OS/2 eZine - http://www.os2ezine.com
Spacer
December 16, 2004

Injoy Firewall


Enigmail

I read about EnigMail on FreshMeat and was intrigued by it. Now what is EnigMail ? EnigMail is an extension for Mozilla Mail and ThunderBird and makes use of GnuPG to sign the e-mails you send with an unique key or to encrypt e-mails so that they become useless for anyone who might intercept them as they can only be decrypted by the addressee.

What are the principles behind GnuPG?

Everything is based on two keys : The public and private key are connected to one particular e-mail address. There can only be one unique private key and public key connected to an e-mail address. Suppose you have a friend with an e-mail address friend@e-mail.address If your friend generates his key pair he ends up with his unique public and private key. Suppose your own e-mail address is own@e-mail.address. After you generate your own key pair you end up with your own unique public and private key.

Let's take a close look at two scenarios.

Scenario 1 : you want to send an encrypted message to your friend.

In order to do so you need to have his public key. You can't use your own key for that. There are two ways to obtain the public key of your friend. He can send it to you or in case he has registered his public key at a so-called key server you can download it from there by providing the key server the e-mail address of your friend to which the public key is connected. In both cases the public key of your friend is added to a local database GnuPG uses on your PC, the so-called key ring.

After you have encrypted your e-mail with the public key of your friend you won't be able to decrypt it yourself. The only one who can decrypt it is the one with the private key that matches the public key that is used to encrypt the message and in this case that is your friend.

Scenario 2 : you want to sign an e-mail you want to send to your friend so he knows that this e-mail can only be coming from you.

In order to do so you need to use your own private key. This will add a special unique character/number sequence to your e-mail. This sequence is unique for this particular e-mail. Now how does your friend know that the e-mail is really coming from you ? Well he can use your public key (that you have sent to him or that he has downloaded from a key server) to verify that. If anyone has altered the e-mail the unique character/number sequence that was added to your e-mail won't be valid anymore and the verification will fail.

Does this all sounds very complex and confusing to you ? You don't have to fiddle with the public and private keys. The software takes care of this. So don't let this stop you to try EnigMail and GnuPG.

What do you need ?

You need to download two software packages : GnuPG and EnigMail. GnuPG has been ported by Tobias Huerlimann. You can download it from his website http://www.tobiashuerlimann.de/software/GnuPG/. EnigMail has been ported by Davide Bresolin. You can download it from his website http://www.dimi.uniud.it/bresolin/warpzilla/. An patched version of nspr4.dll which you can also download from the website of Davide Bresolin.

Not strictly necessary for EnigMail but necessary if you want to run Innotek Java plug-in with Mozilla 1.7.x and higher is the plug-in wrapper by Innotek, ipluginw.dll You can download it from http://download.innotek.de/javaos2/mozilla/ipluginw20041104.xpi

Installation

GnuPG GnuPG can be downloaded as a WarpIn package. The latest version at this moment is gnupg-1.2.5-os2-bin.wpi. To install it you need to have WarpIn installed. Just click on the wpi file to start the installation. GnuPG follows the same conventions as several other from Unix ported software like e.g. ircd, MySQL, ... i.e. it creates a Unix-like directory structure \usr\... Therefore I advise you to start the installation from the root of the drive where you want to install it. In my case this is d:\

GnuPG uses two environment variables UNIXROOT and HOME. If you have already one of them uncheck the option Modify CONFIG.SYS as can be seen in the following picture. If you are running Mozilla or the likes then you probably have an environment variable HOME already. In this case we will add the environment variable UNIXROOT to the config.sys by hand.

When I was installing GnuPG WarpIn failed creating the WPS-objects and gave the following error message.

The failure seems to be caused by a wrongly formatted directory ( d:\\usr\... ). This is caused by the fact that I, when starting the installation, entered d:\ as the place to install GnuPG. This should have been d: as this will be the value assigned to the environment variable UNIXROOT but WarpIn (I'm using version 1.0.2) didn't allow me to use d: as installation directory. So for the moment being I have solved this by repeatingly pressing the Ignore button in order to complete the installation.

The installation by WarpIn has now completed but the WPS objects haven't been created.

To complete the installation you have to make some modifications to your config.sys and create some additional subdirectories in the home directory.

Modification to config.sys

Add

d:\usr\bin
to the PATH variable (if necessary substitute d: by the drive where you have installed GnuPG). Add the line
SET UNIXROOT=d:
Do not use an ending / or the software won't work.

Create additional directories

Create the directory

.gnupg
in the directory the environment variable home is pointing to.

Finally reboot your PC in order to make the changes to the config.sys active.

EnigMail

EnigMail is distributed as xpi package . At this moment the latest version for Mozilla is enigmail-0.89.0-moz17-os2.xpi This version runs only on the official build of Mozilla version 1.7.3. If you are running Thunderbird, there are versions for Thunderbird 0.8 and 0.9 available from the website of David Bresolin. To start the installation start Mozilla and open the xpi-file.

(click for larger image)

Now close Mozilla and everything that is Mozilla related (Download Manager, ChatZilla, Email client, ...). Last thing to do is to substitute the original nspr4.dll with the patched one from David Bresolin. Close Mozilla completely and go to the installation directory of Mozilla. In my case this is d:\internet\mozilla17 Within this directory you can find nspr4.dll Copy this file to nspr4.dll.org Now copy the downloaded patch file nspr4.dll to the installation directory of Mozilla and restart Mozilla.

You should now have some additional icons and menus in the Email client.

If the new icons (Decrypt, ...) aren't displayed correctly as can be seen in the picture below

you must switch back and forth between some Mozilla themes. You can find the menus to do so under Edit -> Preferences -> Appearance -> Themes. After you have switched theme you have to close Mozilla completely and then restart it and switch back to your original theme. Then again close Mozilla completely and restart it. If the icons aren't still displayed correctly, repeat this procedure.

Usage

1. Create keys

In order to start using EnigMail we have to generate our own public and private key first. There are two ways to generate these keys : OpenPGP Key Management Window

You can find this under the menu option EnigMail

You can then generate the keys using the menu options Key -> Generate


If you want to make it more difficult to abuse your keys you can enter a passphrase. A Passphrase can be considered as a password that you have to enter to activate your keys each time you want to use them.

using gpg.exe on the command line

This is the way I prefer to generate my keys as it gives me more options than using the OpenPGP Key Management.

Open a command prompt and type (the options are preceeded by a double dash)

gpg --gen-key


Just press 1 and the enter-key. After you've done this, gpg asks you how many bits the key you want to generate must have.

If you just press the enter-key the default value of 1024 is accepted. Now you are asked how long the key should remain valid.

You can just press the enter-key to accept the default value. This will generate a key that will never expire. Now you just have to confirm this and enter your name and the email address you want to use this key with (remember you have to generate a separate key for each email address you use). You can also give a passphrase if you want. A passphrase can be considered as a password that needs to be entered each time you want to use your key. This can make it more difficult for someone to e.g. sign an email on your machine with your key when you're not around. The generated keys (and the one you will import later from other people) are stored in the so-called key-ring. This is some kind of database that is stored in the directory .gnupg which can be found in the directory the environment variable HOME is pointing to so don't delete the files you find there.

2. Let someone have your public key

In order for someone to send you an encrypted email he must have the public key you have generated. There are two ways to let someone have your public key.

First method to let someone have your public key

You can just send him your public key. Just start to compose a new email and click on the menu options EnigMail -> Insert public key.

Another way to send someone your public key is to export the key you want and insert it as an attachment to your email. You can do this by using the OpenPGP Key Management Window. If you have just openend the Mozilla mail client press the menu options EnigMail -> OpenPGP Key Management Window. Now select the key you want to export and press the menu options Key -> Export to file.

The key is now saved into a file which you can attach to your email.

Second method to let someone have your public key

As an alternative to send someone your public key yourself you can also upload your key to a so-called keyserver.

Open a command prompt and type

gpg --keyserver pgp.mit.edu --send-keys
You can substitute pgp.mit.edu by any other valid keyserver.

3. Getting someone's public key

You can of course always ask someone to send him your public key or you can search it on a keyserver. Let's e.g. search my own key. Open a command prompt and type

gpg --keyserver php.mit.edu --search-keys John.Bijnens@celkunststoffen.khlim.be

When you enter the number of the key you want and press the enter-key, the key is automatically imported and added to the keyring so it is ready for immediate use. If you open the OpenPGP Key Management Window you can see the keys that are imported.

4. How to sign or encrypt an email

Remember that in order to be able to encrypt an email to someone you need to have his public key first and have it imported into your keyring.

Start composing an email and when you want to sign or to encrypt the email click on the OpenPGP icon and then choose the option you want.

When you press the Send icon, Mozilla will ask you to enter the passphrase (if you have specified one).

And then...

If you want more information about gnupg you can take a look at the following URL http://www.gnupg.org To have an overview of all the available options for gpg enter the following in a command prompt
gpg -h
For the 4OS2 users you can easily scroll through the available options with the following command
gpg -h | list /s
And then it is up to you.

Give gnupg and enigmail a try and don't forget to send a big thank you to the porters of GnuPG (Tobias Huerlimann ) and EnigMail (Davide Bresolin ). Don't yell at them if something doesn't work as expected. Instead read the installation instructrions again and/or try to find help in the news groups.


John Bijnens is a CAD/CAM engineer in the KHLim - Dep. IWT which is some kind of technical university in Belgium. He gives training in Pro/E and also writes CNC postprocessors (all development is done on OS/2.)

This article is courtesy of www.os2ezine.com. You can view it online at http://www.os2ezine.com/20041216/page_2.html.

Copyright (C) 2004. All Rights Reserved.