07 September 2016

Why Did a Signed OpenPGP Email Fail a Signature Test at the Recipient's End?

One of our customers signed an email message with the Encryptomatic OpenPGP add-in for MS Outlook, but noticed that the recipient was unable to verify the message's digital signature, which was reported as invalid. They contacted our support team to report a bug.
On closer examination, our technician discovered that the message was being altered at the email server by MsgTag, a service that inserts web beacons into messages so that the sender knows it has been read.
This is essentially the sort of man-in-the-middle attacks that PGP signing a message is supposed to signal. If a message has been altered in transit, then a OpenPGP signed message will fail a signature test.
You can learn more about Web Beacons here.
If you are a user of #MsOutlook, download a copy of Encryptomatic OpenPGP and start protecting your email messages.

01 September 2016

How to Permanently Erase Emails from Microsoft Outlook

Most people reasonably believe that when they delete an email message from Microsoft Outlook and empty the trash folder, the message is permanently erased.  Forensic investigators know this is untrue, and use the ignorance of Outlook users to recover emails during investigations. Deleted Outlook emails are easily be retrieved with a number of off-the-shelf software tools.   Depending on your perspective, this could be good or bad news. It's great news if you deleted an email with pictures you forgot to save.  It's bad news if you thought you had removed emails that contact embarrassing information.

Even after deletion, emails remain your Outlook .pst or .ost file until you compact the file. Compacting a .pst/.ost file is a feature that Microsoft discourages by making it difficult to access. Besides permanently removing deleted emails, another benefit of compacting is that it makes your .pst/.ost files smaller, saving space. 

How to compact your Outlook .pst file

My example uses Microsoft Outlook 2016, and will be similar on Outlook 2013.

Step 1. Delete your email messages and empty your Trash folder.

You know how to do this. Just click on an Outlook email message and press delete.

Step 2. Empty the trash folder for your .pst file.  

In the Outlook Inbox panel, locate the Trash folder. Press or Right click on it and delete "Empty."

Empty Outlook Trash Folder

Your emails will now appear to be deleted.  They will not appear in your email list or as the result of a search, but as we know they are still lurking beyond sight.

Step 3.  Compact your Outlook .pst/.ost file

In the Outlook folder list, tap or right click on the top line of the .pst/.ost file.  It may have your email address, or if you renamed it, it could have any other name. 

This will bring up a context menu.  Select "Data File Properties."

Outlook data file properties.
Outlook Data File Properties

Selecting "Date File Properties" will take you to the Properties window.  Select "Advanced," then "Compact Now."

Screen shot showing how to locate the "Compact Now" feature in Outlook 2016.
Click "Compact Now" to begin compacting the PST or OST file.

Outlook will begin compacting the PST file and in the process permanently destroying all deleted in the file.  

Screen shot of Outlook window displaying "Compact Now."
Microsoft Outlook "Compact Now" 

If you have not compacted your Outlook PST/OST file before, it could take several minutes to complete the operation.

We hope this helps you manage the size of your Outlook email files, while helping secure your privacy by permanently removing emails you thought you had deleted.  If you have any questions or comments, please post them below.

Encryptomatic LLC is a Windows software developer with a suite of products that help its customers manage their email content. Learn more.

27 July 2016

Encryptomatic Offers OpenPGP Email Encryption Add-in for Microsoft Outlook

Screen image of Encryptomatic OpenPGP add-in in Outlook 2013.
Encryptomatic OpenPGP add-in for Microsoft Outlook

In late 2015, we launched Encryptomatic OpenPGP add-in for Outlook due to the expense and installation difficulties we were having with other PGP email encryption add-ins for Outlook. We needed a product that installed easily, didn't contain any ad-ware, offered a signed installer package, and was so easy that even we could use it. In the end, we had to build our own OpenPGP add-in to get the features we wanted.

As a company, we have always believed that encryption needs to be part of every Microsoft Outlook user's security arsenal.  When the product was released last year, the uptake was slow, and we had a few rough edges to work out. Since then, we couldn't be more pleased with the reception that Encryptomatic OpenPGP has received from business people, private individuals, non-profit organizations, journalists, the security community and even governments.

If you are a Windows Outlook user who wants to learn more about encrypting emails, but  you don't have a Ph.D. in cryptography, we think you'll appreciate how easy it is to install and use Encryptomatic OpenPGP.

22 March 2016

How to Run Open Whisper Systems' Signal Messenger App on Windows

One our favorite tools for secure messaging is Signal Secure Messenger app by Whisper Systems.  Signal is widely lauded for its end-to-end encrypted messaging, which is as easy to use as regular MMS/SMS texting.  Signal is available for iOS on the Apple AppStore and on Android through Google Play.

Open Whisper Systems is working on a Windows desktop app. It's in beta, but there is a long list to be invited to participate.  You can sign up for the beta here.

So while there is no released Signal app for Windows yet, we have discovered a way to install and use Signal on Windows. It involves an Android emulator and Google Voice. If you can't wait for the official Windows Signal app, here's you can get up and running today!

What you will need to install Signal on Windows 10

1. A Google or Gmail Account
2. A Google Voice phone number. Forward your Google voice number to Google Chat.
3. BlueStacks Android App Player

Once you have the above items, continue on.

Start the BlueStacks app player, and log into Google Play using your Gmail/Google account.

Install the Signal app and run it.

Signal will ask you to enter your phone number. Enter your Google Voice number.

Enter your Google Voice number into Signal

Signal will attempt to verify your phone number by sending a SMS code.  It will be unable to receive the SMS verification code of course, because you are running Signal from BlueStacks, and not a real phone.

Request that Signal call your Google Voice number with the verification code.

Request a voice call from Signal.

Signal will now dial your Google Voice number.  Google Voice will answer and record the verification code.  To retrieve this code, go to your Google messenger inbox.

The message will appear as a recording in your Inbox. Play the message to get the code.
Retrieve the Signal verification code from Google messenger.

Go back to Signal and enter the verification code. The installation of Signal will continue.

Signal app continues installation in BlueStacks after entering the verification code

You are now ready to start using Signal on Windows to send and receive secure messages!

Signal Messenger App Running in Windows 10
To start enjoying the privacy that comes with encrypted end-to-end messaging, invite your friends to install Signal. A million other people have done so.

25 February 2016

MBOX File Support Added to PstViewer Pro Version 8.0

Today we are releasing an update for PstViewer Pro. Version 8.0 is now available for download. This is a recommended update for all eligible customers.

Image of PstViewer Pro with MBOX selected.
PstViewer Pro now supports viewing/converting MBOX files.

PstViewer Pro now includes support for viewing searching and converting emails stored in ‪#‎MBOX‬ files. Mbox files contain multiple ‪#‎email‬ messages and their file attachments.  Mbox files are created by many different email clients, including the popular Mozilla Thunderbird client.

This capability is included in the latest PstViewer Pro download (v8) and is available to all customers who purchased EmlViewer Pro in the past year, or who have an updated support/maintenance plan. Contact supportline at encryptomatic.com with any questions!

17 February 2016

MessageExport 4.07 maintenance release now available.

Encryptomatic LLC has released a maintenance update for MessageExport add-in for Microsoft Outlook. This update is an optional but recommended update that resolves some installation issues due to Microsoft's SmartScreen filter.  In 2016 Microsoft deprecated signing SHA1 code signing certificates, causing SmartScreen to issue a warning when installing software. This update incorporates a stronger Sha2 codesign certificate to placate Microsoft.

Shows MessageExport installed in Outlook toobar.
MessageExport for Outlook is updated for version 4.07

28 December 2015

How to Select Email Encryption Software? 4 Practical Questions to Answer Before Making a Choice.

Every day, we field phone calls, live chats and (unencrypted) email messages from people who are in search of information about email encryption.  The caller will usually begin their Q&A with a very general statement such as, "I need to encrypt emails. Tell me how to do it."

Because Encryptomatic LLC has been helping people encrypt sensitive emails for more than a decade, this is where I usually pause the conversation to get more information.  By the time I get to speak to the caller, they have already been overwhelmed with arcane terms, even more arcane encryption technologies, government regulations that threaten terrible consequences, prices that range from hundreds of thousands of dollars to free open source software, and they are confused.

Before I frustrate them any further, I ask them four questions that will help me determine whether or not any of our products are a fit.

1. Which email client, if any, do you or your organization work with?

Start with your email client and work backwards.  If you represent a company with 1,000 desktops, and everyone is a seasoned Microsoft Outlook user, then you really want to find a solution that works well with Outlook. Likewise, if you use Thunderbird, or Gmail, that's where you should begin your search.

2. What regulations bind you?

Understanding the requirements of your industry is crucial.  Don't take shortcuts. It will serve you well to make a knowledge investment here.  Convince your boss to send you to that industry security conference so that you can obtain this expertise for your organization. Beware of any sales people who tell you that they are already "compliant," and that you can just trust their self-certified software.  While you can certainly take their advice (or my advice for that matter), what your organization needs is an in-house expert who has some exposure to the industry regs that bind you. Also be aware of compliance and archiving requirements for your industry.

3. Who will be receiving your encrypted messages?

Don't forget that sending encrypted emails is only half of what is required.  You can send secure emails all day long, but it won't help if the recipient cannot receive your messages.  Understand who is the intended recpient, and how much work are they willing to do to open your messages.  Do they share your motivation to encrypt email messages?  It is different to ask someone who is tech saavy to install encryption software versus someone who is a casual customer. Make sure that your important intiative to protect email communications doesn't fail at the point of reception.

4. Who are you willing to deal with?

Selecting email encryption software for your organization is a big commitment in training, implementation and processes. It means partnering with your supplier to protect crucial communications.  Don't choose the wrong company to work with. Encryption software will need regular updates. You will have questions and need answers, so make sure they answer the phone and respond to emails.

Open source software is great for the right companies,  especially those with a developer on staff who understands encryption and can fix bugs along the way. If that's not your company, then working with a software publisher that issues updates and can respond to your customization requests will be important.

Which Email Encryption Solution is Best?

If there was a single answer to that questions, your job would be easy.  You could just go into the market and find the best price and voila! Problem solved.

As you no doubt have discovered, there are many different approaches to email encryption. Lets break a few of them out.

Pretty Good Privacy, or PGP has been around since the 1990's and is still generally considered to be both the most secure method of email encryption, as well as the most difficulty. In this case, high security equals high difficulty.  PGP is supported by both large corporation entities such as Symantec as well as a core of dedicated open source encryption enthusiasts with a passion for privacy.   Each person has a public key that they share with the world, and a private that they keep safe and secret.  Anyone can encrypt an email for you using your public key, then you use your private key to unlock that message. The math is complicated, but it works very well.  Just remember: share you public key, and protect your private key.

Encryptomatic Open PGP add-in for Outlook, shown in Outlook 2016 toolbar.
OpenPGP Add-in for MS Outlook

Encryptomatic LLC has contributed to OpenPGP with an add-in designed specifically for Microsoft Outlook users.  We wanted to make it accessible, so Encryptomatic OpenPGP for Outlook is free for personal use, journalists, activists and non-profit organizations, and affordable for everyone else. You can learn more and try it free.

Symmetric Key Solutions
There are lots of email encryption solutions that rely on the sender and receiver knowing the same key.  These are generally quite easy to use, but less secure and the key (or password) must be shared privately between the sender and receiver, and this sharing creates a vulnerability.

Symmetric key email encryption has its place. It's easy for recipients.  Encryptomatic LLC has designed a couple of symmetric key email encryption add-ins for Outlook.

MessageLock is useful when both recipients have Outlook and MessageLock. The process of sending and receiving secure messages can be made seamless, automatic and invisible.

Screen image of MessageLock add-in for Outlook.
MessageLock email encryption for Outlook

For cross platform compatibility and ease of use, our PDF Postman solution is hard to beat. PDF Postman encrypted emails and files and places them within an encrypted PDF envelope, which means that any recipient who knows the password and has a device with a PDF reader can open the message.

Image showing PDF Postman message in Gmail inbox.
PDF Postman for Outlook

Email Encryption as a Service
Many companies have discovered that they need something between end-to-end OpenPGP and simple password encryption. That is where a mediated solution might be the best fit.  Encryptomatic LLC operates Lockbin.com, which implements encrypted messaging as a service that enables sending and receiving to anyone.  The recipient does not need special software. A simple and non-invasive signup process for a free Lockbin account is all that is asked of the recipient. Management of public and private keys happens behind the scenes, even while the Lockbin acocunt holder maintains full control over their public/private key pair.

While there are many other service providers in this space, Lockbin differentiates itself through its longevity and through a product set that includes online access via Lockbin.com, an Android app on Google Play, a Java app and an convenient add-in for Microsoft Outlook.

The downside to using email encryption as a service is that it is never trustless. The service provider could, if required by law, capture the credentials and supply them to the demanding authority.

In conclusion...
We hope this has been useful. Feel free to contact Encrptomatic's support and sales people. We will be happy to discuss your requirements, and recommend the best product for your needs as we understand them, even if it is not our own product.  Life is too short for unhappy customers, and so if you are not a good fit for our products, we will tell you so.

If you found this article helpful, please tell us below or feel free to share.