Friday, December 30, 2016

Fossa Guard V0.2.6 Preview pane support

New V0.2.6 has been released to address following points:

  • Google preview pane support,
  • X.509 v1 certificate support based on VeriSign example.

Happy new Year!
Stay tuned for new Fossa Guard features like iOS Mail, Outlook interoperability.

Monday, December 5, 2016

Fossa Guard V0.2.3 Attachments 1 Mb. Thumbprint vs Fingerprint

New V0.2.3 has been released to address following points:

  • Bigger attachments support. File size limit has been increased up to 1 Mb with a 4Mb limit in total for all attachments. 
  • Passphrase dialog became more friendly allowing 3 attempts before closing email.
  • Fingerprint term replaced thumbprint which (as we discovered on the wiki) is Microsoft specific.
  • Minor typos and bugs have been fixed like accurate personal certificate status display.

Wednesday, November 23, 2016

Fossa Guard V0.2.2. Call for OCSP support

Fossa Team has updated Fossa Guard to V0.2.2 following requests from our users about extension hangs up while working with certificates issued by

A small investigation has been done with Certificate Revocation Lists (CRLs) available at and it was discovered that CAcert's CRL is the biggest one -  around 8Mb.

It contains certificates revoked since 2002 which looks reasonable only in the case when there are certificates issued for 14+ years which have a high probability of being revoked.

Unfortunately is not practical to handle such big CRLs in the browser thus we limited size of supported CRL by 512Kb to avoid time-consuming download and decoding.

So it looks like there is a strong request to implement Online Certificate Status Protocol (OCSP) support in new versions of Fossa Guard making possible to perform single certificate check if it has been revoked or not.

Tuesday, November 22, 2016

New certificate validation and CRL support

In V0.2.1 Fossa Guard has changed certificate validation procedure by new crypto lib integration.

New certificate validation mechanism checks full certificate chain up to the Root certificate (which should be definitely in the list of trusted) with respect to corresponding Certificate Revocation Lists (CRLs).

Thus a CRL management mechanism was introduced to let new certificate validation performs full-functional validity check.

On each certificate validation, Fossa Guard checks actuality of all CRLs mentioned in CRL distribution points in the certificate and in trusted certificates.

CRLs with expired dates are downloaded using Fetch API and are stored in the local storage.

Then corresponding stored CRLs are routed to certificate validation routine inside the crypto lib.

Please note that from V0.2.1 due to CRL support Fossa Guard requires permission to download files from all the sites.

Tuesday, November 1, 2016

Fossa Guard V0.2.1 is available

Hi All

Fossa Guard V0.2.1 is available now to bring users new certificate management abilities:

  • Certificate Re-enrollment as simple as possible utilizing existing key pair and passphrase meaning once your current free certificate (limited by 3 months) expires you will be able easily to renew it to continue S/MIME mailing at the same time keeping a possibility to read your old emails. 
  • Certificate Revocation Lists (CRL) support  implemented to allow you explicitly revoke any your certificate issued by server. The revoked certificate will no longer pass certificate validation. CRL is updated every hour at server so that your recipients can be aware within 1 hour since you revoke your certificate on the server. 

Note that Certificate validation mechanism has been also changed to fully support CRLs including downloading and actualization the lists of revoked certificates for all certificates in the extension.

There are also several improvements and bug fixes:
  • Signed message now includes Fossa Root F1, Fossa Authority F2 certificates as well helping 3d party clients to easily build full Fossa certificate chain.
  • Certificate import mechanism has been improved so that extension detects CA certificates and proposes corresponding storage providing certificate preview with SHA-1 / SHA-256 fingerprints.
  • Missing MIME types support: application/x-pkcs7-mime, application/x-pkcs7-signature 
  • Email address longer than 32 symbols has been cut inside EST component on server. Now it's fixed. Thanks a lot to Kim and Michael who reported us the problem. 
  • Bug when extension freezes on certificate chain validation with self-signed certificate - thanks to Armin.

Thanks to our 145 users! Your feedback is highly appreciated.

Everybody welcome to try our new version and discover how easy secure S/MIME mailing  can be.

Fossa S/MIME certificates stay free for personal usage and are renewable now.

Best regards,
Fossa Team

Thursday, September 22, 2016 introduces CRL for CA issuing S/MIME certificates received an update which introduces CRL support for Fossa.Me Authority F2 Certification Authority. CRL (or Certificate Revocation List) is a list of revoked certificates (or more precisely their serial numbers), users presenting those certificates (had been revoked earlier) are no longer trusted.

Fossa.Me Authority F2 implements CRL in accordance to RFC 5280. The CRL is issued every hour. Also provides a way for authorized and authenticated user to revoke one of his/her own certificates on the Web page.

As well, now our new users will receive an e-mail containing details about issued certificate and its validity dates.

Thursday, September 15, 2016

Terms and conditions update. Privacy aspects.

By this terms update Fossa Team would like to explicitly state that Fossa Guard extension keeps private key within User's Google account space and does not transfer or copy it somewhere else in any form.

User's private key is packaged into PKCS#12 secured by a passphrase. Each private key usage is adviced by a corresponding popup asking User for the passphrase. server keeps a registry of all issued certificates associated with User's public information from Google account. It helps to identify and validate recipients with Fossa certificates during mailing.

Fossa Team keeps a right to revoke issued Fossa certificate in the case of law enforcement appeals or judicial decisions.

Do not hesitate to share your opinion, question or advice for terms update below.

Fossa Guard V0.1.4 update

An update V0.1.4 is available dedicated to 'x-' content types support:

  • application/x-pkcs7-signature
  • application/x-pkcs7-mime

Tuesday, September 13, 2016

Fossa Guard V0.1.3 update

Fossa Team is glad to announce V0.1.3 update of Fossa Guard - a Chrome extension to enable S/MIME support for Gmail

It supports multipart/signed messages with abilities to view included certificates and to add them to trusted / endpoint lists.

Cc / bcc are supported as well with an option `Reply to All`

Please refer to a new video on our channel demonstrating new functionality.

Saturday, July 23, 2016

Fossa Guard - S/MIME extension for desktop Chrome and Gmail.

Fossa Team has released a beta version of Fossa Guard an extension for Chrome which enables S/MIME mailing on top of Gmail.

Fossa Guard has autonomous Compose / View dialog to avoid plain content auto-saving and provides mail signing, encryption functionality based on X.509 certificates issued by Fossa.Me service. 

Attachments are supported as well though limited by 100KB each.
Certificates are associated with Google Chrome accounts and are free for public usage for 3 months (beta limitation).

Fossa Guard is supplied with a certificate enrollment (via CSR / PKCS#10) wizard and third-party trusted / endpoint certificates import / export  in DER/PEM formats.

Private key resides  in protected by a passphrase PKCS#12 archive on Chrome sync storage alongside with other certificates.
It guarantees synchronization between multiple user's computers.

Check out YouTube how-to videos