accounts.

 

Open Calypso and right-click on Accounts in the tree view with your mouse. A pop-up menu will appear. Select Add Account. This will invoke the Calypso account wizard.

Enter a name of your choice as the email account name. Next, enter your name and the e-mail address as provided by your ISP or system administrator. Click Next to continue.

Select POP3 as the incoming mail server type. Enter your user ID as given to you by your ISP or system administrator. Next enter the IP address 127.0.0.1 as the incoming mail server. This IP address is the loopback address for all computers running the Internet Protocol and is located on your computer. SecExMail is listening on this IP address and will process all incoming e-mail messages. Do not enter your internet service provider's (ISP) mail server details here - see "Configuring your mail server". Click Next to continue.

 

Select Normal as password authentication and enter your password as given to you by your ISP or system administrator. If you want Calypso to remember your password, check the Remember password box. Click Next to continue.

 

Select "Delete message from mail server after it is retrieved" if you do not want the mail server to retain your incoming mail. Click Next to continue.

 

Enter the IP address 127.0.0.1 as the SMTP server. This IP address is the loopback address for all computers running the Internet Protocol and is located on your computer. SecExMail is listening on this IP address and will process all outgoing e-mail messages. Do not enter your internet service provider's (ISP) mail server details here - see "Configuring your mail server". Click Next to continue.

Click Finish to complete the Calypso account setup.

Finally, enter your internet service provider's (ISP) mail server details on the Mail Server tab - see "Configuring your mail server".

 

Modifying Calypso

To modify an existing Calypso email account for use with SecExMail, please follow the steps detailed below.

Open Calypso and select Accounts in the tree view with your mouse. Choose the account you wish to configure for use with SecEx Mail on the right, right-click the account with your mouse and select Properties... This will invoke the properties dialog for your email account.

Select the Mail Server tab. Enter the IP address 127.0.0.1 for both POP3 and SMTP server under Incoming Mail Server and Outgoing Mail Server respectively. This IP address is the loopback address for all computers running the Internet Protocol and is located on your computer. SecExMail is listening on this IP address and will process all incoming and outgoing e-mail messages. Do not enter your internet service provider's (ISP) mail server details here - see "Configuring your mail server". Enter your user name and password as provided by your ISP under Logon Information. Click Ok.

 

 

 

 

 

 

IncrediMail

To configure IncrediMail to work with SecExMail, you will need the password given to you by your internet service provider (ISP) or your system administrator. SecExMail operates as a go-between or relay agent between IncrediMail and your ISP's mail server. It encrypts and decrypts messages to and from people on your Friends list so IncrediMail must be configured to send and receive mail via SecExMail. Follow the steps detailed below to configure a new email account in IncrediMail for use with SecExMail. These instruction apply to IncrediMail Xe, build number 1750710.

If you are modifying an existing IncrediMail email account for use with SecExMail, please refer to modifying IncrediMail email accounts.

Open IncrediMail, click Tools and select Accounts on the menu. This will invoke the Mail Accounts screen.

 

Click Add to invoke the Account Wizard. If this is the first account you are creating, you do not have to provide an account name. Otherwise enter a name of your choice as the email account name.

 

Select "Let me configure settings myself" and click Next to continue.

 

Enter your name and the e-mail address as provided by your ISP or system administrator. Click Next to continue.

 

Enter the IP address 127.0.0.1 for both "Incoming mail server" and "Outgoing mail server". This IP address is the loopback address for all computers running the Internet Protocol and is located on your computer. SecExMail is listening on this IP address and will process all incoming and outgoing e-mail messages. Do not enter your internet service provider's (ISP) mail server details here - see "Configuring your mail server". Click Next to continue.

 

 

Enter your user name and password as provided by your ISP under Logon Information. Click Finish to complete the IncrediMail account setup.

 

Finally, enter your internet service provider's (ISP) mail server details on the Mail Server tab - see "Configuring your mail server".

 

Modifying IncrediMail

To modify an existing IncrediMail email account for use with SecExMail, please follow the steps detailed below.

Open IncrediMail, click Tools and select Accounts on the menu. This will invoke the Mail Accounts screen.

 

Select the account you wish to modify and click Properties.

Select the Servers tab. Enter the IP address 127.0.0.1 for both Incoming mail server and Outgoing mail server. This IP address is the loopback address for all computers running the Internet Protocol and is located on your computer. SecExMail is listening on this IP address and will process all incoming and outgoing e-mail messages. Do not enter your internet service providers (ISP) mail server details here - see "Configuring your mail server". Enter your user name and password as provided by your ISP. Click Ok.

 

 

 

Netscape Mail

To configure Netscape Mail to work with SecExMail, you will need the password given to you by your internet service provider (ISP) or your system administrator. SecExMail operates as a go-between or relay agent between Netscape Mail and your ISP's mail server. It encrypts and decrypts messages to and from people on your Friends list so Netscape Mail must be configured to send and receive mail via SecExMail. Follow the steps detailed below to configure a new email account in Netscape Mail for use with SecExMail. These instructions apply to Netscape 7.0

If you are modifying an existing Netscape Email account for use with SecExMail, please refer to modifying Netscape email accounts.

Open Netscape Mail and click on File > New > Account with your mouse.

A pop-up menu will appear. Select Email account and click on Next. This will invoke the Netscape Mail account wizard.

Enter your name as you wish it to appear on your emails and enter your e-mail address, click Next to continue.

Select POP as the incoming mail server type. Enter the IP address 127.0.0.1 as the incoming mail server. This IP address is the loopback address for all computers running the Internet Protocol and is located on your computer. SecExMail is listening on this IP address and will process all incoming e-mail messages. Do not enter your internet service provider's (ISP) mail server details here - see "Configuring your mail server". Click Next to continue.

Enter your user ID as given to you by your ISP or system administrator. Click Next to continue

Personalise your account with a name of your choice and click Next to finish

Finally, enter your internet service provider's (ISP) mail server details on the Mail Server tab - see "Configuring your mail server".

 

 

 

 

 

 

 

 

Modifying Netscape Mail

To modify an existing Netscape mail account for use with SecExMail, please follow the steps detailed below.

Open Netscape Mail and click on Edit > Mail & Newsgroups Account Settings.

A pop-up menu will appear. Select the account you wish to modify.

 

Select Server Settings and in the server name box enter 127.0.0.1

 

Select Outgoing Server (SMTP). In the Server Name box enter 127.0.0.1. Click OK to finish.

 

 

 

 

Technical

RSA Public Key Encryption

 

"c = me mod n" is the algorithm that turns the world of e-commerce. Introduced in 1978 by Rivest, Shamir and Adleman after whom the cipher is named, RSA is the worlds foremost public key encryption system. Contrary to the design of classic encryption algorithms where the same key is used to lock and unlock the information, public key encryption relies on "two key" algorithms. The sender encrypts the message with the recipients public key who, upon receipt of the message, is able to decipher the same with the private key counterpart. This development was revolutionary in the field of cryptography because parties wishing to establish secure communications no longer had to meet in "secret" to exchange confidential keying information.

The SecExMail public key infrastructure uses industry standard RSA encryption as developed by the OpenSSL project.

See Acknowledgements.

 

 

 

 

 

 

ISAAC Random Number Generator

 

ISAAC (Indirection, Shift, Accumulate, Add, and Count) is a cryptographically secure pseudo random number generator. With an average cycle length of 2 to the 8295th power its output is uniformly distributed and unpredictable. ISAAC has been developed by Bob Jenkins and placed into the public domain in 1996. See Acknowledgements for legal information on ISAAC.

ISAAC is at the heart of SecExMail's entropy collection system and comprises the stream cipher subsystem of the SecExMail cipher.

 

 

 

 

The SecExMail Cipher

 

The SecExMail cipher is a composite cipher specifically designed to operate on real-time email streams. It uses cryptographic primitives which are available to the general public and have been subject to extensive peer review. The SecExMail cipher incorporates RSA public key encryption. Message encryption is performed via the Twofish block cipher and the ISAAC stream cipher. The SecExMail cipher is warranted to be free from spy-ware, key escrow or key recovery features of any kind. The email encryption process is described in detail below. See diagram.

 

 

SecExMail Composite Cipher

 

Email data is received in variable length data blocks. SecExMail parses SMTP header info, mail and data bodies.

Because email messages frequently contain known plain text, such as salutation and or tag lines, which gives rise to known plain text attacks on the encrypted message and in order to minimize overall message expansion, the plain text is first compressed using the ZLIB compression algorithm. The net effect of deflating large amounts of data, containing both tidbits of known plain text such as greeting or tag lines as well as unknown message text into a compressed data stream is that any known plain text is effectively obscured.

The ZLIB stream has a fixed header format which in itself might be exploited as known plain text by a savvy cryptanalyst. For this reason, the first 64 bits of the steam are enciphered by way of a One Time Pad, using standard XOR masking. This approach acknowledges that email messages will contain portions of known plain text and proactively manages this problem.

At this point the compressed data is encoded using the 64 bit ISAAC stream cipher creating the layer one cipher text.

The next step in the encryption process is to encrypt the layer one cipher text using the 256 bit Twofish block cipher. Twofish is used in chained block mode, but instead of XOR'ing the previous block's cipher text into the plain text of the current block, the output from the ISAAC layer is "chained in". This chaining process is illustrated below.

 

ISAAC Twofish Block Chaining

The final step is to assemble the output in base64 transfer encoded format for transmission via mail transfer agents (MTA).

 

 

SecExMail Message Format

 

SecExMail messages are transferred in base64 encoded format. Messages may be encrypted to multiple recipients. The internal message layout is defined as follows :

[<rsa bytes>:<recipient>]key[<rsa bytes>:<recipient>]key...cipher text

 

 

This is the size of the recipient's RSA key in bytes. Therefore a 2048 bit RSA key would be listed

as having a size of 256 bytes. RSA This parameter is defined for RSA key sizes of 2048, 4096, and 8192 bits.

This is the email address of the recipient to whom the message is encoded.

This is the SecExMail session key material, encrypted with the RSA public key of the recipient.

The SecExMail session key is used to encrypt the message body of the email message and is comprised

of a 64 bit One Time Pad key, a 64 bit ISAAC stream cipher key, and a 256 bit Twofish key.

This is the message body encrypted with the SecExMail Cipher.

 

A typical SecExMail enciphered message is depicted below :

 

--Begin SecEx 1.1--

WzI1NjpjaHJpc0BvZmZzaG9yZW1haWxyb29tLmNvbV0dJyyJnwwCm0LI0659zpBY/asERA3FRG99

OYRhm5f+rwohYORt8Wp3rmwI2Nguhk38KvH5pg8ZRTXXWiEHYMakQPPXpbnaJepJFZeXTcNMTi/d

p0Rc5HCTui5okW/00Gv8Sp328Ldh3DlgQcGW7oYt9qxG/cJ/PaVxxxEfDM3I4cnsCyLjfX+I0JY6

h+emWt4U/N6u+K0tPL4ua2OfGhGoBXo+6KK042bXGpk/Pj6WEOQMcKyR+VrsOx6ZcTgpqS3WCcUc

2/JDy9zHqlkPLohXcT4G2Hiwp/1JhviaQtoKA2NYYimuY5ZjNUGPMsIaN0h6AKS3/qZsHhK1LtcA

WpLnuoFbQleekuJngBCC1RIlIlI4lfFgMkxoUkZrtXg6E217Q6GMMhHMANJ4EU3D2c1BgauDYAQG

Rpz0p8efm/WAZoXai6KVElMEiK7tv98s8wu9LpUxN44QYj2eNRVI+72lGPfkBoKvr6eK5/TU4cHN

Dg9VxCGj4n8KDvfYsPRpBSNzLL+Ta4iz7toQ/MGdPCQa

--End SecEx Mail--

 

 

 

 

 

 

SecExMail Key Transparency

SecExMail is engineered with a focus on transparency to give you the assurance that no backdoor keys or key recovery is embedded in encrypted messages. This means you as the recipient or sender of an encrypted SecExMail message can verify what keys have been used in the encryption of that message.

The non-technical approach to this is to right-click an encrypted message listed on the in-tray tab or out-tray tab with your mouse and select "decode" from the pop-up menu. Click the watch tab to review the analysis of the offline decryptor. The watch tab will report both whom the message was addressed to and whom the message was encrypted to. See sample output below :

Offline decryptor starting file analysis

This email was sent to:

dodo@offshoremailroom.com -> have key

This message was encrypted to:

dodo@offshoremailroom.com ...session key ok

Decrypted in 0.24 seconds

If the message was encrypted to multiple recipients, the log output will indicate this. Note that you will only be able to decrypt messages for which you hold private keys. This means that if you send email to people on your friends list, only your friends will be able to decrypt these messages. See SecExMail Keys.

The more technical approach to verifying keys used in encryption of a particular messages is to use base64 decoding software and examine the raw data. See SecExMail Message Format for details.

SecExMail Keys

 

SecExMail employs public key encryption. Messages are encrypted to one or more recipients using their public keys. Only the intended recipient can, upon receipt of the message, recover the plain text using his/her private key. Public key encryption differs from classical encryption because the recipient of a message does not use the same key for decryption as the sender used for encryption.

In cryptography the fictional characters "Alice" and "Bob" are often used for illustration purposes. Consider the following scenario : Alice lives in New York and Bob lives in Los Angeles. Alice wants Bob to be able to send her confidential mail. She goes to her local hardware store and purchases a dozen or so combination padlocks, sets the unlocking code on each padlock, confuses the dials again, and sends the open padlocks to Bob in Los Angeles.

Bob is now in possession of Alice's padlocks, but not the unlocking codes. When Bob wants to send Alice a confidential letter, he places the letter inside a steel box and locks it with one of Alice's padlocks. Once the padlock is snapped shut, even he himself cannot re-open the box since he is not in possession of the combination which will release the lock. Only Alice will be able to open the box and therefore read the letter once she has received Bob's parcel in the mail.

Public key encryption works much in the same manner. The public key may be thought of as an open, electronic padlock. You can send this electronic padlock to all your friends. Your friends may then use that padlock to secure their emails to you in an electronic box. This electronic box is the encrypted email. Upon receipt of the encrypted email, you dial the secret combination which is your private key and retrieve the original message.

SecExMail does all this for you.

 

SecExMail Key File Format

 

The SecExMail keys are stored in conventional text files ending in "#.pubrsa" and "#.privrsa" for public keys and private keys respectively. Files are divided into an administrative segment and a data segment. The administrative segment contains information required by SecExMail for key management.

Administrative Segment

keyid

Globally unique key identifier; used by SecExMail to associate private and public key components.

owner

owner of the SecExMail key

email

Email address of key owner

enabled

reserved for future use

options

vendor options field - reserved for future use

New lines in the administrative section are denoted by carriage return line feed pairs (ASCII characters 13 + 10).

Data Segment

The data section is comprised of a single RSA key in base 64 encoded format. New lines in the data section are denoted by a single linefeed ( ASCII character 10 ). Private RSA keys are stored in 3DES encoded, chained block cipher format and protected with a passphrase.

SecExMail keys held in the registry are stored in a format analogous to keys stored on file - with each parameter represented as a registry value. See image below.

 

Entropy Collection

Individual email messages are encrypted via session keys using the Twofish block cipher and ISAAC stream cipher. Each session key is then encrypted with the SecExMail public key for the recipient of the message. Upon receipt of the message, the session key is decrypted via the recipient's private key. Once the session key for the message has been retrieved, the message itself can be decrypted. In order for the message to be secure this session key must be both random and unknowable.

Consider the following scenario where a home owner protects his garden shed with a combination pad lock. Assume further that the brand of pad lock the home owner purchased has four dials, each bearing the digits "1" through "9", and that the dials have a slight tendency to snag on the number "7". If the tendency is slight enough so as to be hardly noticeable many a buyer will, without being aware of this, chose a combination involving one or more sevens. Ordinarily a thief would be compelled to try 10,000 settings in an exhaustive search for the correct combination. On average, therefore, a thief will succeed after 5000 tries. The educated thief, however, knows that all locks of this brand have a tendency to snag on the number "7". If the thief establishes that the first two dials are so affected, then only the second pair of dials is truly unknown. With some luck, the thief only needs to examine 100 combinations, 00..99 on the second pair of dials, in order to open the lock. Our number lock, although it provides for a "key space" of 10,000 combinations has a statistical bias - some combinations are more likely than others. In order for the combination lock to be useful, its combination must be entirely unknowable.

Much the same applies to encryption keys - size does matter. But for a large encryption key to be strong, it must be unknowable to a potential attacker. This requires the input of good random numbers during key generation. If the inputs to the key generation are not random, an attacker will be able to exploit the statistical bias. Why cut the lock, when you can simply dial the correct number ? Good randomness, unfortunately, is difficult to produce for modern computers. Computers are calculating machines which perform predefined operations according to predefined scripts, called programs. Nothing about a computer is random. Computing is 100% deterministic albeit complex and sometimes opaque to the human observer. To compensate for this shortcoming, random number generators accept what is referred to as a seed. The seed initializes the internal state of the random number generator and thus sets a starting point. Thereafter a complex mathematical sequence is applied to produce statistically pattern free output. If the starting point, or seed, to the mathematical sequence is unknowable, the random number generator can be said to be "truly random". This unknowable starting point is referred to as "entropy". The entropy of a system is the measure of its unpredictability.

Because computers are inherently deterministic, the best source of unpredictability is the human user. Many encryption systems make the mistake to digest state information about the computer, such as screen shots or process lists, gathered in short term observations into entropy data. Many encryption tools are confined to gathering entropy in this manner by the nature of their design. An encryption plugin for an email client, for example, is only invoked for a very short period of time when it is asked to asked to encrypt an email message. It is then free to digest short term state information about the computer into entropy. The problem with this approach is that the next invocation will possibly produce similar state information. Thus if little has changed in the computer's state since the last invocation, the entropy collected at each invocation will exhibit a high degree of correlation. Some designs safeguard against this by writing a seed file to disk which transfers state information from one invocation to the next. However, the amount of entropy gathered by a program which only exists in computer memory for but a brief time is inherently limited.

For this reason, and to mine the entropy which may be found in the interaction between the human user and the computer, SecExMail operates an entropy collection subsystem which runs continuously during the operation of the computer, even when no email is being sent or received. The entropy collection extracts unknowable user data and re-seeds small subsections of the random number generator's state array as entropy data becomes available. A perfect source of randomness are keyboard timings and mouse clicks, mouse movements and mouse timings. The entropy collection subsystem NEVER records your keystrokes or any other user information, but exploits the timing information contained in system events generated by the user. Since some users tend to be slower typists than others, and yet other users make predominant use of the mouse, SecExMail uses two strategies to distill "unknowability" from the data it collects.

1) Modulus Calculation

The modulus operation is a mathematical calculation which computes the remainder of integer division. For example 7 MOD 3 equals 1. Perhaps you recall this kind of arithmetic from "Kindergarten Math". "How often does 3 go into 7 ?" Answer 2, remainder 1. This kind of arithmetic is useful in removing bias from nearly random data. For example one might conduct a survey recording the height of shoppers in a mall. When asking "random" adults how tall they are, the answers are likely to fall into a certain range : 5 foot 9, 6 foot 1, 5 foot 11, etc. While the exact answers will be unknowable to someone who did not accompany the surveyor, the collected data will not be entirely unknowable as the majority of answers will fall into a certain range. However, consider what happens when we compute the "modulus 3" of the above values.

Data

Inches

Modulus 3

5 ' 9"

69 "

0 ( 23 * 3 = 69, remainder 0 )

6 ' 1 "

73 "

1 ( 24 * 3 = 72, remainder 1 )

5 ' 11"

71 "

2 ( 23 * 3 = 69, remainder 2 )

 

Regardless of the ethnicity of the population surveyed, someone who did not accompany the surveyor will be unable to predict the sequence of zeroes, ones and twos which will emerge. The average height of the examined population is biased, but whether a population member's height is an integral multiple of 3 inches is entirely unknowable.

2) Secure Hash Functions

The second strategy employed by the entropy collection subsystem to distill randomness from biased data is to apply a secure hash function. Secure, one way hash functions are used for digital signatures and cryptographic checksums. According to Ron Rivest, one of the designers of RSA encryption, hash functions are designed such that "It is computationally infeasible to find two messages that hashed to the same value. No attack is more efficient than brute force." As such, hash functions tend to preserve the smallest differences in a sample and have the added property of preserving the entropy found in the sample. It is important to note that SecExMail does not use secure hash functions to "stretch" the randomness in small data sets, but to distill the entropy in data pools containing hundreds or thousands of data items to 160 bits of entropy. SecExMail employs the RIPEMD-160 message digest.

Entropy is gathered in entropy pools, distilled as described above and finally scattered randomly into the state array of the ISAAC random number generator. The diagram shown below depicts the flow of data in the entropy collection subsystem.

 

To prevent attacks on the random number generator based on the monitoring of key strokes and mouse events by third parties, the SecExMail entropy collection does not employ event timings which represent times at which the operating system recorded the events, but instead uses internal timestamps which represent the times at which the events were recorded by SecExMail's own message queue. This message queue is subject to further timing distortions by other events and the general multitasking behavior of the application.

One-Time Pads

 

A one-time pad is a block of random data used to encrypt a block of equal length plain text data. Encryption is usually by way of XOR'ing the one-time pad with the message text. This process may be thought of as a 100% noise source used to mask the message. The one-time pad is secure if it is comprised of random data and is never reused. Because of this, one-time pads have limited application in modern ciphers, but are commonly acknowledged as the holy grail of cryptography.

SecExMail uses one-time pads to encrypt the ZLIB compression header in SecExMail messages.

 

 

IP / DNS Spoofing

IP spoofing is the creation of IP packets using someone else's IP address. DNS spoofing is the substitution of a different IP address for a DNS name. DNS spoofing is commonly achieved by corrupting the DNS database of the DNS server your computer connects to in order to match human readable computer names to physical IP addresses. In both instances, the computer you are connecting to is not the server you expect.

This can be used, for example, to trick you into giving your server user name and password to the computer acting as the impostor. Alternatively, the impostor might simply act as a conduit whilst talking to the real server on your behalf. This is called a "Man-in-the-middle attack" and is commonly used to intercept network traffic without the knowledge of the original participants.

SecExMail protects against IP and DNS spoofing via SSL / TLS certificates. At the start of each connection attempt, the server certificate is verified to establish the server's true identity and the digital signature of the certificate is recorded. (Offshore and Corporate edition only )

 

 

Requirements

 

  • Windows 95 / 98 / ME / NT / 2000 / XP
  • SMTP and POP3 compliant email client, such as Eudora, Calypso, Outlook, etc.
  • Access to internet mail server ( SMTP & POP3 )
  • Pentium class IBM compatible computer

Known Plain Text Attack

 

A known plain text attack is the attempt by a cryptanalyst to break a cipher based on knowledge about the plain text of a message prior to its encryption. Simply put, if the cryptanalyst knows the method of encryption, any encryption, part or all of the plain text input to the cipher, and is able to observe the encrypted message text, he / she will likely be able to infer the key used to encrypt the message. This in turn can compromise the security of future messages sent with that key. In greatly simplified terms :

Plain Text + Key = Cipher Text

Cipher Text - Plain Text = Key

Consider the following scenario : Alice sends Bob an email and attaches her favorite holiday snapshot. The email is encrypted. Assume further that she sends the same holiday snapshot to her mother in plain text. Steve, who wishes to spy on Alice and Bob, was able to intercept her email to Mom and now has a copy of "myholiday.jpg". If the picture consisted of 200 Kilobytes of data (about 200,000 letters) and Alice included only a short personal message to Bob with the picture ( say 50 letters ), then Steve already knows 99% of the message contents prior to encryption and now has greatly improved chances of breaking Alice's key if he comes into possession of the corresponding cipher text.

SecExMail includes comprehensive protection against known plain text attacks.

See SecExMail Cipher and "Proactive Security" under What is SecExMail.

FAQ

What email clients work with SecExMail ?

The following email clients have been tested and are known to work with SecExMail :

However, the only formal requirement is that your email client be compatible with the SMTP and POP3 mail protocols for sending and receiving mail respectively. You must configure your email client to talk to your computers loop-back address ( 127.0.0.1 or localhost ) and configure SecExMail to talk to your ISP's email server.

If your email client is POP3 and SMTP compatible and is unable to send and receive mail through SecExMail, we want to hear from you. Please contact us at support@bytefusion.com with details of your email client including its version number as well as the details of your operating system.

Does SecExMail work with IMAP?

SecExMail does not work with IMAP mailboxes. SecExMail requires SMTP and POP3.

How secure are SecexMail keys ?

SecExMail uses industry standard RSA keys. RSA is the worlds foremost public key encryption system. The security of your personal SecExMail key will vary depending on the key size. Please consult the documentation on the SecEx Key Generator and key size for details.

The session keys size is 256, 64 and 64 for the Twofish block cipher, the ISAAC stream cipher and the One-Time Pad respectively. See the SecExMail composite cipher for details.

Is SecExMail legal in my country ?

SecExMail is distributed from the Isle of Man, a self governing offshore island in the Irish Sea. The Isle of Man has no laws restricting encryption technologies and is committed to pro e-commerce legislation. See E-Island Fact Sheet published on the Isle of Man government web site www.ecommerce.gov.im. However, you are advised to check that the laws of your country allow the import and use of mass encryption software before downloading and/or using SecExMail. Please see the terms of the license agreement for details.

Bytefusion Ltd. endeavors to comply with the highest standards of local and international law. Persons who reside in any country which is listed or becomes listed as embargoed by the United Nations with regard to export of encryption software are prohibited from using SecExMail.

SecExMail is compliant with the Wassenaar Arrangement on encryption technologies; it is exempt from the Wassenaar dual-use restrictions as per Category 5, Section 2, "Information Security". SecExMail complies with Note 3 on cryptography :

SecExMail is also compliant with the European Union Council Regulation No 2432/2001 which implements the Wassenaar Arrangement as detailed above.

SecExMail is warranted to be free from spy-ware, key escrow or key recovery features of any kind.

 

Does SecExMail support signatures ?

Digital signatures are not supported at this time. The next version of SecExMail will support this feature.

Does SecExMail work with PGP ?

SecExMail does not decrypt PGP messages and does not encrypt messages which can be read by PGP users.

However, SecExMail encrypts the mail stream and therefore does not interfere with existing methods of encryption. As such, it is possible to encrypt with PGP first, and then send the resulting cipher text through SecExMail. This effectively results in "doubled-up" super cipher encryption.

Is the source code available for SecExMail ?

The source code for the core cryptographic components of SecExMail is freely available on the internet.

At the time of writing the Twofish homepage can be found at http://www.counterpane.com/twofish.html.

At the time of writing, the ISAAC home page can be found at http://burtleburtle.net/bob/rand/isaacafa.html.

SecExMail contains cryptographic software from the OpenSSL project at www.openssl.org

 

 

 

 

Why can I not mix clear text and cipher recipients ?

I tried to send email to someone on my secure friends list and CC'ed ( carbon copied ) the message to someone not on my friends list and Outlook reported the following error :

"SecExMail rejected the message because you mixed plain text and cipher text recipients."

Consider the following scenario. You compose a message and address it to two friends, Bob and Alice. Bob has a SecExMail key - Alice does not. However, your email client sends one message only. Your mail server is responsible for distributing your single message to all recipients, not your email client. This is a design feature of SMTP, the protocol which governs distribution of email messages across the public internet. Because the message has been encrypted however, Alice cannot read it and asks you to resend the same message again, in plain text. You oblige her.

If someone were to observe you sending the same message twice to the same recipient, once in cipher text and once in plain text, they could reasonably mount what is called a known plain text attack on the session key or your SecExMail key because they know both the input ( plain text ) and the output ( cipher text ) and might therefore deduce your key. For this reason, SecExMail has disallowed the action.

Simply compose two messages, one to the person on your friends list and another, separate message to the person who is not on your friends list.

 

 

About

About SecExMail

 

SecExMail

Version 1.5

Copyright © 2002, Bytefusion Ltd.

All Rights Reserved

 

About Bytefusion Ltd.

 

Bytefusion Ltd.

22 Duke Street

Douglas, IOM

IM1 2AY

British Isles

Inquiries: sales@bytefusion.com

 

Your index page goes here...

In MS-Word, select INDEX AND CONTENTS from the INSERT menu.

Select INDEX and click OK.