Red Hat DIRECTORY SERVER 8.1 - 11-01-2010 Manuel d'utilisateur

EnigMailEnigMailopenpgp email security for mozilla applicationsopenpgp email security for mozilla applicationsThe Handbookby Daniele Raffowith Robert

5. Getting startedThis chapter will illustrate how to get Enigmail up and running. To use Enigmail, you first need to install GnuPG. GnuPG comes in

Each letter of the passphrase is the first letter of each word. In the first line, the number is written in figures instead of being spelt out. In t

secret messages as you're typing them. For the purpose of recording, he might as well use a hardware keylogger installed between keyboard and ma

It is also worth noting that a technically skilled intruder having physical access to a turned-off computer could infect it, leaving no traces, by rep

12.3.3. OpenPGP cardEnigmail supports the OpenPGP card, a smart cart compatible with ISO standards 7816-4 and 7816-8; see http://g10code.com/p-card.ht

clean Linux workstation not connected to any network and booted from a CD-ROM. The secret key is then moved to the card. Enigmail only supports on-c

/hexscd serialnoscd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40scd apdu 00 20 00 81 08 40 40 40 40 40 4

13. SupportThis handbook, once read in full, should answer all questions you might have about Enigmail and give you a thorough understanding of it. Y

The first and most popular option is to use MacGPG. The MacGPG Project provides pre-built Universal Binaries of GnuPG 1.4.9 and later for users runni

You should have your mailclient and your email account fully configured before proceeding to the installation of Enigmail. 5.3. Installing EnigmailDo

5.3.3. Installing a locale for EnigmailEnigmail is available in many languages. The following locales are already included in Enigmail 1.0.0: ar Arab

6. Quick startRun the email client you installed (Thunderbird or SeaMonkey). You will notice a new submenu called OpenPGP in the menu bar: that'

6.1. The Setup WizardSelect OpenPGP → Setup Wizard and the following window will appear. Remember that you can abort the Setup Wizard at any time, and

Here you can choose whether to have Enigmail configured to work on all your email accounts and identities, or for some only. If you are a beginner us

Here you can choose whether to sign all mail you send, or to pre-select recipients (through more complex per-recipient rules) to whom send signed mess

Here you can choose whether to enable encryption by default for all your outgoing mail. To encrypt a message, you need to have the public key of the

The Setup Wizard here asks you permission to modify some email settings to make sure Enigmail works seamlessly on your machine. You can safely select

1. Table of Contents2. Introduction...53. Acknowledgements...

Note that, as a good rule of netiquette, you should refrain from using HTML also when writing normal (unsigned, unencrypted) mail. The other setting

Perhaps you already used Enigmail (or GnuPG, or any other OpenPGP software) in the past before installing this version of Enigmail, and have created a

More likely, this is the first time you use OpenPGP, so you will need to generate a new key pair. Therefore, select I want to create a new key pair f

The last window of the Setup Wizard allows you to review the choices you've made and confirm. Click Next to commit the changes and finish. 23

Enigmail is now configured and ready to use.24

When you start writing a mail, you will now notice a new OpenPGP button in the toolbar of the Compose window. This button allows you to sign and/or e

When you receive a mail message that has been OpenPGP-secured (signed and/or encrypted), it will appear as such: The message in the figure has been b

7. Key managementOnce you have Enigmail on your system, you need to populate it with keys: it's pretty useless without them. You need to have yo

By clicking the expand gadget at the left of each key, you can see the key's additional user IDs and PhotoID, if present. The columns (Key ID, T

7.2. Generating your own key pairYou need to own a key pair to join the elite that communicates securely using GnuPG. You can create one at any momen

8. Signature and encryption...428.1. Account settings...

7.2.2. Choose a passphraseYour private key is all that you need to send signed messages and decrypt messages that you receive on your selected email a

7.2.4. Choose the key type and sizeBy clicking the Advanced tab you can choose some properties used for the generation of your key pair: the Key size

You may also generate the revocation certificate at any later time by selecting your key pair and choosing Generate → Revocation certificate. 7.3. Ope

• Key validity and Owner trust indicate respectively the validity of the key and the trust in the key's owner. Key validity will show you whethe

The Add and Delete buttons add and delete other user IDs. An user ID is composed of a name and email address; it is also possible to put an optional

It is not currently possible to add a PhotoID from Enigmail, but you can do so from GnuPG command line. Assuming that 0x89ABCDEF is your key ID, type

If you now click on Export Secret Keys, the exported file will contain your whole key pair (secret key and public key). If you click on Cancel instea

7.4.2. Publish your public key on a keyserver By far, the easiest way to let the world know your public key is to publish it on the public keyserver n

→ Revoke key. This effectively creates a revocation certificate and imports it in one shot. Note that this command does not work in Enigmail 0.96.0

it to the clipboard (Ctrl+C under Windows). Then choose Edit → Import keys from Clipboard to import this public key into your keyring. You can search

Key Management window...9010.1.17. I get an error whenever I try to post to a n

sign other people's keys to successfully use GnuPG or Enigmail. To participate, when you receive a public key and have verified both its fingerp

You can set the level of trust of a particular key by selecting that key and choosing the option Set Owner Trust from Key Management, or from Key Prop

8. Signature and encryptionYou have generated your own key pair and have imported other people's public keys, so you are now able to exchange sec

If you have multiple identities enabled, you can (and should) set these OpenPGP options independently for each identity. You will do this from the Id

• Send URL for key retrieval adds the mail header OpenPGP: url=url which mentions the URL from where your public key can be retrieved. If you enable

8.2. Signature and verification8.2.1. Signing a messageYou are now ready to write your first digitally signed email message.From your email client, cl

The following figure shows the composition of a signed message:Select the option Sign Message and click Send. The message will be signed with the key

8.2.2. Verifying a signatureNow, if your mailclient is set up so that a copy of outgoing emails is automatically saved in the Sent folder, it is possi

Now let's have a look at a signed message I received from [email protected], assuming I have his public key:The OpenPGP status bar tells that

What if I haven't had John Random Hacker's public key? In this case, the message would appear as such:The message is signed, but the signat

2. IntroductionThere are two main branches of cryptography: symmetric cryptography and asymmetric cryptography.Symmetric cryptography is the first typ

Finally, you might receive a mail that Enigmail shows as such: The signature is invalid, which means that the message has been altered in transit, or

Just click on Import and Enigmail will do that for you. The imported key will be added to your keyring. More often, you will receive someone's p

Adele's public key is now in my public keyring. 52

8.3. Encryption and decryptionHere comes the fun part – exchanging secret messages. 8.3.1. Encrypting a messageTo encrypt a message, select the option

Random Hacker's public key, as shown in the figure, and click Ok. The message would then be sent to [email protected] encrypted with John Ran

8.3.2. Decrypting an encrypted messageThis is a message that John Random Hacker sent encrypted to me:The status of the OpenPGP bar, the key in the hea

HTKV+knUvwzBUkLCRWO6GaAjOBrV+t0RnJ3yAzEgo/UX+7+wZqnng/LIFUVLCcr8z/cN7CkLBVB2d/qyOXcU7gLq3/EdgHxIe8tqOwnYEugfqDtJp8oQtMUwXiw71X+d(... 18 lines omitted

I can use Adele's services to test that my messages are encrypted and decrypted correctly. As you remember, I have imported Adele's public

A short time later, I receive Adele's reply:Notice that the OpenPGP status bar warns that the mail body is partly encrypted: Adele's message

8.4. Handling attachmentsWhen sending an encrypted or signed email message that has attachments, you will be given the choice how to encrypt/sign the

A digital signature is generated by an algorithm that uses a hash function in conjunction with a key. A hash function is a function that takes in inp

8.5. NotesMail headers cannot be encrypted, nor included in the signature computation. Do not write any sensitive information in the Subject when sen

8.6. Per-recipient rulesEnigmail features an advanced per-recipient rule editor that, for any recipient, allows you to specify in advance whether to s

8.6.2. Recipient SettingsIn the Set OpenPGP Rules for field you must enter the recipient email address you're writing the rule for. Recipients a

to three options:• Never specifies that the function will be off.• Yes, if selected in Message Composition allows you to set the option at the time of

The rules are processed sequentially in the order displayed in the rules editor. If a rule contains an OpenPGP key, the rule is applied, but the addre

email defines the recipient address(es) to match. Multiple email addresses are separated by spaces. The matching is done on substrings, with curly b

9. PreferencesEnigmail can be fine-tuned to tailor your needs. This chapter illustrates the many configuration options of Enigmail.If you use GnuPG a

/usr/local/bin/gpg for Linux.If however Enigmail can't manage to find GnuPG, or you want to specify that location manually, tick Override with an

In newer versions of Enigmail, the Display Expert Settings button activates instead the five tabs with the expert settings directly in the same window

9.1.2. SendingThese settings define how Enigmail must behave when sending secured mail. You can jump to this settings window also by selecting the men

GnuPG is free, open-source and available for several platforms. It is a command-line only tool, which means that it does not have a graphical interfa

Always confirm before sending prompts you a confirmation dialog before sending any message, so that you can check the signing, encryption, and S/MIME

9.1.3. Key SelectionThis setting defines how Enigmail should select, for each recipient, the public keys to encrypt a message with. You can jump to t

9.1.4. AdvancedThese settings define miscellaneous OpenPGP and Enigmail options.Enable Encrypt replies to encrypted message if you want Enigmail to au

GnuPG version 2.0.x is distributed with gpg-agent. Enabling this option makes Enigmail use gpg-agent also for GnuPG version 1.4.x (this requires the

remember your choice for the future (for instance when choosing how Enigmail should sign/encrypt attachments), clicking this button will have Enigmail

9.1.5. KeyserverThese are the options related to keyservers used to search public keys from. The text field Specify your keyserver(s) allows you to sp

9.1.6. DebuggingThese options can help to track down why Enigmail doesn't work as expected.In the field Log directory you can type the name of a

9.2. Manually editing the preferencesManual editing of preferences are intended for advanced users only. Enigmail preferences are stored together wit

extensions.enigmail.agentPath ""The path to the GnuPG executable. If it is already in the PATH, this setting can be left blank. OpenPGP →

extensions.enigmail.confirmBeforeSend falsePops up the confirmation dialog before sending a message. OpenPGP → Preferences → Sending → Always confirm

3. AcknowledgementsThis Handbook stems from the Quick Start Guide written by Robert J. Hansen, and incorporates technical references written by Patric

extensions.enigmail.encryptAttachments 1This setting stores the value of the last encryption method used to send a message with attachment.extensions

extensions.enigmail.hushMailSupport falseEnables support for Hushmail. OpenPGP → Preferences → Advanced → Use '<' and '>'

extensions.enigmail.keyserver "pool.sks-keyservers.net, subkeys.pgp.net, pgp.mit.edu, ldap://certserver.pgp.com"The list of keyservers to u

extensions.enigmail.quotedPrintableWarn 0Issues a warning when Enigmail detects that a message going to be sent contains 8-bit characters and will us

extensions.enigmail.useGpgAgent falseUse gpg-agent to handle passphrases.OpenPGP → Preferences → Advanced → Use gpg-agent for passphrasesextensions.e

extensions.enigmail.wrapHtmlBeforeSend trueRe-wrap HTML text in signed messages before sending. Default is on.OpenPGP → Preferences → Sending → Re-w

10. TroubleshootingThis chapter contains several tips to troubleshoot any problem you may encounter when installing or using Enigmail.10.1.1. Thunderb

10.1.3. Enigmail fails to install on Firefox.Enigmail is an extension for Thunderbird and the SeaMonkey mailclient. It is not supposed to, and hence

Remember that Enigmail has only been tested with milestone releases of Thunderbird and SeaMonkey. If you use a nightly build, or your own build, Enig

10.1.11. I use a non-English character set, and my own signatures are invalid.When sending signed emails containing non-English characters (e.g. å or

4. The Enigmail teamPatrick Brunschwig Project Maintainer and Lead DeveloperRamalingam Saravanan (no longer active) Original author John Clizbe Qual

key, and hence your whole key pair is now useless.There is no way to recover your private key, either. It cannot be obtained from your public key or

10.1.19. I get the message “OpenPGP error; Encryption/signing failed; send unencrypted message?”.This happen when you're writing a mail and you h

11. FAQThis chapter contains the Frequently Asked Question about Enigmail and around.11.1.1. Can Enigmail be used for webmail? When will this feature

11.1.4. Is it possible to use PGP with Enigmail?No. PGP is not supported with Enigmail. PGP does not provide a command line capability that Enigmail

following path: C:\Program Files\GNU\GnuPG\gpg.exe .(Depending on your localisation of Windows, your Program Files folder may be called Programmi, Pro

choices offer an excellent balance of speed, safety, and compatibility for the vast majority of users. Their opinions have evolved over time to take i

The matter is even worse when the email message is not stored on the local machine but on a POP/IMAP server instead. Not only this could potentially

11.1.15. How do I enable the debug log in Enigmail?Select OpenPGP → Preferences → Advanced → Debugging and type a valid directory path in the Log Dire

12. Notes, Tips & Tricks12.1. How to choose a good passphraseThe passphrase is the last line of defence to your private key, should your key pair

Numerical constants e.g. 2.718281828459    (it's the mathematical constant e) Any of the above written in all uppercase, all lowercase, or with