Webmail Using the Hush Encryption Engine



Similar documents
Client configuration and migration Guide Setting up Thunderbird 3.1

Introduction...3 Terms in this Document...3 Conditions for Secure Operation...3 Requirements...3 Key Generation Requirements...

Hushmail Express Password Encryption in Hushmail. Brian Smith Hush Communications

Reading an sent with Voltage Secur . Using the Voltage Secur Zero Download Messenger (ZDM)

Outlook Express POP Instructions - Bloomsburg University Students

Configuring Outlook to send mail via your Exchange mailbox using an alternative address

BlackBerry Internet Service Using the Browser on Your BlackBerry Smartphone Version: 2.8

Business Internet service from Bell User Guide

Using etoken for Securing s Using Outlook and Outlook Express

Webmail. Setting up your account

Vanguard Secure Service (VSES) User Guide

Windows Mail POP Instructions - Bloomsburg University Students

Set up Outlook for your new student e mail with IMAP/POP3 settings

Steps for: POP (Post Office Protocol) and IMAP (Internet Message Access Protocol) setup on MAC Platforms

Configuring Mozilla Thunderbird to Access Your SAS Account

Using Voltage Secur

Honeywell Secure External User Guide August 2013

Distributor Control Center Private Label/Channel Administrators

Configuring an Client to Connect to CASS Mail Servers

1. Open the preferences screen by opening the Mail menu and selecting Preferences...

IMAP and SMTP Setup in Clients

RoomWizard Synchronization Software Manual Installation Instructions

Ciphermail for BlackBerry Quick Start Guide

MessageGuard 3.0 User Guide

Toll Free: International:

3. On the Accounts wizard window, select Add a new account, and then click Next.

INTEGRATE SALESFORCE.COM SINGLE SIGN-ON WITH THIRD-PARTY SINGLE SIGN-ON USING SENTRY A GUIDE TO SUCCESSFUL USE CASE

Using the Web service

Before starting to use the new system you will need to know the password to your e-wire account.

Migration Manual (For Outlook 2010)

Install and Configure Oracle Outlook Connector

Receiving Secure from Citi For External Customers and Business Partners

BOTTOM UP THINKING SETUP INSTRUCTIONS. Unique businesses require unique solutions CLIENT GUIDE

Anti-Spam Configuration in Outlook 2003 INDEX. Webmail settings Page 2. Client settings Page 6. Creation date Version 1.2

Exchange Outlook Profile/POP/IMAP/SMTP Setup Guide

SECURE COMMUNICATIONS PLAN Updated August 25, 2011

Sending an Encrypted/Unencrypted Message. Let's Begin: Log In and Set Up Security Questions. Create Additional ProMailSource Accounts:

Cryptshare for Outlook User Guide

Integration Guide. Swivel Secure Authentication

NSi Mobile Installation Guide. Version 6.2

WineWeb Account Services

Vodafone Hosted Services. Getting your . User guide

This information is provided for informational purposes only.

How to Setup OSX Mail to POP an Exchange Account

Domains Help Documentation This document was auto-created from web content and is subject to change at any time. Copyright (c) 2016 SmarterTools Inc.

IceWarp Outlook Connector 4 User Guide

Configuring Outlook Express

1. How to Register Forgot Password Login to MailTrack Webmail Accessing MailTrack message Centre... 6

How do I Configure my bmail Account on Outlook 2013 Using the Google Apps Sync Tool?

Configuring, Customizing, and Troubleshooting Outlook Express

User Guide: Manual Migration on Thunderbird for OS X

Initial Setup of Mozilla Thunderbird with IMAP for OS X Lion

Accessing the Media General SSL VPN

Microsoft Outlook 2010

Computer Networking LAB 2 HTTP

Neoteris IVE Integration Guide

Astaro Mail Archiving Getting Started Guide

CONFIGURATION AND SETUP USER GUIDE AND REFERENCE MANUAL

Configuring a TeleVox account on an ios device.

Setup Guide. network support pc repairs web design graphic design Internet services spam filtering hosting sales programming

P309 - Proofpoint Encryption - Decrypting Secure Messages Business systems

Updated: 7/10/2013 Author: Tim Unten

Patriots Outlook Configuration

Migration User Guides: The Console Application Setup Guide

How to configure your Windows PC post migrating to Microsoft Office 365

Neoteris IVE Integration Guide

Instructions. Outlook (Windows) Mail (Mac) Webmail Windows Live Mail iphone 4, 4S, 5, 5c, 5s Samsung Galaxy S4 BlackBerry

Decryption. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright Palo Alto Networks

How to Pop to Outlook

Knowledge Base. Setup GoogleApps in Outlook Pages. Zeumic Pty Ltd. PO Box 44 Kew, VIC Australia 3101

Migration Manual (For Outlook Express 6)

Secure Frequently Asked Questions

New Mexico State University

MS Outlook 2002/2003. V1.0 BullsEye Telecom

Setting up CatMail on Outlook 2010

Talk Internet User Guides Controlgate Administrative User Guide

MICROSOFT OUTLOOK 2003

Setup 1of 2: AKO (NOT E ) Setup on Outlook 2010

How To Configure Using Different Clients

Secure User Guide

Follow these steps to configure Outlook Express to access your Staffmail account:

Once logged in you will have two options to access your e mails

Getting started with IMAP for Aggi What is IMAP?

Setting Up Scan to SMB on TaskALFA series MFP s.

ConnectMail Mobile Configuration

Junio SSL WebLogic Oracle. Guía de Instalación. Junio, SSL WebLogic Oracle Guía de Instalación CONFIDENCIAL Página 1 de 19

Configuring MailArchiva with Insight Server

White Paper. Installation and Configuration of Fabasoft Folio IMAP Service. Fabasoft Folio 2015 Update Rollup 3

Initial Setup of Mozilla Thunderbird with IMAP for Windows 7

Barracuda Security Service User Guide

Expresso Quick Install

Student Mail Access. Introduction. Option One: Using an Client

Xerox Multifunction Devices. Verify Device Settings via the Configuration Report

aprompt User Guide Setting up a mailbox on the Apple IPhone 3G aprompt.co.uk User Guide Version 3.0 Advanced Mailbox on Apple IPhone 3G

owncloud Configuration and Usage Guide

Vodafone Plus. User Guide for Windows Mobile

Hosted Exchange 2010

Quick-Start Guide

Can I manually trigger secure to encrypt a message that does not contain PI or other sensitive information? Yes, by use of the word TID.

Mozilla Thunderbird: Setup & Configuration Learning Guide

Transcription:

Webmail Using the Hush Encryption Engine

Introduction...2 Terms in this Document...2 Requirements...3 Architecture...3 Authentication...4 The Role of the Session...4 Steps...5 Private Key Retrieval...5 Authentication with the IMAP Server...5 Account Creation...5 Reading Email...7 Receiving Attachments...7 Sending Email...8 Sending Attachments...9 Security Levels of Various Information...11 Introduction The webmail service offered by Hushmail and Privacy Professional (referred to as Hushmail) utilizes a basic PHP-based webmail system that uses Cyrus IMAP servers for email storage. Embedding the Hush Encryption Engine (Engine) in a frame in the web browser, and integrating it into the authentication and email transfer process adds end-to-end security to the webmail. Terms in this Document Client This is the processing device utilized by the end-user to perform key generation, encryption, or signature operations using the Engine. Engine Shortened reference to the Hush Encryption Engine, contained in the appropriate wrapper. See Hush Encryption Engine White Paper for more information. Key Server This is the processing device to which the Engine connects to store and retrieve public keys and encrypted private keys. Alias A string used to identify a user (an owner of a public key) on the key server. It is usually in the form of an email address, such as username@domain.com. Passphrase A secret string, known only to the end-user and never revealed to any other party, which is used to a) generate the value needed to retrieve encrypted private keys from the Key Server and b) decrypt said encrypted private keys. Web Server A web server on which PHP is installed. It connects to IMAP servers to retrieve email information, and uses SMTP to send out email.

Pre-activation A process by which an administrator on a domain allocates an alias to be associated with keys and certificates, without actually creating the keys and certiricates. Requirements Hushmail fulfills the following requirements: 1. Hushmail must provide the capability to encrypt, decrypt, sign and verify email messages and attachments using a public key infrastructure based on OpenPGP. 2. Hushmail must provide a user experience comparable to that of webmail systems that do not offer public key based security. 3. Private keys and private data may only be decrypted on the client computer, never on any server. Architecture Figure 1 illustrates the interaction between the Engine and the web-based email system.

Figure 1 The Engine is loaded at the start of the session into the top left frame. That frame never reloads during the entire course of the session, allowing the Engine to maintain state throughout. Other frames are reloaded with various content during email activity. When necessary, these other frames use JavaScript to access the Engine to perform encryption or digital signature operations on the content that they contain. Authentication The Role of the Session Hushmail uses a unique session ID to identify information about the session that is retained on the server. This includes information about whether or not the user is authenticated. The session is created as soon as the user enters Hushmail, and is passed from page to page and frame to frame as part of the URL.

It is important that the session be destroyed when the user leaves the website. Clicking the Quit button can explicitly trigger this, or the Engine can automatically delete the session by accessing a particular URL when the stop method of the Engine applet is called. However, automatic session deletion is not necessarily reliable, especially if the browser process is abnormally terminated, so users are encouraged to always explicitly quit their sessions. Steps There are two main steps in the Hushmail authentication process. Private Key Retrieval When the user initially accesses Hushmail, the Alias, is passed in via HTTP GET or POST. The Engine is loaded in the top left frame. Once the Engine is loaded, the user is prompted to enter the passphrase in an HTML form. Submitting this passphrase results in a JavaScript call to the Engine that activates a private key lookup. See Hush Encryption Engine White Paper for details on this process. Note that the passphrase is not submitted to the server, but processed by the Engine. Authentication with the IMAP Server Once the private key has been retrieved, the IMAP username, password, and hostname can be retrieved through the Engine interface. (Also see Hush Encryption Engine White Paper.) The Engine transparently decrypts the IMAP password using the private key. These values are placed by JavaScript into an HTML form, and posted to the web-server where they are verified by an attempt to log in to the IMAP server, and then they are stored with the session to be used for future IMAP accesses. Once both the private key and the IMAP credentials have been retrieved and verified, the user is transferred to a page where the IMAP folders and contents of the Inbox are listed, and the email session can proceed. Account Creation Account creation follows a four -step process, in which control is transferred between HTML, JavaScript, the Engine, and server-side processes related to the IMAP account. Figure 2 illustrates the process as a flowchart.

Figure 2 Step by Step Account Creation Process Administrator Steps A webmail domain may be configured to require pre-activation.

Reading Email PHP retrieves a read message from the IMAP server, and writes it out in JavaScript in the HTML response to the client. The client-side JavaScript then interprets the message as encrypted/unencrypted/signed/unsigned, and makes appropriate calls to the Engine (in the other frame). Figure 3 shows the process in a flowchart. Figure 3 Receiving Attachments When a message is displayed, links to download each attachment are displayed, and any signatures on the attachments are stored in the JavaScript. Decryption and signature verification on attachments occurs automatically when the user chooses to download the attachment. Figure 4 illustrates the process.

Figure 4 Sending Email When an email message is sent (or saved) a JavaScript function is triggered which checks to see if encryption or signing of the message is required. Figure 5 shows the process as a flowchart.

Figure 5 Sending Attachments When composition of a message begins, the Web Server assigns a unique message identifier, which is then used to associate attachments with the message. Figure 6 illustrates the process of attaching a document to a message.

Figure 6

Security Levels of Various Information SSL encryption protects all information transferred by Hushmail between web browser and web server. The Engine provides OpenPGP encryption and digital signatures where appropriate. The Engine should not encrypt all data, because that data encrypted by the Engine is inaccessible to the Web Server. For example, email headers are needed to route the message to its destination, and so should not be hidden from the server. The following table details the encryption and signatures applied to various information transferred by Hushmail. Feature SSL between web browser and web server OpenPGP Encryption Email message Yes Yes Yes bodies Email headers Yes No No Email attachments Yes Yes Yes Stored files (nonattachment) Yes Yes Yes Contact list Yes Yes No Read receipts Yes No Yes Preferences Yes No No OpenPGP Signatures

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information