Questions on How CSE Works

I tried CSE a couple versions back(0.9.0.17 Beta 2 RC1) and ended up unistalling when I sent an email to a mixed group one with a cert. and several without CSE Certs. I got reply emails back from the clients without CSE that they could not read my email

Here are my questions
In Encryption > Advanced I have selected
“Only encrypt emails where a certificate is already installed on the system”
If I send to a mixed group It will only encrypt to the Clients with Certs
the others will only get digitaly signed mail
Is this correct?

Is it possible to ad ports to encrypt SPOP and SSMPT to the protocols.

If I delete a cert on a PC can The encrypted emails be read?
No,the emails can not be read. I checked this one out myself

How about can the email be decrypted when the the Cert has expired?
This is important

 If the the email can not be decrypted after 1 year when the cert has expired is 
 the cert renewed or are you issued a new one?

 If you are issued a new cert what happen to the old encrypted email?

I now have several certs in both my name and my wifes
How do I delete the ones I am not using?

Thanks OD

Hello again Opus, :SMLR

The help file in the new version is now very comprehensive, a read over it should hopefully explain a lot about SecureEmail, and securing e-mail in general.

Here are the answers to your questions:

“Here are my questions
In Encryption > Advanced I have selected “Only encrypt emails where a certificate is already installed on the system” If I send to a mixed group It will only encrypt to the Clients with Certs the others will only get digitaly signed mail Is this correct?”

This is correct, assuming you have digital signing turned on.

“Is it possible to ad ports to encrypt SPOP and SSMPT to the protocols.”

Not in the current version. We have a prototype for SSL ports that is working and we will add this feature very soon.

“If I delete a cert on a PC can The encrypted emails be read? No,the emails can not be read. I checked this one out myself”If you delete the public key certificate and the private key for which the e-mails were encrypted for, then naturally you cannot read them. BTW – private keys are not part of the public key certificate.

E-mail is encrypted with your public key by others, which is in your public key certificate that you distribute. The mail can only be decrypted with the private key that is installed in your PC’s certificate store. Basically Windows stores a reference between your public key and private key so it knows which private key to use to decrypt the e-mail.

“How about can the email be decrypted when the the Cert has expired?
This is important”
Yes it can, but you may see a warning saying it’s expired, depending on which application you are viewing the e-mail in.

“the cert renewed or are you issued a new one?”When certificates expire, you have to sign-up for a new one. A new public key and private key pair are generated on your PC during the sign-up process. The public key is placed in a signing request data format and is then sent off to Comodo for signing by Comodo’s private key.

Your private key never leaves your computer system.

This new certificate is installed in addition to your existing one, it does not replace/remove the old one. The old one is still required to decrypt mails that were encrypted for its private key.

“ If you are issued a new cert what happen to the old encrypted email?”
If you have SE’s auto-decrypt turned on the mail will be already decrypted.

If you have not turned this on your mail will be store as encrypted in your e-mail client’s storage files. Assuming you have not removed the old key set, when you open a mail, the S/MIME compliant mail package will still be able to show the e-mail.

“I now have several certs in both my name and my wifes How do I delete the ones I am not using?”

Please check out the help guide. You can delete certificates from the Certificates page in SE or use the “Certificate Manager” button to launch the Windows Certificate Manager which will also let you delete certificates and private keys.

E-mail encryption isn’t just about the public key certificates. You have a public and private key set that allows this asymmetric encryption to take place. So make sure you backup your private keys with your certificates if you remove them, just in case you need to read mails encrypted with them later.

Hope this helps?

Thanks,
Shane. (:NRD)

Shane,

I will give this (CSE) a try once again.

One more question
Is there any cross compatability with secure email program vendors?
I know this is unlikely but I believe this is another major problem with the general acceptance of secure email systems. If I have CSE and someone else uses PGP then we may as well not use a secure email system.

the one thing I like about CSE is the fact that it sends a Cert if if the other client Does not have the ability to decrypt the email

Maybe If every one could get together Cert providers and the big 4 AOL, Google, Microsoft, and Yahoo
this problem could be solved (see artical below) ROFL, Like that will ever happen

Any how thanks again
OD
Technology Shakedown #9: Why AOL, Google, Microsoft, and Yahoo are to blame for spam

Hi Opus,

Comodo SecureEmail uses S/MIME compliant public key certificates (X.509) and utilises Public Key Infrastructure PKI, just like the ones you use every time you use SSL connection to log into secure section of a web site, for example to buy online. The use of these type of certificates is extremely widespread now.

Comodo and various other vendors offer x.509 email certificates. They are handled by Outlook, Outlook Express, Thunderbird and many other S/MIME compliant e-mail applications. They are very very common indeed.

The PKI system works by having your e-mail certificate signed by a Trusted Certificate Authority’s root certificate, in SE’s case, us! Comodo is a CA and we are certificate specialist and our roots are in many an operating system and browser. When one of your contacts receives a digitally signed e-mail form you, they know they can trust it because they will very very probalby already have the Comodo root installed on there computer, they trust the root, so they can trust you. Here’s some further reading for you:

PGP and Open PGP (RFC 4880) work via a web of trust Web of trust - Wikipedia. We prefer the PKI method which is very interoperable between certificate vendors, including people like Microsoft. To illustrate the use of x.509 certificates, they are used in nearly all web browser based secure-connection (seen the padlock in IE appear over SSL? That’s an x.509 certificate) and Windows has around 230 root certificates installed for XP SP2.

From your previous posts, I notice that you use Gmail for your POP and SMTP servers, however, the current incarnation of SE does not support SSL. This secure connection you use again uses X.509 certificates to validate the Gmail server :), believe me, they are everywhere nowadays. We WILL have SSL POP/SMTP/IMAP support soon.

Again, I hope this helps :slight_smile:

Thanks,
Shane. (:NRD)

someone should tell David Berlind about our Secure email product! :slight_smile:

Melih