Showing posts with label guard. Show all posts
Showing posts with label guard. Show all posts

Friday, March 6, 2020

Technical details about Chrome extension

Installation 

During the installation on Windows 10 Chrome extension artifacts are copied into the folder for default Chrome account:
C:\Users\<Windows Login>\AppData\Local\Google\Chrome\User Data\Default

Note that if Windows user has several Chrome accounts, each Chrome account has its own set of installed extensions with root located at
C:\Users\<Windows Login>\AppData\Local\Google\Chrome\User Data\Profile<N>

Source files 

Source files of Chrome extension are stored in the sub-folder named after the id and the version of the extension:
...\Extensions\<Extension ID>\<Extension Version>\

Local Storage

Local storage of Chrome extensions is stored at the: 
...\Local Extension Settings\<Extension ID>\


Note that: 

  • local storage is isolated from common Chrome storages: Local, Session or IndexedDB
  • local storage can be accessed only from the corresponding Chrome account using Developer Tools
  • local storage has levelDb format 

State Management

Navigate to chrome://extensions to manage extensions for the currently logged Chrome user.

User can:

  • Enable / Disable extension
  • Update / Refresh
  • Remove
  • Navigate to Background page (Developer mode) 
  • Review Errors log (Developer mode)

Using Developer mode one can install extensions from not only Chrome Web Store but from a local drive as well using 'Load unpacked'.

Components


Fossa Guard extension consists of 3 main components linked via messaging

  • Content script operates on Gmail page in the dedicated iframe, communicates with Gmail via DOM messages, observing DOM events, communicates with Background Script via Chrome messages.
  • Settings page provides user UI to manage certificates and keys
  • Background script is responsible for cryptography, uses with extension storages and communicates external services via http(s) calls.







Monday, February 24, 2020

Reply and Forward in S/MIME format

From V0.1.17 Fossa Guard Pro enables Reply All, Reply and Forward for plain-text messages via the dedicated bar on top of each email.

When clicked, it opens FossaGuard compose dialog with the content of the selected email and the options to encrypt and to sign the replied (forwarded) message.

You should click on the email to view content to be able to access the bar and reply (or forward) the specific email from the thread.

Auto-indexing option

Starting from V0.1.17 Fossa Guard Pro supports the option to auto-index S/MIME emails during reading meaning that the search index is auto-updated.

Emails that are left unread can be indexed manually by clicking `Refresh` link it actualize the index from last update time up to the current time.
Note that the search index is limited by extension local storage size quota around 5Mb https://developer.chrome.com/apps/storage#property-local


Saturday, August 10, 2019

How to run Fossa Guard on Android

The guideline describes how to run a free version of Fossa Guard extension V0.4.6+ on mobile Yandex browser on Android platform to enable end-to-end S/MIME encryption on top of Gmail on your mobile.

On your Android mobile:
  1. Install and run the Yandex browser
  2. Navigate to Chrome web store and find Fossa Guard free extension
  3. Click 'Add to Chrome' and then 'Add Extension' to install the Fossa Guard extension. 
  4. Navigate to Fossa Guard extension via Yandex browser 'Extensions' menu. 
  5.   
  6. Switch to Portrait mode for convenience (work on responsive UI is ongoing).
  7. Click 'Login to Extension' to associate your Google account with Fossa Guard - a new tab should appear in Yandex browser with Google authentication. 
  8. Navigate to this tab using Yandex tabs menu. Authenticate to corresponding Google account (we use fossa.user@gmail.com)
  9.  
  10. Allow Fossa Guard to use requested permissions. On success, Google authentication will be auto-closed. 
  11. Navigate back to Fossa Guard tab to check the settings.
  12.  
  13. At this point you have 2 options: Import your backup personal Certificate and key OR Enroll free personal certificate from Fossa CA.
  14. Fossa certificate enrollment is based on the local key pair generation in your Yandex browser without sharing the private key. Certificate Signing Request (CSR) to sign certificate by Fossa CA is initiated using SSL connection over HTTP. Click 'Enroll Fossa Certificate' to initiate the flow. 
  15.  
  16. To establish a secured SSL connection over HTTP navigate to 'Fossa.me Server', log in using the same Google account and copy the one-time shared secret.
  17.   
  18. Paste shared secret at Fossa Guard extension and proceed with the enrollment. 
  19. Once signed certificate is received back from Fossa CA, the extension asks for the strong passphrase to protect your private key (which stays within your browser all the time). 
  20. Your private key will be saved into the local Yandex browser storage within your phone and will never be compromised outside it.
  21.  
  22. Once the enrollment is done you should get an invitation to start secured mailing with Gmail. 
  23.  
  24. Navigate to the mobile web version of Gmail
  25. Ensure that you logged into Gmail with the same Google account (we use fossa.user@gmail.com).  
  26.  
  27. You should notice the fancy green button at the right top with 'S/MIME' label. Click it to compose S/MIME email
  28.   
  29. Type 3 letters of your recipient address and you should get a list of corresponding contacts for selection. Fossa Guard automatically checks if the addressee has got Fossa certificate and indicates it by the green color of the email pill.
  30.  
  31. Once you finished with composing S/MIME message, click 'Send S/MIME' and it will be sent using Gmail API and should appear in Sent folder marked by the corresponding label 'S/MIME'
  32. Click on S/MIME labeled email to check the details and you'll discover 'smime.p7m' attachment which is unreadable for Google robots and the notification from the extension that this email was composed using S/MIME. 
  33. Click 'View Content' and you'll be requested for the passphrase to access your private key (locally within your current browser session).
  34. Once you provide the correct passphrase the extension will decrypt the message and show you in a dedicated window.
  35. If the email address of your Gmail account does not correspond to the email address of Google account associated with the extension you'll the notification to use the same account. This is the identity check Fossa Guard makes to secure access to the private key.