Melvin Rivera has written a nice tutorial for Mail users explaining how to get a digital certificate from Thawte and how to use Mail.app’s digital signature and encryption features.

He outlines the process for creating an account at Thawte and requesting a certificate and then installing it.

Further sections follow on the difference between a digitally signed and an encrypted message, and how to use them.

It’s interesting to compare Melvin’s take on secure email in Mail.app with Matt Haughey’s experience , which wasn’t so positive.

Melvin thinks it works well and is a good tool to have in your email armoury:

Other than the process of going though an external website for obtaining a certificate, Mail’s integration of signed and encrypted messages is seamless. It’s a great feature that is just hidden until needed. Making the user experience simple and clean. And there’s nothing like discovering a great new feature on an App you’ve been using for a long time now.

Joar Winfor has also produced a more detailed walkthrough for secure email in Mail.app, but more detail is not always good for everyone.thawte, certificate, X.509, digital signatures, encryption, secure email, security, mail.app, apple mail

The owner of rtfa.net has posted a list of the things that are annoying, broken or just plain scandalous about Mail.app.

He is an unhappy Apple Mail user: “Well, if Thunderbird integrated with spotlight and OSX address book, it’d be a no-brainer. However, I’m entrenched.”

And life in the trenches with Mail.app is not good.

Three problems score the highest scandal rating — incorrect treatment of IMAP’s “seen flag”, the “lost message” problem and the “invalid pointer” problem.mail.app apple mail, bugs, problems, IMAP, flags, attachments, SSL, encryption, lost messages

Langenhoven offers a Greasemonkey script for Firefox that will encrypt Gmail messages.

It achieves this by using RSA type encryption in Javascript.

The site also offers a utility for producing the public and private keys needed for encryption.

I haven’t tested this but the results look like the real thing:

Read the Known Issues section to discover that it works best in Firefox 1.5 or greater and that some of the buttons are troublesome.gmail, encryption, greasemonkey, firefox, public public, private keys, email, security

Webmonkey has published the introductory chapter to PGP & GPG: Email for the Practical Paranoid by Michael W. Lucas.

It covers Phil Zimmermann’s first steps with PGP, the lawsuits with the US Government, the launch of OpenPGP, GnuPG, legal aspects of encryption and more.

A brief quotation:

The ideas behind PGP had been known and understood by computer scientists and mathematicians for years, so the underlying concepts weren’t truly innovative. Zimmermann’s real innovation was in making these tools usable by anyone with a home computer. Even early versions of PGP gave people with standard DOS-based home computers access to military-grade encryption.

UPDATE: Mirko posts a link in the comments to an audio interview with Jon Callas , CTO at PGP Corporation, who also explains the history of PGP. Thanks.pgp, gpg, encryption, privacy, Zimmermann, OpenPGP, GnuPG, history

I ran across two things for Gmail users today.

Adam Pash at Lifehacker has posted a tutorial of tips and tricks for getting the most out of Gmail. It even has video clips!

Among other things, he talks about some scripts for the Firefox extension Greasemonkey which add very useful bells and whistles to Gmail’s web interface.

Another Greasemonkey script promises to bring basic encryption to Gmail. It first encrypts the email into AES and then uses the RSA algorithm to encrypt the message again.gmail, tips, tricks, greasemonkey, scripts, firefox, encryption, email

ChibiNinja is a utility that creates a cross-platform encrypted multi-language email message with an inserted image. You can send and receive them using from Apple Mail (or Outlook Express on Windows) without complicated encryption mail settings.

An updated version, released today, adds support for encrypted files and the option to request a read receipt. The developer has created a detailed explanation of the app’s new features.

Once donation-ware, ChibiNinja Mail is now shareware (USD 18), although the developer has now released a freeware version that will decrypt and encrypt a message and an image but not files.

You can get them both from the developer’s web site. encryption, email, images, files, read receipt, chibininja, cross-platform, simple, mail.app, apple mail, decrypt

Hot on the heels of Matt Haughey’s fine post about the difficulties of using encryption in Mail.app, comes an update to GPGMail.

This plugin is a front end for gpg and allows you to send and receive encrypted messages. It extends Mail.app’s in-built encryption features in several useful ways.

You can read about the features it offers and its limitation on the GPGMail site.

The new version fixes a compatibility problem with MailTags, needs GPG 1.4 or better, works better in Panther, has a Dutch localisation, works better with AppleScript-generated windows and solves a number of other bugs. (Full changelog ).

The developer warns, “GPGMail is a complete hack, relying on Mail’s private internal API. Use it at your own risks!” But don’t let that put you off.

Get it from the GPGMail web site. encryption, PGP, GPG, plugin, mail.app, apple mail, mailtags, applescript, certificates