As a test of Djigzo (and because some of our mail
recipients use public, Web-based mail like Yahoo
Mail and Gmail), I've created a Djigzo user (me)
with a Gmail account. In the user's Djigzo
profile, I created the Subject trigger "test". I
sent a message to me(a)gmail.com with the
subject "test". What I received was an email
with no message, but an attachment labelled
smime.p7m. The only option I have is to download
it, but don't have any idea what the DL is or how
to open it. BTW, I have the FireGPG plugin
installed on my copy of Firefox, and it does work
with Gmail.
Dimitri
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
Hi Dan,
Dan Banach wrote:
> Sorry it's taken some time to respond. We deal with a wide range of
> email recipients (large companies, small offices, individuals, etc.)
> with a wide range of email encryption knowledge, so the ideal encryption
> solution for us would be very flexible. Not only flexible for outgoing
> mail, but also incoming mail as well. Some users/business' use PGP,
> others use certs and some use the various other options. Being able to
> communicate with them all is very helpful.
Right now now I'm working on Blackberry S/MIME support for BIS users
(for BES users there is already S/MIME email). Once that is finished I
will start working on new major features. There are some features I
would like to start working on but I'm not sure which one that should be.
Two main new features I was thinking about are:
1. PGP support
2. Client-less email encryption
Nr 1 is clear. I will briefly explain nr 2.
Client-less
Currently Djigzo supports S/MIME and PDF encryption. Recipients that do
not want are cannot receive S/MIME or encrypted PDFs are currently not
supported. The new encryption functionality I would like to add is the
following:
If an email sent to an external recipient needs to be encrypted and the
recipient cannot receive S/MIME email of an encrypted PDF the email will
be converted to a .html file. The original plain-text message (and
attachments) will be encrypted with a certificate for the external
recipient and added to the .html. The .html will be added to a general
message (which does not contain any sensitive information) and sent to
the recipient. The recipient opens the .html message in the email client
(can for example be hotmail). The .html will open a SSL connection to
the companies Djigzo server (which can be a dedicated server just for
the portal). The Djigzo server will show a login page. The recipient now
has to login. After the login the recipients browser will push the
encrypted 'blob' (contained in the HTML) to the portal. The portal will
decrypt the message with the private key of the recipient (which is
stored on the companies Djigzo server). The recipient can now read the
message and download any attachments (the portal uses SSL for secure
access).
The main advantage is that the recipient only requires a browser. The
encrypted data is stored locally on the recipients system (there is no
long term copy on the Djigzo server). An attacker needs access to the
locally stored .html file AND the portal password to read the message.
The message is encrypted with the same algorithm as a S/MIME message.
The only difference is that it's encoded inside a .html file.
A disadvantage is that the Djigzo server needs to be accessible to
external recipients.
Right now I'm leaning towards implementing feature 2 but it could be
that you or any other Djigzo user has another preference or request for
a feature. If so I'm all ears :)
>
> I
> think another great feature you could include would be to grant internal
> users the ability to manage their own decryption profiles. They should
> be able to add/create there own certs/keys and create their own
> passwords. Ideally it is tied into the directory via ldap or something
> so authentication and user information is seamless.
>
One problem is that currently the settings for an external user are
shared by all internal users. So, if internal user A changes settings
for external user E internal user B will also be affected. Do you want
the user list to be different for each internal user?
Right now you can add admins with different roles. You can add an admin
that can add keys etc. but not change the MTA settings,
Kind regards,
Martijn
Hi, Martijn,
No, it continues to fail.
When I create a cert for the user, I enter a password into the password bix, check the
box to send by email, but don't check the box for SMS (we won't be using that). The
user receives the email with the pfx, double-clicks it to start the import procedure,
gets to the part where she is asked to provide the password, enters the password, but it
fails.
This just dawned on me - I'll have the user save the pfx to her desktop first, then try
to import it. I've found that trying to work with files while they're still attached to
an email causes problems. I'll have her try it out on Monday morning (GMT -5), and
report back. If that works, then my bad, and I'll be completely embarrassed at wasting
your time :-) . But, hey, it'll be progress!
Best,
Dimitri
On Sat, 20 Jun 2009 10:04:16 +0200, Martijn Brinkers wrote
> Hi Dimitri,
>
> Did you succeed in importing the pfx file?
>
> Kind regards,
>
> Martijn Brinkers
>
> Martijn Brinkers wrote:
> > > via the "certificate import wizard", the password
> > > that was created for the user in Djigzo isn't
> >
> > Do you mean the password for the pfx? or the password of the user
> > preferences of the user?
> >
> > Could you resent the same certificate but now with a new password?
> >
> > > accepted. BTW, I have to tell the user what the
> > > password is, as it's not being sent via SMS.
> > > What am I doing wrong?
> >
> > The SMS functionality requires you to setup an account on
> > www.clickatell.com. Clickatell is one of the biggest companies providing
> > SMS gateway functionality. I picked Clickatell because it's one of the
> > best known SMS gateway providers. As sending SMS is not free you will
> > need to setup an pre-paid account online. SMS costs are something like
> > $0.04 per SMS. For more info on the SMS gateway see page 40 of the
> > administration guide.
> >
> > In principle it is possible to directly connect a Nokia mobile phone but
> > this cannot be done with the Virtual appliance (it requires a valid USB
> > port) but we advise you to use the Clickatell gateway.
> >
> > If you want to use a different SMS gateway we can see whether we can
> > create SMS transport for it just as long as it provides a public
> > accessible API. Currently Djigzo supports a direct Nokia connection and
> > Clickatell gateway but any SMS gateway can be integrated.
> >
> > If you need more info on setting up a Clickatell account I can write
> > some more detailed guide on setting up the account.
> >
> > Kind regards,
> >
> > Martijn
> >
> >
> > Dimitri Yioulos wrote:
> >> I've gotten Djigzo to send a new user's pfx via email. However, when
> >> the user tries to import it via the "certificate import wizard", the
> >> password that was created for the user in Djigzo isn't accepted. BTW,
> >> I have to tell the user what the password is, as it's not being sent
> >> via SMS. What am I doing wrong?
> >>
> >> Thanks.
> >>
> >> Dimitri
> >>
> >
> >
>
> --
> Djigzo open source email encryption
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
--
Dimitri Yioulos, CIO
First 1 Financial Corporation
600 Cordwainer Dr.
Norwell, MA 02061
781-871-4220 x1007
dyioulos(a)firstbhph.com
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
I've gotten Djigzo to send a new user's pfx via
email. However, when the user tries to import it
via the "certificate import wizard", the password
that was created for the user in Djigzo isn't
accepted. BTW, I have to tell the user what the
password is, as it's not being sent via SMS.
What am I doing wrong?
Thanks.
Dimitri
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
Hello to anyone listening.
I'm excited about Djigzo, and would like to
implement it in our 65-person shop. I DL'd, and
successfully installed the latest VM version on
VMware Server 1.0.9. I also added the latest
version of VMware Tools. I've read all of the
manuals, and have a general idea of what I need
to do to make this all work. But, I can't seem
to get my head completely around it. Someone's
help in setting up and getting it running would be
much appreciated.
Here's my present email set-up: latest sendmail,
as well as MailScanner, MailWatch, clamav, Bit
Defender, and spamassassin (which have been in
place, and running well, for five years) in DMZ.
I'd like to place Djigzo in front of my current
mail server, and use self-created certificates.
Again, help would be appreciated.
Dimitri
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
Hi,
I'm happy to announce a new release of Djigzo.
Djigzo now has a built-in CA which you can use to issue certificates for
internal and external users. A certificate and private key can be
securely sent to an external user. The external user can use the
certificate with any S/MIME capable email client. The message sent to
the external recipient contains a link to a page with help on how to
install the pfx file
www.djigzo.com/help/import_pfx.html
Why issuing certificates to external users?
My experience is that users find it hard to get their own certificates
(from Comodo, Thawte etc.). Another problem is that users will lose
their certificates (and private key) because of a system crash etc. The
Djigzo CA server can function as a "key escrow" for these users because
the administrator can sent a copy of the certificate and key. Users that
do not trust or do not want to use the build-in CA can get their own
certificate from a commercial certificate vendor.
Regards,
Martijn Brinkers
Change log 1.2.2:
* [Djigzo] New: built-in CA added. The CA can issue certificates for
internal and external users
* [Djigzo] New: Telephone numbers specified on the subject can be used
as for the SMS Text message number
* [Djigzo] Improvement: BB add-on. Attachment not supported by the
Blackberry are stripped. HTML only mail is converted to text
* [Djigzo] Improvement: BB add-on. Large attachment are now supported
* [Djigzo] Improvement: Root certificate is added when exporting
certificates and when signing messages
* [Djigzo] Improvement: CRLDistPointCertPathChecker added to certificate
path builder. Critical CRL dist points are now accepted
* [Djigzo] Improvement: Force "encrypt mode" added which overrules
noEncryption
* [Djigzo] Fix: mail.mime.parameters.strict system property added. This
is a workaround for mail created by Apple mac. The Apple mac mailer
'forgets' to quote filenames containing spaces
* [Djigzo] Change: SMS Text message now expires in 24 hours if not sent
(was 4 hours)
* [Djigzo] Change: PDF reply allowed is now false by default
* [Djigzo] Change: Default S/MIME encryption algorithm is now 3DES
because not all Windows versions support AES
* [Djigzo-Web] Improvement: Administrator can see who (user, domain) is
using a certificate
* [Djigzo-Web] Improvement: Rows per page for the grids can be set using
a system property
* [Djigzo-Web] Improvement: Certificate and CRL algorithms and more
properties can now be viewed
* [Djigzo-Web] Improvement: CRL certificate entries (the revoked serial
numbers) can be downloaded as a text file
* [Djigzo-Web] Change: Password validity interval should now be set in
minutes (old settings are converted)
* [Djigzo-Web] Change: Some user properties moved to advanced properties
* [Djigzo-VM] New: VMware tools can be rebuild from menu
* [Djigzo-VM] Improvement: Dialog shown on network configuration error
* [Djigzo-VM] Change: Jetty upgraded to 6.1.17
--
Djigzo open source email encryption gateway www.djigzo.com
We are currently using Zixit and looking for an alternative. With Zix when
a customer is sent an encrypted email they receive a link to a website where
they create an account and then see the email. What is the customer
experience with Djigzo?
Thanks,
Scott
--
"Rebellion to tyrants is obedience to God." --Thomas Jefferson