860 likes | 876 Views
Learn about OpenPGP and S/MIME, two popular encryption standards used in Mozilla Thunderbird to secure email communication. Discover how to obtain and manage digital certificates for signing and encrypting messages.
E N D
Tarefa Prática Mozilla Thunderbird Email
OpenPGP • OpenPGP is also based on PGP.
S/MIME • S/MIME was originally developed by RSA Data Security, Inc. • It is based on the PKCS #7data format for the messages, and the X.509v3 format for certificates. • PKCS #7, in turn, is based on the ASN.1.
PKCS#7 • In cryptography, PKCS refers to a group of Public Key Cryptography Standards devised and published by RSA Security. • Cryptographic Message Syntax Standard. • See RFC 2315. • Used to sign and/or encrypt messages under a PKI. • Used also for certificate dissemination (for instance as a response to a PKCS#10 message - Certification Request Standard). • Formed the basis for S/MIME, which is now based on RFC 3852, an updated Cryptographic Message Syntax Standard (CMS).
PGP/MIME • PGP/MIME is based on PGP, which was developed by many individuals, some of whom have now joined together as PGP, Inc. • The message and certificate formats were created from scratch, and use simple binary encoding.
S/MIME, OpenPGP and PGP/MIME • PGP/MIME,S/MIME and OpenPGPuse MIME to structure their messages. • They rely on the multipart/signed MIME type that is described in RFC 1847 for moving signed messages over the Internet. • A single mail client could conceivably accept and send both formats.
About Digital Signatures & Encryption • When you compose a mail message, you can choose to attach your digital signature to it. • A digital signature allows recipients of the message to verify that the message really comes from you and hasn't been tampered with since you sent it.
When you compose a mail message, you can also choose to encrypt it. Encryption makes it very difficult for anyone other than the intended recipient to read the message while it is in transit over the Internet.
Before you can sign or encrypt a message, you must take these preliminary steps: • Obtain one or more certificates (the digital equivalents of ID cards). For details, see Getting Your Own Certificate. • Configure the security settings for your email account. For details, see Configuring Your Security Settings.
Getting Your Own Certificate • Much like a credit card or a driver's license, a certificate is a form of identification you can use to identify yourself over the Internet and other networks.
Getting Your Own Certificate • Like other commonly used personal IDs, a certificate is typically issued by an organization with recognized authority to issue such identification. • An organization that issues certificates is called a certificate authority (CA).
Getting Your Own Certificate • You can obtain certificates that identify youfrom public CAs, from system administrators or special CAs within your organization, or from web sites offering specialized services that require a means of identification more reliable that your name and password.
Getting Your Own Certificate • Just as the requirements for a driver's license vary depending on the type of vehicle you want to drive, the requirements for obtaining a certificate vary depending on what you want to use it for.
Getting Your Own Certificate • In some cases getting a certificate may be as easy as going to a web site, entering some personal information, and automatically downloading the certificate into your browser. • In other cases you may have to go through more complicated procedures.
Getting Your Own Certificate • You can obtain a certificate today by visiting the URL for a certificate authority and following the on-screen instructions. For a list of certificate authorities, see the online document Client Certificates.
Getting Your Own Certificate • Once you obtain a certificate, it is automatically stored in a security device. Your browser comes with its own built-in Software Security Device. • A security device can also be a piece of hardware, such as a smart card.
Getting Your Own Certificate • Like a driver's license or a credit card, a certificate is a valuable form of identification that can be abused if it falls into the wrong hands. • Once you've obtained a certificate that identifies you, you should protect it in two ways: by backing it up and by setting your master password.
Getting Your Own Certificate • When you first obtain a certificate, you may be prompted to back it up. • If you haven't yet created a master password, you will be asked to create one. • For detailed information about backing up a certificate and setting your master password, see Your Certificates.
Managing Certificates • You can use the Certificate Managerto manage the certificates you have available. • Certificates may be stored on your computer's hard disk or on smart cards or other security devices attached to your computer.
Managing Certificates • To open the Certificate Manager: • Open the Edit menu (Mozilla menu on Mac OS X) and choose Preferences. • Under the Privacy & Security category, click Certificates. (If no subcategories are visible, double-click Privacy & Security to expand the list.) • In the Manage Certificates section, click Manage Certificates. You see the Certificate Manager.
Managing Certificates that Identify You • When you first open the Certificate Manager, you'll notice that it has several tabs across the top of its window. • The first tab is called Your Certificates, and it displays the certificates your browser has available that identify you. • Your certificates are listed under the names of the organizations that issued them.
Managing Certificates that Identify You • To perform an action on one or more certificates, click the entry for the certificate (or Control-click to select more than one), then click the View, Backup, or Delete button. • Each of these buttons brings up another window that allows you to perform the action. • Click the Help button in any window to obtain more information about using that window.
Managing Certificates that Identify You • The following buttons under Your Certificates don't require a certificate to be selected. You use them to perform these actions: • Import. Click this button if you want to import a certificate that you've previously backed up or transferred from one machine to another. • Backup All. Click this button to back up all your own certificates stored in the Software Security Device.
Managing Certificates that Identify You • Certificates on smart cards cannot be backed up. • Whether you select some of your certificates and click Backup, or click Backup All, the resulting backup file will not include any certificates stored on smart cards or other external security devices. • You can only back up certificates that are stored on the built-in Software Security Device. • For more details about any of these tasks, see Your Certificates.
Managing Certificates that Identify Others • When you compose a mail message, you can choose to attach your digital signature to it. • A digital signature allows recipients of the message to verify that the message really comes from you and hasn't been tampered with since you sent it.
Managing Certificates that Identify Others • Every time you send a digitally signed message, your encryption certificate is automatically included with the message. • This certificate allows the message recipients to send you encrypted messages.
Managing Certificates that Identify Others • One of the easiest ways to obtain someone else's encryption certificate is for that person to send you a digitally signed message. • Certificate Manager automatically stores other people's certificates whenever they are received in this way.
Managing Certificates that Identify Others • To view all the certificates identifying other people that are available to the Certificate Manager, click the Other People's tab at the top of the Certificate Manager window. • You can send encrypted messages to anyone for whom a valid certificate is listed. Certificates are listed under the names of the organizations that issued them.
Managing Certificates that Identify Others • To perform an action on one or more certificates, click the entry for the certificate (or Control-click to select more than one), then click the View or Delete button.
Managing Certificates that Identify Others • Each of these buttons brings up another window that allows you to perform the action. • Click the Help button in any window to obtain more information about using that window. • For more details, see Other People's Certificates.
Managing Certificates that Identify Web Sites • Some web sites use certificates to identify themselves. Such identification is required before the web site can encrypt information transferred between the site and your computer (or vice versa), so that no one can read the data while in transit.
Managing Certificates that Identify Web Sites • If the URL for a web site begins with https://, the web site has a certificate. • If you visit such a web site and its certificate was issued by a CA that the Certificate Manager doesn't know about or doesn't trust, you will be asked whether you want to accept the web site's certificate. • When you accept a new web site certificate, the Certificate Manager adds it to its list of web site certificates.
Managing Certificates that Identify Web Sites • To view all the web site certificates available to your browser, click the Web Sites tab at the top of the Certificate Manager window.
Managing Certificates that Identify Web Sites • To perform an action on one or more web site certificates, click the entry for the certificate (or Shift-click to select more than one), then click the View, Edit, or Delete button. • Each of these buttons brings up another window that allows you to perform the corresponding action.
Managing Certificates that Identify Web Sites • The Edit button allows you to specify whether your browser will trust the selected web site certificates in the future. • For more details, see Web Site Certificates.
Managing Certificates that Identify Web Sites • Like other commonly used forms of ID, a certificate is issued by an organization with recognized authority to issue such identification. • An organization that issues certificates is called a certificate authority (CA). • A certificate that identifies a CA is called a CA certificate.
Managing Certificates that Identify Certificate Authorities • Certificate Manager typically has many CA certificates on file. • These CA certificates permit Certificate Manager to recognize and work with certificates issued by the corresponding CAs.
Managing Certificates that Identify Certificate Authorities • However, the presence of a CA certificate in this list does not guarantee that the certificates it issues can be trusted. • You or your system administrator must make decisions about what kinds of certificates to trust depending on your security needs.
Managing Certificates that Identify Certificate Authorities • To view all the CA certificates available to your browser, click the Authorities tab at the top of the Certificate Manager window.
Managing Certificates that Identify Certificate Authorities • To perform an action on one or more CA certificates, click the entry for the certificate (or Control-click to select more than one), then click the View, Edit, or Delete button. • Each of these buttons brings up another window that allows you to perform the action. • Click the Help button in any window to obtain more information about using that window.
Managing Certificates that Identify Certificate Authorities • The Edit button allows you to view and control the trust settings for each certificate. Trust settings for a CA certificate let you to specify which kinds of certificates issued by that CA you are willing to trust. • For more details, see Authorities.
Managing Smart Cards and Other Security Devices • A smart card is a small device, typically about the size of a credit card, that contains a microprocessor and is capable of storing information about your identity (such as your private keys and certificates) and performing cryptographic operations.
Managing Smart Cards and Other Security Devices • To use a smart card, you typically need to have a smart card reader (a piece of hardware) attached to your computer, as well as software on your computer that controls the reader.
Managing Smart Cards and Other Security Devices • A smart card is just one kind of security device. A security device (sometimes called a token) is a hardware or software device that provides cryptographic services and stores information about your identity. Use the Device Manager to work with smart cards and other security devices.
Managing Smart Cards and Other Security Devices • In this section: • About Security Devices and Modules • Using Security Devices • Using Security Modules • Enable FIPS Mode
About Security Devices and Modules • The Device Manager displays a window that lists the available security devices. • You can use the Device Manager to manage any security devices, including smart cards, that support the Public Key Cryptography Standard (PKCS) #11.
Managing Smart Cards and Other Security Devices • A PKCS #11 module (sometimes called a security module) controls one or more security devices in much the same way that a software driver controls an external device such as a printer or modem. • If you are installing a smart card, you must install the PKCS #11 module for the smart card on your computer as well as connecting the smart card reader.
Managing Smart Cards and Other Security Devices • By default, the Device Manager controls two internal PKCS #11 modules that manage three security devices: