RSS Feed

November, 2012

  1. GnuPG

    November 30, 2012 by Daniel

    PGP, GnuPG, OpenPG – it goes by lot’s of names these days. The first time I read about it in the excellent Code Book by Simon Singh it was PGP.

    If you’ve no idea what I’m talking about already it’s worth reading this overview by the author of PGP, Phillip Zimmerman as to why he created a tool for people to use encryption (after all that’s what computers were invented for, kind of).
    There’s plenty of tools to use it with now, but what struck me as odd was Outlook 2010’s lack of support for it. There’s really only the OutlookPrivacyPlguin that works with it and even then it doesn’t support PGP/MIME which is a shame. Outlook natively works with S/MIME quite well.
    So it’s over to Thunderbird and Enigmail. It’ll even put email headers in telling people where to get your public key (mine’s here by the way!)
    They’ll be some more to come from me on this. PGP is still pretty handy for encrypting your own files. The tools to do it with X.509 Certificates as described recently by me aren’t as easy to use. Personally I find I want to be sure I can decrypt a file some time down the line and PGP has been doing the job for quite some time now. Of course – longevity is useful if someone breaks the encyption methods!


  2. Casio Watch

    November 2, 2012 by Daniel

    For some reason every day I wear a watch. It’s becoming a rare thing I think but I’d be lost without mine. I subconsciously look at it all the time and really miss it when I’m not wearing it. Plus, I get an added ‘holiday’ feeling when I’m not.

    My current watch is a Casio WV58u (3053). Which is practically perfect. I’ve pretty much always worn Casio watched so they are now pretty much the only thing I’d consider, my current watch has a metal band, digital time. Plenty of stopwatches, world time, etc, a light and can set itself.

    Or rather it did anyway.
    Recently the light stopped working followed by any beeping and then the auto time set function stopped working. It still did everything else. But those are just it’s base functions I suppose.
    So I thought, hmm perhaps it’s the battery, which considering the number of years I’ve had it was quite possible. After a little bit of trouble taking it apart I discovered it used a CR1620 battery and ordered it from Amazon. It came the next day and I swapped it in.
    But alas, whilst the beeping now works – the light and radio time setting still do not.

    So I think I might be looking for a new one. Which I am loathe to do because I really love this one and I like the idea of using it for a loooong time. I can almost live without the radio time setting (although I really like it) but I find the light really useful.
    I may yet take it to someone who knows what they are doing to see what they think. But it’s likely it’s not really worth it – I can pick up a new one for about £30 so the question that remains is, do that – or get a different model, one with solar charging perhaps?

    Casio MTG-930DU-8VER
    seems to do everything that I’m after, but can I let go of my current one?


  3. S/MIME

    November 2, 2012 by Daniel

    I’ve been discovering lots about sending emails with digital signatures in the past couple of days and for lack of a better place I’ll write some things up here.

    Certificates
    You can get a free certificate from Comodo (and probably other places). It lasts a year so you will need to get a new one after that. If you try to get a new one before the old one has expired you need to revoke the original one.

    Outlook
    Outlook’s support for S/MIME signing is quite good and works without hassle. You install the certificate with the Import/Export button in Trust Center -> Email Security. There’s an option there to Publish to GAL. It says it did it, but I’m not sure how to verify the fact. If you’ve done it right then you get a little ribbon in the icon for messages you’ve sent (and of course encrypted messages are displayed, unencrypted!)
    You can select whether you want to sign or encrypt by default or per message (Create a new message and click Options, it’s there in Permission whether to sign or encrypt). To Encrypt, as usual you need to have been sent a message by the person you are sending to with a digital signature.

    iOS Signing
    iOS Mail supports S/MIME albeit a little strangely but it does work which is the main thing. The best way to get the certificate onto the device is attach the .p12 file in an email to yourself. There’s lots of ways to export the certificate, easiest is probably find your certificates from your web browser settings.
    You need to turn on S/MIME in the account under Advanced and select Sign and Encrypt according to your preferences. Then it will let you select the certificate you just installed. There’s no way to change these settings on a per email basis so I’ve left Signing on and intend to use Encryption when necesseary.
    iOS does some odd checking to see whether it is able to Encrypt a message. If it’s an Exchange account it will check the GAL first with no fall back if it’s not there, which is an issue for GMail accounts set up through Exchange. I’ve swapped mine from Exchange to the standard Gmail connector. So S/MIME works but push email no longer will. I will see what I prefer on that one – I hope it’s something Apple and Google fix between them although I suspect it probably won’t get fixed due to the GMail solution being a nonstandard Exchange install (I suspect).

    If all is set up correctly signed emails have a little tick next to the sender with a little lock if it’s encrypted.

    OWA
    Outlook Web Access does support it, but only on Internet Explorer 7 or 8. Which is a little disappointing if you use OWA when you’re not using something that is IE7/8. You probably need to have your certificates with you too so sending signed email on the move is probably best done from your mobile.

    It’s a good idea to keep your certificates somewhere safe too, otherwise if something happens and they got deleted then you will be unable to read encrypted mail anymore.

    I did also set up DKIM signing for my domain using Google Apps for your Domain but it’s kind of trivial to write up, just involves pasting in an SPF record in DNS that get’s generated for you.

    Some useful links:

    Despite both of these pages decribing iOS5, iOS6 is much the same process.