Fossa Guard Pro V0.1.9 - addressing usability.

Fossa Team is proud to announce new 0.1.9 version of Fossa Guard Pro extension for Chrome which enables end-to-end Gmail encryption and signing using S/MIME specification.

The new release includes following features:

• Local (in-browser) self-signed X.509 certificate generation and enrollment providing a basis for end-to-end secure communication without a necessity to establish the trust to third parties.

• Private key passphrase caching for fixed 10 minutes helping a User to reduce annoying passphrase manipulations.

• Pre-enrolled trusted Root / Sub certificates from major vendors GlobalSign, Comodo, WISeKey, DigiCert making 3d party certificates validation simple.

Please note that Fossa Team is working on the cumulative update for free Fossa Guard extension as well.

Stay tuned!

Fossa Guard Pro released

A year ago, we launched Fossa Guard as a free Chrome extension that helps people to send e-mails securely (e.g. in encrypted and signed form) using Google WebMail (Gmail) without leaving their loving browser. Since that time, we received a lot of feedback, did many enhancements and delivered several Fossa Guard versions to Chrome store. As far as Fossa Guard extension is free, and based on the S/MIME technology, all the S/MIME certificates are issued by our Certification Authority drove by us. However, one of the most requested features was to use S/MIME certificate issued by a corporate CA or even self-signed S/MIME certificate. Now, it becomes possible with Fossa Guard Pro.

No any changes to free Fossa Guard. We commit to support and enhance it in a way as before. We just added an option for some of you to use your own S/MIME certificates that are not somehow associated with a Fossa Certification Authorities. Both versions, Fossa Guard and Fossa Guard Pro, are available in Google Chrome Store:

• Fossa Guard
• Fossa Guard Pro

However, we need to support our software and hardware infrastructure for our free users so they can continue using free secure e-mailing service as before. The price for a Fossa Guard Pro version is set to be only 1.99$ per month.

Going into details, with Fossa Guard Pro version you will have following benefits and features:

• Your own S/MIME certificate, either created by you (e.g. self-signed) or signed by any trusted Certification Authority. Such certificate might be used to do all regular stuff, like e-mail signing or encrypting. This is achieved by importing of the PKCS#12 archive into Fossa Guard Pro. As usual, only you own private key, Fossa Guard Pro never sends your private key to any Internet server.

• Your e-mail account that is not used to authenticate to Google services. If you own your own business with a separate e-mailing infrastructure or just want to send e-mails from an account different to Google, you are free to choose that while composing a new signed or encrypted e-mail. Just notice that such e-mail account must be present in your S/MIME certificate.

This is only the beginning. We have many other important features in our backlog, and updates will come sooner than you expect. Stay tuned.

S/MIME interoperability videos index

Fossa Team has finished a filming season and is glad to supply our users with a full list of how-to videos demonstrating how to install Fossa certificates and start S/MIME mailing for the following platforms:

• Apple Mail on OS X 
• iOS Mail on iPad
• Android Mail + CipherMail
• Microsoft Outlook (Windows desktop)
• Mozilla Thunderbird (Windows desktop)
• Certificates installation on Windows 7

We try to follow the same scenario in all videos to simplify understanding:

• User delivers PKCS#12 archive (with his private key and certificate protected by a passphrase) by sending it as an attachment to himself. 
• User installs PKCS#12 archive into the email client User would like to exchange S/MIME messages from/to Gmail.
• User installs Fossa Root F1 and Sub F2 certificates. Set Fossa Root F1 as a trusted certificate and ensure that certificate chain validation works correctly. 
• User sends S/MIME signed and encrypted message between Gmail and selected email client demonstrating signature validness and decrypted (with attachments) content. 

Please let us know if you missed something while configuring S/MIME exchange for mail clients mentioned above.

Fossa Guard permissions explained.

Permissions FossaGuard requests often provoke questions about the reason and the necessity. Let us explain it in details.

0. Know your email address
Well, it sounds logical

1. Compose and send new mail. 
Looks reasonable once we would like to compose and to send signed / encrypted S/MIME messages. 

2. View, manage and permanently delete your mail in Gmail. 
View also looks normal since we gonna view S/MIME messages. Manage and delete sounds rather intriguing but it let us create and keep a single copy of encrypted S/MIME message in your Sent box when you send it to several recipients. It is your personal copy you can view when in fact each your recipient has got a copy encrypted specifically for him.

3. Create, update and delete labels. 
For your convenience, we create (if not exists) S/MIME label and mark S/MIME messages by it.

4. View your settings (e.g. filters and labels). 
Helps us to check if you already have S/MIME label or not.

5. Read and change all your data on the websites you visit. 
This is #1 reason for questioning us. The reason Fossa Guard requires this permission is the necessity to download Certificate Revocation List (CRL) from URLs discovered in your certificates. Fossa CRL is accessible at https://fossa.me/crl/f2.crl by the way. Certification validation vs actual CRL is a mandatory check according to the specification and it was introduced since V0.2.1.

One can also understand it as also the permission to read browser history, but it's not actually it. There is an interesting and sometimes funny discussion about the right sentence for the last permission.

Please do not hesitate to contact us for further explanations if you need.

Always yours,
Fossa Team

Fossa Guard V0.3.1 Interoperability Mission

New V0.3.1 (aka beta 3) of free S/MIME solution for Gmail has been released with Interoperability mission on board. Below supported and tested scenarios:

Microsoft Outlook specifics 

One interesting issue was discovered during integration with MS Outlook. As you may know, S/MIME depends on PKCS#7 format to transfer messages. In its turn, PKCS#7 relies on ASN.1 DER/BER encoding. DER/BER encoding is standard TLV (Type / Length / Value) and Length can be encoded in 2 forms: a definite length form and an indefinite length form (refer to X.690 8.1.3). 

Every e-mail client we tested Fossa Guard with supports both Length forms, however, MS Outlook supports only indefinite length form.

Sent TO Gmail + FossaGuard from

	Mozilla Thunderbird	Outlook (desktop)	iOS Mail	Android + CipherMail
multipart/signed	OK	OK	OK	OK
signed-data		OK
enveloped-data	OK	OK	OK	OK
enveloped-data (multipart/signed)	OK	OK	OK	OK
enveloped-data (signed-data)		OK

Sent FROM Gmail + FossaGuard to

	Mozilla Thunderbird	Outlook (desktop)	iOS Mail	Android + CipherMail
signed-data	OK	OK	OK	OK
enveloped-data	OK	OK	OK	OK
enveloped-data (signed-data)	OK	OK	OK	OK

Documentation and video updates are coming soon ...

With love from Fossa Team 

on Groundhog day, 2017

Fossa Guard V0.2.7 CRL support restrictions

New V0.2.7 has been released to skip inaccessible Certificate Revocation List (CRL) during certificate validation procedure.
Full-featured CRL management has been requested to make User able to tune certificates validation preferences