Re¢ently

  1. Standard issue?

    brian on 2004.12.09
    at 02:24 am

    If I find these enjoyable, and think about acquiring them, does this make _me_ an ass?

    "SHHH. Society for HandHeld Hushing Handout":http://www.coudal.com/Shhh.pdf (caution! small 460kb PDF file)

    "Urban Asshole Notification Handouts":http://www.glarkware.com/securestore/c181844p16370773.2.html (these are actually for sale)

    Posted in: Humor

    Talk Bubble 0 Comments

  2. Using PGP Encryption and Signatures with Apple's Mail

    brian on 2004.12.08
    at 05:37 pm

    How to: Using GnuPG and Apple Mail for Encryption and Digital Signatures.

    Jake and I were curious to see how we could get our email more secure. He was working on getting a set up at his job for some sensitive financial information to be transmitted via the internet. I was just curious about more secure email, since I knew Mac OS X had some good security features in it.

    I had looked into this once before, and my eyes glossed over when looking it over. Jake, being more familiar with unix was not so detered, and figured it out without much fuss. Thus, once he set it up in Mozilla Thunderbird, his work email app that he uses with his company's Windows machines, he figured out how to add it to his personal PowerBook.

    Wanting to learn, I had Jake walk me through the steps of the set up. It's clear from the attempt that while its not exceedingly difficult to implement PGP on Mac, it's not going to spread like wildfire until someone improves the user experience. The following walk through will dive into the terminal briefly, and some of the GUI aspects leave much to be desired.

    Let it be noted that I am eternally grateful to those who took the time to build GUIs for OS X so that I might enter the PGP world without much fuss, and I hope my criticisms here are seen as only constructive and supportive towards their authors efforts.

    And just before we begin the installation, I just wanted to mention that some of the functionality we are about to install is already present in OS X, however, it is well hidden, designed to automatically kick in when needed. It is however, a different style of email security.

    To use the built-in encryption and digital signature abilities of Mail, you need to have a digital ID certificate of your own, stored in the keychain. However, the Mail Help is very vague on how to achieve that. Additionally, Keychain Access does not have its own help (it has a very tips thrown in to the general Mac OS X help).

    Apple's Mail Help says

    You can get someone's certificate if that person sends you a digitally signed or encrypted message, since that person's certificate is automatically included in such messages. When you receive one of these messages, Mail automatically stores this person's certificate in the keychain.

    Once you have a signing certificate for your mail account stored in your keychain, additional buttons appear in the Compose window, allowing you to digitally sign or encrypt a message.

    It does not tell us how to add our own signing certificate into the Keychain, or how to create one if we don't have one. The secret is thus: Apple's Mail and Keychain only currently work with third-party certificate authorities. The one most people talk about in these circles is thawte.com, where you must establish an identity. This third party vouches for you, that you are who you say you are.

    If you would care to use this style of security in your email, then I might direct you to two excellent tutorials,

    http://www.joar.com/certificates/

    http://www.macdevcenter.com/pub/a/mac/2003/01/20/mail.html

    PGP works differently. It only needs two parties. For example, I know Jake in the real world, we've lived together even. So when he sends me his public key, I don't need a third party to establish who he is. If you have this level of comfort with those your are attempting to communicate with securely, then you are all set, PGP will work for you. Let's see how to get it to work for Mac OS X.

    First, go to the MacGPG website and download the latest Mac version of the application, "GNU Privacy Guard." (often shortened to GPG, just to be confusing.) When I wrote this tutorial, version 1.2.4 was current.

    http://macgpg.sourceforge.net/

    Next you'll want to be able to create your own PGP keys, so you'll need an application for that, too. Smartly enough, it's on that same page and called "GPGKeys" You can download it now, too.

    We're going to install MacGPG first. It's simple... an installer should automatically appear when its finished downloading. If it didn't automatically appear, then double click to open the GnuPG disk image (.dmg). An installer will appear. Follow the instructions. When it is finished, you will not see the finished product anywhere... its off in the BSD section of your Mac... that's OK. We're going to use other applications which will use GnuPG behind the curtains.

    (If you manually turned off the BSD part of the Mac OS X install at any point in your Mac's life, chances are this install will not work. You will need to install this portion from a Mac OS X install disc. By default, the BSD goods are installed. If none of this sounds familiar, worry not, it's likely in there.)

    Next, we'll install the application to create our key. Find "GPGKeys " (in the downloads folder, usually your Desktop) open it up. There is no active installer for this application. Drag the "GPGKeys" application to your Applications folder (or the place of your choice).

    Now, go find it, launch. GPGKeys is a GUI interface to create a PGP key, only in the most loosest of interpretations. Under the Key menu, click "generate" and you'll be brought proptly to the command line. Gasp! I don't see why this couldn't be wrapped in a GUI, but luckily, it's a pretty straight forward CLI.

    First, it'll ask what types of cipher you'd like to create. I chose the default.

    Second, key size, I again chose the defaults.

    Third, expiry... how long do you want this to work until you have to create another.

    Next, it asks for name, email, both pretty self-explanatory, and a comment, which is whatever you want it to be. Perhaps a title for your own use, so you might identify this key later.

    Next, the app will create the key, using some random text, which you'll be asked to participate in, if you wish.

    It will end by showing you a key. You won't have to copy this, because when you quit the application (which is will now ask you about) it'll show up in the GUI app, once you leave the terminal. Once you leave the terminal, if your key isn't seen in the window, refresh the window. (Window > Refresh)

    Last words about GPGKeys... if you're looking to exchange PGP-secured documents with others, you'll need their public key. This is stored as a file, and you need to store it in this GPGKeys application. When you aquire the file, you can put it here by simply choosing (File > Import)

    Next, we need to incorporate PGP into Apple's Mail.app.

    Acquire the GPGMail app from

    http://www.sente.ch/software/GPGMail/English.lproj/GPGMail.html#Installation

    I didn't see this as a qualification anywhere, but i would suggest quitting Apple's Mail during the following install, since this app will be attaching itself to it.

    This application also comes with a double-click installer. Use it.

    Now, open Apple Mail and check the Preferences, you should have a new pane called "PGP." Set the preferences you'd like to use.

    Once these are set, whenever you open a Mail composition window, you'll have a new row beneath the addressing section, which allows you check a box if you want you message signed and/or encrypted (you can sign an un-encrypted email), and pull down menus to select which keys to use in these tasks.

    Once you have this set up, and a friend who is also using a similar set up, and you have exchanged keys, then you can send, receive and read encrypted email. Enjoy.

    Posted in: Apple · Technology

    Talk Bubble 8 Comments

  3. News about News, Conclusion

    brian on 2004.12.08
    at 04:15 pm

    Hello to our readers... few bits back I announced that there would be an announcement here, but then, didn't follow up on my promise. Here we are...

    I'm getting married to my girlfriend of six and a half wonderful years, Amanda. It should go down in Connecticut in 2006.

    No offense to our blog readers, but I had to notify all of our more personal friends first, since I didn't want to get any angry emails, "Hey, you blogged your engagement, but didn't contact me?" This may still happen...

    No plans for Amanda to start blogging here anytime soon, although she does partake in reading them from time to time.

    Posted in: Cool Info

    Talk Bubble 0 Comments

by date

« Dec 2004 »
Sun Mon Tue Wed Thu Fri Sat
      1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30 31
today