Thursday, June 29, 2017

Fossa Guard Pro released

A year ago, we launched Fossa Guard as a free Chrome extension that helps people to send e-mails securely (e.g. in encrypted and signed form) using Google WebMail (Gmail) without leaving their loving browser. Since that time, we received a lot of feedback, did many enhancements and delivered several Fossa Guard versions to Chrome store. As far as Fossa Guard extension is free, and based on the S/MIME technology, all the S/MIME certificates are issued by our Certification Authority drove by us. However, one of the most requested features was to use S/MIME certificate issued by a corporate CA or even self-signed S/MIME certificate. Now, it becomes possible with Fossa Guard Pro.

No any changes to free Fossa Guard. We commit to support and enhance it in a way as before. We just added an option for some of you to use your own S/MIME certificates that are not somehow associated with a Fossa Certification Authorities. Both versions, Fossa Guard and Fossa Guard Pro, are available in Google Chrome Store:


However, we need to support our software and hardware infrastructure for our free users so they can continue using free secure e-mailing service as before. The price for a Fossa Guard Pro version is set to be only 1.99$ per month.

Going into details, with Fossa Guard Pro version you will have following benefits and features:
  • Your own S/MIME certificate, either created by you (e.g. self-signed) or signed by any trusted Certification Authority. Such certificate might be used to do all regular stuff, like e-mail signing or encrypting. This is achieved by importing of the PKCS#12 archive into Fossa Guard Pro. As usual, only you own private key, Fossa Guard Pro never sends your private key to any Internet server.
  • Your e-mail account that is not used to authenticate to Google services. If you own your own business with a separate e-mailing infrastructure or just want to send e-mails from an account different to Google, you are free to choose that while composing a new signed or encrypted e-mail. Just notice that such e-mail account must be present in your S/MIME certificate.
This is only the beginning. We have many other important features in our backlog, and updates will come sooner than you expect. Stay tuned.


Thursday, March 16, 2017

S/MIME interoperability videos index

Fossa Team has finished a filming season and is glad to supply our users with a full list of how-to videos demonstrating how to install Fossa certificates and start S/MIME mailing for the following platforms:



We try to follow the same scenario in all videos to simplify understanding:
  • User delivers PKCS#12 archive (with his private key and certificate protected by a passphrase) by sending it as an attachment to himself. 
  • User installs PKCS#12 archive into the email client User would like to exchange S/MIME messages from/to Gmail.
  • User installs Fossa Root F1 and Sub F2 certificates. Set Fossa Root F1 as a trusted certificate and ensure that certificate chain validation works correctly. 
  • User sends S/MIME signed and encrypted message between Gmail and selected email client demonstrating signature validness and decrypted (with attachments) content. 
Please let us know if you missed something while configuring S/MIME exchange for mail clients mentioned above.

Monday, February 20, 2017

Fossa Guard permissions explained.

Permissions FossaGuard requests often provoke questions about the reason and the necessity. Let us explain it in details.

0. Know your email address
Well, it sounds logical

1. Compose and send new mail. 
Looks reasonable once we would like to compose and to send signed / encrypted S/MIME messages. 

2. View, manage and permanently delete your mail in Gmail. 
View also looks normal since we gonna view S/MIME messages. Manage and delete sounds rather intriguing but it let us create and keep a single copy of encrypted S/MIME message in your Sent box when you send it to several recipients. It is your personal copy you can view when in fact each your recipient has got a copy encrypted specifically for him.

3. Create, update and delete labels. 
For your convenience, we create (if not exists) S/MIME label and mark S/MIME messages by it.

4. View your settings (e.g. filters and labels). 
Helps us to check if you already have S/MIME label or not.

5. Read and change all your data on the websites you visit. 
This is #1 reason for questioning us. The reason Fossa Guard requires this permission is the necessity to download Certificate Revocation List (CRL) from URLs discovered in your certificates. Fossa CRL is accessible at https://fossa.me/crl/f2.crl by the way. Certification validation vs actual CRL is a mandatory check according to the specification and it was introduced since V0.2.1.

One can also understand it as also the permission to read browser history, but it's not actually it. There is an interesting and sometimes funny discussion about the right sentence for the last permission.


Please do not hesitate to contact us for further explanations if you need.

Always yours,
Fossa Team

Thursday, February 2, 2017

Fossa Guard V0.3.1 Interoperability Mission

New V0.3.1 (aka beta 3) of free S/MIME solution for Gmail has been released with Interoperability mission on board. Below supported and tested scenarios:



Sent TO Gmail + FossaGuard from

Mozilla Thunderbird Outlook (desktop) iOS Mail Android CipherMail
multipart/signed OK OK OK OK
signed-data OK
enveloped-data OK OK OK OK
enveloped-data (multipart/signed) OK OK OK OK
enveloped-data (signed-data) OK

Sent FROM Gmail + FossaGuard to

Mozilla ThunderbirdOutlook (desktop)iOS MailAndroid CipherMail
signed-dataOKOKOKOK
enveloped-dataOKOKOKOK
enveloped-data (signed-data)OKOKOKOK

Documentation and video updates are coming soon ...

With love from Fossa Team 
on Groundhog day, 2017


Friday, January 13, 2017

Fossa Guard V0.2.7 CRL support restrictions

New V0.2.7 has been released to skip inaccessible Certificate Revocation List (CRL) during certificate validation procedure.
Full-featured CRL management has been requested to make User able to tune certificates validation preferences

Friday, December 30, 2016

Fossa Guard V0.2.6 Preview pane support

New V0.2.6 has been released to address following points:

  • Google preview pane support,
  • X.509 v1 certificate support based on VeriSign example.

Happy new Year!
Stay tuned for new Fossa Guard features like iOS Mail, Outlook interoperability.





Monday, December 5, 2016

Fossa Guard V0.2.3 Attachments 1 Mb. Thumbprint vs Fingerprint

New V0.2.3 has been released to address following points:

  • Bigger attachments support. File size limit has been increased up to 1 Mb with a 4Mb limit in total for all attachments. 
  • Passphrase dialog became more friendly allowing 3 attempts before closing email.
  • Fingerprint term replaced thumbprint which (as we discovered on the wiki) is Microsoft specific.
  • Minor typos and bugs have been fixed like accurate personal certificate status display.