Archive for November, 2007

Where to get a free S/MIME certificate

Friday, November 30th, 2007

The two sites that I would recommend for getting free certs are Thawte and Comodo

CAcert is another site worth recommendation but their certs are not recognized by common mail clients; they work just fine but you have to understand how to import the CA root certificates. You can, of course, roll your own using OpenSSL or Mozilla NSS but that is a topic for another day.

Mozillazine have a good page on free certs.

[edit: Thawte service discontinued as of 16-Nov-2009]

How to read an “smime.p7m”

Thursday, November 29th, 2007

If you read your e-mail with a client that does not understand S/MIME encryption and someone has sent you an S/MIME encrypted message then you will see an attachment named “smime.p7m” like this one.

With Gmail you could use the “Show original” option to view the full S/MIME encoded e-mail message, cut+paste it to a text editor, save as “something.eml” and open that with Outlook Express, or similar, which understands S/MIME. Of course, you do have to have the matching private key to decrypt the message!

With other e-mail clients that do not present the option to view the unaltered e-mail, or when the “smime.p7m” attachment has been forwarded, you need a way to re-format it back into a valid S/MIME message. To do that I wrote this small program. Save the attachment to disk and feed it to “p7mfile.exe” which will format it and pass it on to Outlook Express.

EFS is almost useful

Wednesday, November 28th, 2007

If a student had turned in the EFS design as a project I may have given them a C+ or B-. It has all the hallmarks of good encryption design that was then taken by a committee and developed into a product. I wrote this little program to solve the problem of how to copy EFS encrypted files to a USB key drive. If you just drag the files to the USB drive then Windows ‘helpfully’ decrypts them for you without asking. In any serious encryption system the default should be to *not* decrypt data without explicit permission, sigh!

Copy “sendtoEFS.exe” into the “sendto” folder in your Windows profile so that it can be used from the Explorer menu. It uses the Windows API call “OpenEncryptedFileRaw” to access the raw encrypted data and not transparently decrypt it; the PDF file explains.

Is Quantum Mechanics weird or is it just me?

Friday, November 23rd, 2007

Someone once said that new theories only take hold when the generation that believes in the old theory dies. I don’t find the predictions and effects of Quantum theory weird. I wonder if that is because I am weird or because I have known it most of my life having studied university level physics since I was ten.