Sunday, June 28, 2020

Fossa Guard Pro 1.0 S/MIME signed support

Send S/MIME signed message


  • application/pkcs7-mime with SignedData by restricting access to the signature (since G Suite uses this format to sign messages)
  • multipart/signed by rearranging MIME parts of the message converting to multipart/mixed

The following approach has been implemented to send S/MIME signed emails:

  • to *@gmail.com addresses multipart/mixed format used with smime.p7m attachment which contains original S/MIME multipart/signed message with signature due to the following reasons:
    • User will be able to see message content, files without any extension
    • User will be able to view content, files of the original message with the digital signature using of Fossa Guard
  • to all other addresses a standard S/MIME SignedData format due to the following reasons:
    • G Suite accounts use custom domains, 
    • G Suite uses SignedData format internally for S/MIME signed messages
    • Gmail doesn't mangle message to external addresses

Signature status indication

When User opens S/MIME signed message in Gmail UI Fossa Gard extension tries to verify the signature 
Once S/MIME signature verified the corresponding status is indicated. 
Fossa Guard replaces the content of the message by the original read from smime.p7m attachment. 


A new button `View Original  Message` becomes available to open the email in Fossa Guard View dialog with original message content and original attachments


Signature verification 



  • The attached certificate chain is not used in the email signature verification procedure until added to the list of trusted. 
  • Email signature verification is performed per email Sent date

Fossa Guard Pro 1.0 improvements


Roboto font

  • Roboto font has been introduced as a default font to be aligned with the overall Gmail appearance.

Compose / View dialogs

  • Fossa Guard Compose / View dialogs can be minimized by the click on the header not to block creating and viewing other S/MIME emails.



  • Minimized Compose / View dialogs are represented as bars at the bottom of the Gmail window and can be restored by the click on the subject or closed by the click on the cross icon.

Search Index



  • Search index size is presented in the form of a bar indicating the amount of available space.


Informational warnings for error cases


  • Informational alerts and warnings have been added for extension invalidation, user authentication, authorization, and synchronization errors.

See detailed article on the point: http://fossaguard.blogspot.com/2020/03/fossa-guard-authentication-and.html

Recipient certificate details and status

Recipients are presented by the pillows indicating the status of user certificate by the color and the corresponding icon, considering:

  • Green - there is at least one valid certificate for the email address
  • Red - there is at least one invalid certificate for the email address
  • Grey - there is no certificate for the email address



Click on the recipient's pillow opens `Recipient Details` popup with the information from the Contacts (photo, name, email) and list of certificates found in the local Chrome extension storage. There are in-place options to

  • Load certificate from the file
  • Load certificate from Fossa registry


Click on the certificate info opens `Certificate Details` popup displaying the internal information of the selected certificate.


    Fossa Guard Pro 1.0 released

    27 of June 2020

    Glad to announce Fossa Guard Pro 1.0 commercial release is available at https://chrome.google.com/webstore/detail/fossaguardpro-encrypt-gma/opfepnmdnnmiiemnkhaneagicmlakdjh


    S/MIME end-to-end encryption Chrome extension for Gmail with
    • S/MIME formats supported (including attachments)
      • Sign
      • Encrypt
      • Sign-then-Encrypt
    • Constant pricing about $1.99 per month 
    • Interoperability tested with
      • Outlook
      • Thunderbird
    Release details should come in further articles on this blog.

    Future plans 

    • Triple wrapping: Sign-then-Encrypt-then-Sign considering 2 private keys
    • Firefox, Opera, Yandex browsers support  
    • Mobile Gmail web version support