Thursday, 8 November 2007

Securing email

I decided that it was about time that i studied for some more IT certification exams last week, and chose Security + from comptia (25 years old this week - happy birthday comptia) as a good starting point.

One of the first areas i started to read about was email security, s/mime and pgp etc, which all kind of made sense. So having done the theory i thought I'd have a go at setting it up for myself.
I did a quick search on the net for free certificates and found there were a few to choose from i went with comodo. Filled the email address i wanted a certificate for and created a revocation password, they posted me a username and password within a couple of minutes and it downloaded straight to my browser (flock - see previous post). I exported the certificate to the desktop creating another password. Opened my email client (outlook) and added the digital signature....

So now when every i send an email the recipient can verify that it really is from me.

The next stage would be to encrypt mail from my account to the recipient. This is a little harder as both the recipient and sender has have their accounts set up to enable this. The good thing is that when you send an email with a digital signature that signature can be used by the recipient to send encrypted email back to you.

Out of interest i check the several thousand messages from several hundred senders in my mailbox and found none at all which had been digitally signed. Surprising as quite a large number of those senders work in the it industry.