Official eMule-Board: Setting Up Notification Encryption - Official eMule-Board

Jump to content


Page 1 of 1

Setting Up Notification Encryption Small guide...

#1 User is offline   mystiqq 

  • Advanced Member
  • PipPipPip
  • Group: Members
  • Posts: 55
  • Joined: 26-November 02

Post icon  Posted 18 January 2007 - 03:09 PM

Ive spent "sometime" figuring out how to actually get the notification encryption to work and i finally got it few days ago. I thought i share my finding here...

This "guide" will show how to setup self-signed certificate and use it to encrypt notification emails. Also ill be showing how to read these encrypted emails with Thunderbird. Note that im using Windows XP Professional.

Im assuming that you already got the email notification configured and working without the encryption.

First thing you need is to get a program that creates self-signed certificates. I used sylikc.NET Self-Signed Certificate (url below). Ill be using this tool as its has GUI etc. but theres intructions, along with the program download, in the page how to do the same thing with OpenSSL.

http://secure.sylikc...ex.old.php#sscc

Install/extract the program and make sure you have .NET installed, you probably notice if you dont have it installed. Start the program. For me at least it shows a "warning" window telling me that im running this program standalone etc., just click OK.

You should see now two windows and on the right theres buttons for "simple mode" and "advanced mode". Pick the "advanced mode".

Now on the left window we'll start filling up the nessary information starting with the CA password. This is up to you but you have to remember these password(s) because you need them later on. However, to keep it simple, i picked one password for all the fields. Yes, not exactly secure but works fine for testing purposes. :)

Next is the country name (code), put whatever you want here. I dont think theres any real use for this in our case. Also the state or province name seems to be non-important as well but its required so put whatever you want there as well.

The organization name has some use as at least Thunderbird lists all the certificates by using these so pick something that starts with the letter A or a number so that its high above in the list so you dont have to go through the whole list of certificate authors. Use something like "Absolutely Nothing" or whatever.

Common name needs to be something different from our "self-signed certificate" name so lets use something simple like "Emule CA"(without the quotes). Use that for now. Once you get things working you can do this all over again and pick whatever you want but for now lets use that.

Now you should have all the required "Certificate Authority(CA)" fields filled, next is the "Your Self-Signed Certificate". Press the "Use same input as above" button on the so that we can add different information for the fields below. eg. the button should be in the "off" position or not pressed.

Cert Password, same as before, pick something you can remember or for testing use same password that you used for "CA password". Only required field besides the password is the common name, for now use "Emule SSC" (without the quotes). Keep the other fields empty in this section.

In the Export Settings pick a password for this one, for now just use the same password as for all the other password fields. Set the PKCS file name to "emulecert.p12" and save it to the directory where you extracted/installed the program. Number of years before certificate expires can be whatever you want, i used the maximum, 10 years. For Certificate name use something like "Emule Cert" or "Emule Encryption Cert", whatever.

Note that you can save the settings to a file so you can do this again easily later on. Only thing that will be erased are the passwords. Now press GO button. You should now have the "emulecert.p12" created along with the "ca_cert.crt" file, you need to keep these two safe. eg. copy these two files somewhere.

You have now created a self-signed certificate, next thing is to install it to the computer that is running Emule and then test it. To do this, get the .p12 file to the computer that has the Emule and copy the .p12 file to that computer. To install the certificate, right click (double clicking should work also) on the file and pick "Install PFX".

If for some reason you dont have this option visible, go to your start menu and choose "Run". Now type "certmgr.msc" (without the quotes). You should now see the "Certificates" window. Next select one of the certificate categories from the left side, for example the "personal" and then right click on it (or press the action button above), then select All Task and Import. Press next and then browse the "emulecert.p12" file and select it. You need to now type in the "private key" password. Make sure you check the "Mark this key as exportable" option, just in case.

In the "Certification Store" window, select the "Place all certificates in the following store". Find and select the "Other people". Note that for some reason i initially didnt have this option visible, no idea how i got it there. Anyways, just press next and then finish. The certificate is now installed to the "addressbook", in other words the "other people", store.

To make sure that the certification is really installed, close the "Certificates" window and restart it (Start menu->Run->"certmgr.msc"). Find the "other people" store and select certificates. You should see "Emule CA" and "Emule SSC" certificates.

Now all you need is to edit the Emule preferences.ini file in the "Emule\config\" directory and add/edit the "NotifierMailEncryptCertName=Emule SSC" (w/o quotes) line below the [Emule] tag. You have to restart the Emule before this works. To test this, start Emule and pick the "verbose" (below next to the log tab). If you dont have this, turn it on from Options->Extended->"Verbose". When you get that working, go to Options->Notifications and press the Test button. You should now see some information shown in the verbose display. If the text isnt red, then i think you are doing ok. If theres no warnings or anything, you should now have the encryption working.

Next thing is to configure Thunderbird so that you can read/decrypt the messages. Note that email subject line are never encrypted.

Start Thunderbird and go to Options->Privacy->Security->"View Certificates. First you have to import certificate to the "Authorities" or else it wont work. So select "Authorities" and press "Import" button. Now you need the "ca_cert.crt" file that we copied earlier along with the .p12 file. Find and select the .crt file. You should now have "Downloading Certificate" window. Check the "Trust this CA to identify email users" and press OK. You should now see the certificate added to the list, look for the organization name you gave for the certificate.

Next select the "Your Certificates" and click "Import". Now find and select the "emulecert.p12" file we created. It will ask for a password. I think this is a password that it asks when you first time try to import certificate so im not exactly sure. However, you can change the password from Options->Privacy->Security->"Security Devices" and select the "Software Security Device". If you manage to enter all the passwords correctly you should now have the decryption working. After the "Software Security" password, it asks for the certificate password and its done. You SHOULD be able to read the encrypted emails now.

For Outlook people, perhaps there useful info here...
http://secure.sylikc...utlook.php?SSCC

Sources:
http://kb.mozillazin...IME_certificate
http://redirect.sylikc.net:8080/

The sylikc page seems to be down at the moment...

This post has been edited by birk: 13 March 2007 - 07:12 PM

0

#2 User is offline   PacoBell 

  • Professional Lurker ¬_¬ (so kyoot!)
  • PipPipPipPipPipPipPip
  • Group: Moderator
  • Posts: 7296
  • Joined: 04-February 03

Posted 18 January 2007 - 05:41 PM

Hmm...certainly useful information. Do you mind if I move it to the Quick Help & Guides forum?
Sed quis custodiet ipsos custodes
Math is delicious!
MmMm! Mauna Loa Milk Chocolate Toffee Macadamias are little drops of Heaven ^_^
Si vis pacem, para bellum DIE SPAMMERS DIE!

#3 User is offline   leuk_he 

  • MorphXT team.
  • PipPipPipPipPipPipPip
  • Group: Members
  • Posts: 5975
  • Joined: 11-August 04

Posted 18 January 2007 - 06:56 PM

:goodpost:

maybe some mod can move this to the guides when this topics drops down.....

THis clearly needs some batch program/script to assist the user. any takers?

Quote

Now all you need is to edit the Emule preferences.ini file in the "Emule\config\" directory and add/edit the "NotifierMailEncryptCertName=Emule SSC" (w/o quotes)


Morph 9.3 has just added that option in the extended settings. That will save you a restart.
Download the MorphXT emule mod here: eMule Morph mod

Trouble connecting to a server? Use kad and /or refresh your server list
Strange search results? Check for fake servers! Or download morph, enable obfuscated server required, and far less fake server seen.

Looking for morphXT translators. If you want to translate the morph strings please come here (you only need to be able to write, no coding required. ) Covered now: cn,pt(br),it,es_t,fr.,pl Update needed:de,nl
-Morph FAQ [English wiki]--Het grote emule topic deel 13 [Nederlands]
if you want to send a message i will tell you to open op a topic in the forum. Other forum lurkers might be helped as well.
0

#4 User is offline   mystiqq 

  • Advanced Member
  • PipPipPip
  • Group: Members
  • Posts: 55
  • Joined: 26-November 02

Posted 18 January 2007 - 09:29 PM

I dont mind thats its moved to the right place. :)

If theres any problems or anything, just post them here. Also it seems that the sylikc site is still down, it might be cos of the storm thats raging in europe (just a guess).

This post has been edited by mystiqq: 18 January 2007 - 09:38 PM

0

#5 User is offline   mystiqq 

  • Advanced Member
  • PipPipPip
  • Group: Members
  • Posts: 55
  • Joined: 26-November 02

Posted 20 January 2007 - 04:24 AM

Sylikc is still down so i thought i upload the files i downloaded from the site. Heres a pack of the what i have on my harddrive.

http://www.filefacto...om/file/209a60/

I included sample setting file for emule for anyone who cares. :)

Also note that there are other selfcert programs...
http://www.abylonsoft.com/frame.htm

Havent tested this one really, this was the first of the programs i tracked down but i decided to use the Sylikc as it outputs the crt file as well that i needed for Thunderbird. I believe after importing the pfx or p12 file to windows, you can export it as .cer file which i think is the same as .crt file. Cant be sure about this but anyway, i thought i mention it.

This post has been edited by mystiqq: 20 January 2007 - 04:27 AM

0

  • Member Options

Page 1 of 1

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users