V-RMTC PKI ENCRYPTED EMAIL

V-RMTC PKI ENCRYPTED EMAIL USER GUIDE v. 2.1 September 2009

RECORD OF CHANGES Id of Change Reg No/Date Date Entered By Whom Entered (Signature; Rank, Grade or Rate; Name of Command) Reason for the Release N 1 28/09/09 28 Sept 2009 LT Massimiliano CARRINO/ MARITELE ROMA Paragraph 7 (How to send an encrypted email) updated Remark: Please note that this Handbook is intended to be a living paper, for the purposes of the initial evaluation and training of the MerSit platform. CINCNAV is responsible to update this handbook, however any feeder, suggestion and feedback from the whole community is welcome and encouraged. 2

TABLE OF CONTENTS RECORD OF CHAGES PAG 02 TABLE OF CONTENTS PAG 03 1. SYSTEM S REQUIREMENTS PAG 04 2. HOW TO DOWNLOAD PKI ENCRYPTED EMAIL PAG 05 INSTALLATION FILES 3. CardOS INSTALLATION (1 st STEP) PAG 08 4. CERTIFICATES INSTALLATION (STEP 2) PAG 10 5. CARD READER DRIVER INSTALLATION (STEP 3) - only for PAG 11 ATHENA card reader models 6. MICROSOFT OUTLOOK CONFIGURATION (STEP 4) PAG 12 7. HOW TO SEND AN ENCRYPTED EMAIL PAG 20 8. HOW TO OPEN A RECEIVED ENCRYPTED EMAIL PAG 23 9. PIN CHANGE PROCEDURE PAG 25 10. PUK CHANGE PROCEDURE PAG 28 3

1. SYSTEM S REQUIREMENTS Recommended System Requirements needed to run the PKI ENCRYPTED EMAIL application are as follows: Minimum hardware requirements: CPU Pentium IV 512 Mb RAM Screen resolution 1024 X 768 N 1 Smart Card Reader Software requirements: Windows XP SP 1 or higher version Office 2003 or higher version Internet Explorer 6 or higher version (Internet Popup disabled) Software installed on the computer after a successful setup: - CardOS_API 2.4.0.x 4

2. HOW TO DOWNLOAD PKI ENCRYPTED EMAIL INSTALLATION FILES - Login with your account and password to the VRMTC MODEL1 web portal (https:\\vrmtcmodel1.marina.difesa.it); - Keep any Block of pop-up function disable (check your browser settings, your firewall and note that this function is also implemented in some optional toolbars) - Click DOWNLOADS on the homepage bar menu to open that section: - The following list will be displayed: 5

- Select PKI encrypted email software and the following window will be displayed: - Click on PKI ENCRYPTED EMAIL SOFTWARE; - Then click on the link to get the file and save it: 6

The file you ve just downloaded is an archive in ZIP file format: - Create a new folder named it PKI encrypted email; - Extract all the archive file into new folder; All the installation files are available now, let s proceed to the following step. 7

3. CardOS INSTALLATION (STEP 1) - Launch the executable file Step 1 - CardOS.exe: - The following windows will be displayed : - Click NEXT then choose the destination folder to install the application: 8

- Click NEXT then start the installation process. - Then click FINISH when the following window is displayed: - The installation process is completed. - RESTART your PC. 9

4. CERTIFICATES INSTALLATION (STEP 2) - Open the folder Step 2 Certificates then launch the executable file batch Step 2 Certificates Installation.bat : - The following prompt window will be opened and all the certificates installation process will be displayed: - The prompt window will be automatically closed at the end of the process. 10

5. CARD READER DRIVER INSTALLATION (STEP 3) - only for ATHENA card reader models - Only if yuo have an Athena Card Reader launch the executable file Step 3 - Athena Card Reader Driver : - The following alert window will be displayed: - Connect your card reader to your PC then click OK; - If the installation has been completed correctly, the following window will be displayed: - Your Athena Card Reader has been installed, click OK and proceed to the next step. 11

6. MICROSOFT OUTLOOK CONFIGURATION (STEP 4) - Open Microsoft Outlook and select E-mail Accounts from the Instruments menu: - Select Add a new directory or address book, then click Next 12

- Select Internet Directory Service (LDAP), then click Next - In the field Server Name insert the IP ADDRESS: ldap.vrmtc.marina.difesa.it: 13

- Then select More Setting : - In Connection Details check if the port is 389: 14

- Then select the Search menu and the following window will be displayed: - In Search Options fill the Search base field writing c=it, then click Apply and OK. - Click Next 15

- Click Finish then close the application. - Restart Microsoft Outlook and select Options from the Instruments menu: - Open the Security board and select Encrypt contents and attachments for outgoing messages, then click OK: 16

Now let s proceed to configure your Address Book: - Open the Address Book from the bar menu: - then ldap.vrmtc.marina.difesa.it from Show Names from the: menu: - Select Find Items: - The Find Items window will be displayed; 17

- Select Begins with in the Substring Matching option then type v in the Display name field then click OK: - All the available V-RMTC contacts will be displayed in your Address Book: - To save an available contact on your Contact List just right click on the name of interest then select Add to Contacts : 18

- The following window will be displayed: - Click Save and Close and your contact list will be updated with the new contact. All the STEPS to install and configure the PKI ENCRYPTED EMAIL application are completed; let s see now how to send an encrypted email. 19

7. HOW TO SEND AN ENCRYPTED EMAIL a. BEFORE TO START (IMPORTANT) First of all it is important to trust the signatures between the sender and the recipient: - Both people have to send a signed email to each other - Once the signed email is received, click on the signature icon as follows: - Once the following window will be displayed, click Details: - A new window will be displayed, click Edit Trust: - 20

- Once the following window will be displayed select the option in the middle, then click OK: - The signature is now trusted correctly: - Click Close - Send now an encrypted email has as reply of the received signed email (only for the first one). 21

b. SENDING PROCEDURE - Click New to create a new email and check if the icon of crypto email is selected: - Write your email, select your recipients then insert your SMART CARD before to send the email. - Click SEND and your encrypted will be sent to the selected recipients. - If, during the sending phase, the following alert window is displayed: Just close all applications and restart your PC. 22

8. HOW TO OPEN A RECEIVED ENCRYPTED EMAIL If you receive an encrypted email proceed as follow to open it: in your OUTLOOK INBOX folder, - Insert your Smart Card in the card reader; - Click on the received encrypted email and insert the correct pin of your smart card when asked; - The email will be decrypted and you will be able to visualize the contents. Click on the icon on the right side of the email to verify the level of encryption of the email and the reliability of the sender: 23

Then click on Details to get more information about the certificate of the sender: 24

9. PIN CHANGE PROCEDURE The default PIN of your smart card is 11111111; The following procedure will show how to change your SMART CARD PIN: - Insert your CARD in the reader and open Pin Manager from the Programs Menu; Start Programmi Siemens Informatica Pin Manager - Select Smart Card then click Apri: - All the Smart Card Information will be displayed and now you can select PIN from the toolbar menu. 25

- Select Cambia - The following window will be displayed: - Insert the OLD PIN and the New one (minimum 8 characters) twice (to confirm) then click Cambio PIN. - If the operation has been concluded successfully, the following window will be displayed: 26

To check your PIN select PIN > Verifica - Write your new pin in order to check it; if it is correct the following window will be displayed: 27

10. PUK CHANGE PROCEDURE The default PUK of your smart card is 22222222; The following procedure will show how to change your SMART CARD PUK: - Insert your CARD in the reader and open Pin Manager from the Programs Menu; Start Programmi Siemens Informatica Pin Manager - Select Smart Card then click Apri: - All the Smart Card Information will be displayed and now you can select PUK from the toolbar menu. 28

- Select Cambia: - The following window will be displayed: - Insert the OLD PUK and the New one (minimum 10 numeric characters) twice (to confirm), then click Cambio PUK. - If the operation has been concluded successfully, the following window will be displayed: 29

To check your PUK select PUK > Verifica - Write your new puk in order to check it then click VERIFICA; - If it is correct the following window will be displayed: 30