Friday, January 31, 2020

2019 year summary

2019 was quite intriguing and motivating. Fossa solution has got strong interest from tier 1 international companies. End-to-end encryption for Gmail is becoming a vital necessity while US head offices insisting regional offices to migrate to Gmail. Technical experts quickly realized that hosted S/MIME solution provided by G Suite from Google doesn't guarantee email privacy having a 10x bigger operational cost comparing with the Fossa solution.

At the beginning of 2019 Fossa Team has accomplished Gmail 2018 new UI support introducing preview pane support.

We have spent a remarkable amount of time to pass through a new Gooogle security requirements verification from May 2019 till October 2019 which included:

Basic Gmail web mobile support has been implemented following one of the requests from our customers giving the same user experience on the Android devices:



Yandex, Firefox, Opera browsers support has come as an alternative to Chrome browser is quite important for some of our potential clients.

Multiple email support in Subject Alternative Name extension is also the request "from the field" when companies practice long and short email addresses for the same employee.

The final and most wanted ability has become a full-text multi-language search inside S/MIME encrypted messages based on the manual generation and refreshing of the local search index.



2020 is promising to become rich in new features and capabilities.
Stay tuned.

Wednesday, January 8, 2020

Search inside S/MIME messages

Since V0.1.16 Fossa Guard Pro extension supports multi-language search inside S/MIME encrypted messages using a locally built full-text index which contains words statistics and does not contain the content of the messages.
You can download the index to ensure this fact - it has Elasticlunr format and stores statistics on email's subject, body and attachments` names.
Firstly, the user should decide what languages he would like to use for searching to use specific stemming and stopwords filtering from the following list:

  • English (default)
  • German
  • French
  • Spanish
  • Italian
  • Dutch
  • Danish
  • Portuguese
  • Finnish
  • Romanian
  • Hungarian
  • Russian
  • Norwegian
  • Swedish
  • Turkish

where English is the default language.
Please keep in mind that each additional language support slows down a bit indexing and searching.

Click `Build Search Index` to start the indexing all emails in all folders labeled by S/MIME label. Fossa Guard Pro tries automatically label all new incoming S/MIME emails basing on email's content type but anyway please make sure you have all emails planned for searching labeled.
User can be requested to confirm languages selection in case he has chosen more than 2 additional languages:

Once the confirmation received the index build will be started indicating the number of emails processed out of total S/MIME emails discovered.

Note that during the process User will be requested to enter the passphrase for the private key access to decoded S/MIME encrypted message. The passphrase will be cached for 10 minutes to make the indexing process convenient for the User

Once the index will be built it keeps the time of the last update to incrementally refresh the index in the future.

Index metadata contains also the language selection, the number of emails indexed and approximate size of the index. For the moment the index is stored in the local storage of the extension which is limited by 5 megabytes.
The User can

  • `Download` the index in JSON format (lately ability to import the index will appear which can be helpful for some special cases 
  • `Refresh` the index when all new emails since the time of last update will be checked on S/MIME content type and will be added to the index.
  • `Remove` the index 

To search indexed emails the User should use standard Gmail search bar with the `smime:` prefix:

The drop-down list should display a scrollable list of all matched emails so that the User points it and open in one click.

That's all about search in S/MIME emails implemented in Fossa Guard Pro version.
Happy New Year!

Monday, December 23, 2019

Multiple email addresses support in Subject Alternative Name

Fossa Guard web extension supports multiple email addresses since v0.4.18 (free) / v0.1.15 (pro) associated with a security certificate via Subject Alternative Name field which is an extension to X.509.


Tuesday, September 24, 2019

How to run Fossa Guard in Opera browser

1. Run Opera browser and install Opera addon which enables Chrome extensions in Opera

2. Navigate to Fossa Guard in Chrome Web Store and click 'Add to Opera'

3. Agree with the warning. Click 'Install' on the extension info screen and 'Yes, Install' on the next screen.

4. 'Login into Extension' by choosing the appropriate Gmail account

5. Navigate to Gmail - you have got S/MIME compose button and ability to send and to view S/MIME emails.
Please note that you should use the same Google account in Gmail and Fossa Guard extensions


Monday, August 19, 2019

How to run Fossa Guard on Android in Firefox browser

The guideline describes how to run a free version of Fossa Guard extension V0.4.9+ on mobile Firefox browser on Android platform to enable end-to-end S/MIME encryption on top of Gmail on your mobile.

On your Android mobile:

  1. Install and run the Firefox browser
  2. Navigate to Fossa site and click 'Free Firefox version'.
  3.  
  4. Click 'Download' and then 'Open' to install the Fossa Guard extension. 
  5. Fossa Guard for Firefox is distributed as self-hosted Firefox extensions thus you need to 'Allow' the installation
  6. Give FossaGuard the following permissions:
    • Access your data for all websites to enable Certificate Revocation Lists (CRL) download following links in the certificates.
    • Access browser tabs to enable the ability to create the tab for Google's authentication and to get the response.
  7. Navigate to Fossa Guard extension via Firefox browser 'Add-ons' menu and clicks on FossaGuard extension.
  8. Select FossaGuard extension and click 'Options' in the extension details window, to get Fossa Guard settings page.
  9. Click 'Login to Extension' to associate your Google account with Fossa Guard - a new tab should appear in Firefox browser with Google authentication. 
  10.  Authenticate to corresponding Google account (we use fossa.user@gmail.com)
  11. Allow Fossa Guard to use requested permissions. On success, Google authentication will be auto-closed. 
  12.  At this point you have 2 options: Import your backup personal Certificate and key OR Enroll free personal certificate from Fossa CA.
  13.  Option with Fossa certificate enrollment is described in the blog "How to run Fossa Guard on Android" so let's import the corresponding *.p12, *.sfx file with Certificate and Private key.
  14. Navigate to the mobile web version of Gmail
  15. Ensure that you logged into Gmail with the same Google account (we use fossa.user@gmail.com).  
  16. When select one of the Inbox folders you should notice the fancy green button at the right top with 'S/MIME' label. Click it to compose S/MIME email. 
  17. Type 3 letters of your recipient address and you should get a list of corresponding contacts for selection. Fossa Guard automatically checks if the addressee has got Fossa certificate and indicates it by the green color of the email pill.
  18.  
  19. Once you finished with composing S/MIME message, click 'Send S/MIME' and it will be sent using Gmail API and should appear in Sent folder marked by the corresponding label 'S/MIME'.
  20.  
  21. Click on S/MIME labeled email to check the details and you'll discover 'smime.p7m' attachment which is unreadable for Google robots and the notification from the extension that this email was composed using S/MIME. 
  22. Click 'View Content' and you'll be requested for the passphrase to access your private key (locally within your current browser session).
  23.  
  24. Once you provide the correct passphrase the extension will decrypt the message and show you in a dedicated window.
  25. If the email address of your Gmail account does not correspond to the email address of Google account associated with the extension you'll the notification to use the same account. This is the identity check Fossa Guard makes to secure access to the private key.

Saturday, August 10, 2019

How to run Fossa Guard on Android

The guideline describes how to run a free version of Fossa Guard extension V0.4.6+ on mobile Yandex browser on Android platform to enable end-to-end S/MIME encryption on top of Gmail on your mobile.

On your Android mobile:
  1. Install and run the Yandex browser
  2. Navigate to Chrome web store and find Fossa Guard free extension
  3. Click 'Add to Chrome' and then 'Add Extension' to install the Fossa Guard extension. 
  4. Navigate to Fossa Guard extension via Yandex browser 'Extensions' menu. 
  5.   
  6. Switch to Portrait mode for convenience (work on responsive UI is ongoing).
  7. Click 'Login to Extension' to associate your Google account with Fossa Guard - a new tab should appear in Yandex browser with Google authentication. 
  8. Navigate to this tab using Yandex tabs menu. Authenticate to corresponding Google account (we use fossa.user@gmail.com)
  9.  
  10. Allow Fossa Guard to use requested permissions. On success, Google authentication will be auto-closed. 
  11. Navigate back to Fossa Guard tab to check the settings.
  12.  
  13. At this point you have 2 options: Import your backup personal Certificate and key OR Enroll free personal certificate from Fossa CA.
  14. Fossa certificate enrollment is based on the local key pair generation in your Yandex browser without sharing the private key. Certificate Signing Request (CSR) to sign certificate by Fossa CA is initiated using SSL connection over HTTP. Click 'Enroll Fossa Certificate' to initiate the flow. 
  15.  
  16. To establish a secured SSL connection over HTTP navigate to 'Fossa.me Server', log in using the same Google account and copy the one-time shared secret.
  17.   
  18. Paste shared secret at Fossa Guard extension and proceed with the enrollment. 
  19. Once signed certificate is received back from Fossa CA, the extension asks for the strong passphrase to protect your private key (which stays within your browser all the time). 
  20. Your private key will be saved into the local Yandex browser storage within your phone and will never be compromised outside it.
  21.  
  22. Once the enrollment is done you should get an invitation to start secured mailing with Gmail. 
  23.  
  24. Navigate to the mobile web version of Gmail
  25. Ensure that you logged into Gmail with the same Google account (we use fossa.user@gmail.com).  
  26.  
  27. You should notice the fancy green button at the right top with 'S/MIME' label. Click it to compose S/MIME email
  28.   
  29. Type 3 letters of your recipient address and you should get a list of corresponding contacts for selection. Fossa Guard automatically checks if the addressee has got Fossa certificate and indicates it by the green color of the email pill.
  30.  
  31. Once you finished with composing S/MIME message, click 'Send S/MIME' and it will be sent using Gmail API and should appear in Sent folder marked by the corresponding label 'S/MIME'
  32. Click on S/MIME labeled email to check the details and you'll discover 'smime.p7m' attachment which is unreadable for Google robots and the notification from the extension that this email was composed using S/MIME. 
  33. Click 'View Content' and you'll be requested for the passphrase to access your private key (locally within your current browser session).
  34. Once you provide the correct passphrase the extension will decrypt the message and show you in a dedicated window.
  35. If the email address of your Gmail account does not correspond to the email address of Google account associated with the extension you'll the notification to use the same account. This is the identity check Fossa Guard makes to secure access to the private key.