diff options
Diffstat (limited to 'l10n-en-GB/suite/chrome/common/help/mailnews_security.xhtml')
-rw-r--r-- | l10n-en-GB/suite/chrome/common/help/mailnews_security.xhtml | 463 |
1 files changed, 463 insertions, 0 deletions
diff --git a/l10n-en-GB/suite/chrome/common/help/mailnews_security.xhtml b/l10n-en-GB/suite/chrome/common/help/mailnews_security.xhtml new file mode 100644 index 0000000000..3a9d78107e --- /dev/null +++ b/l10n-en-GB/suite/chrome/common/help/mailnews_security.xhtml @@ -0,0 +1,463 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- This Source Code Form is subject to the terms of the Mozilla Public + - License, v. 2.0. If a copy of the MPL was not distributed with this + - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> + + +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" + "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"[ + <!ENTITY % brandDTD SYSTEM "chrome://branding/locale/brand.dtd" > + %brandDTD; +]> + +<html xmlns="http://www.w3.org/1999/xhtml"> +<head> +<title>Signing & Encrypting Messages</title> +<link rel="stylesheet" href="helpFileLayout.css" + type="text/css"/> +</head> +<body> + +<h1 id="signing_and_encrypting_messages">Signing & Encrypting Messages</h1> + +<div class="contentsBox">In this section: + <ul> + <li><a href="#about_digital_signatures_and_encryption">About Digital + Signatures & Encryption</a></li> + <li><a href="#getting_other_peoples_certificates">Getting Other + People's Certificates</a></li> + <li><a href="#configuring_security_settings">Configuring Security + Settings</a></li> + <li><a href="#signing_and_encrypting_a_new_message">Signing & + Encrypting a New Message</a></li> + <li><a href="#reading_signed_and_encrypted_messages">Reading Signed & + Encrypted Messages</a></li> + <li><a href="#message_security_compose_window">Message Security - + Compose Window</a></li> + <li><a href="#message_security_received_message">Message Security - + Received Message</a></li> + </ul> +</div> + +<h2 id="about_digital_signatures_and_encryption">About Digital Signatures & + Encryption </h2> + +<p>When you compose a mail message, you can choose to attach your digital + signature to it. A <a href="glossary.xhtml#digital_signature">digital + signature</a> allows recipients of the message to verify that the message + really comes from you and hasn't been tampered with since you sent + it.</p> + +<p>When you compose a mail message, you can also choose to encrypt it. + <a href="glossary.xhtml#encryption">Encryption</a> makes it very difficult + for anyone other than the intended recipient to read the message while it is + in transit over the Internet.</p> + +<p>Signing and encryption are not available for newsgroup messages.</p> + +<p>Before you can sign or encrypt a message, you must take these preliminary + steps:</p> + +<ol> + <li>Obtain one or more <a href="glossary.xhtml#certificate">certificates</a> + (the digital equivalents of ID cards). For details, see + <a href="using_certs_help.xhtml#getting_your_own_certificate">Getting Your + Own Certificate</a>.</li> + <li>Configure the security settings for your email account. For details, see + <a href="mailnews_account_settings.xhtml#security">Configuring Your + Security Settings</a>. + </li> +</ol> + +<p>Once you have completed these steps, you can complete the instructions in + <a href="#signing_and_encrypting_a_new_message">Signing & Encrypting a + New Message</a>.</p> + +<p>The sections that follow provide a brief overview of how digital signatures + and encryption work. For more technical details on this subject, see the + online document + <a href="http://developer.mozilla.org/en/Introduction_to_Public-Key_Cryptography">Introduction + to Public-Key Cryptography</a>.</p> + +<h3 id="how_digital_signatures_work">How Digital Signatures Work</h3> + +<p>A digital signature is a special code, unique to each message, created by + means of <a href="glossary.xhtml#public-key_cryptography">public-key + cryptography</a>.</p> + +<p>A digital signature is completely different from a handwritten signature, + although it can sometimes be used for similar legal purposes, such as signing + a contract.</p> + +<p>To create a digital signature for an email message that you are sending, you + need two things:</p> + +<ul> + <li>A <a href="glossary.xhtml#signing_certificate">signing certificate</a> + that identifies you for this purpose. Every time you sign a message, your + signing certificate is included with the message. The certificate includes + a <a href="glossary.xhtml#public_key">public key</a>. The presence of the + certificate in the message permits the recipient to verify your digital + signature. + + <p>Your certificate is a bit like your name and phone number in the + phonebook—it is public information that helps other people + communicate with you.</p> + </li> + <li>A <a href="glossary.xhtml#private_key">private key</a>, which is created + and stored on your computer when you first obtain a certificate. + + <p>Your private key for a signing certificate is protected by your + <a href="glossary.xhtml#master_password">Master Password</a>, and the + &brandShortName; program does not disclose it to anyone else. The Mail + & Newsgroup software uses your private key to create a unique, + verifiable digital signature for every message you choose to sign.</p> + </li> +</ul> + +<h3 id="how_encryption_works">How Encryption Works</h3> + +<p>To encrypt an email message, you must have an + <a href="glossary.xhtml#encryption_certificate">encryption certificate</a> + for each of the message's recipients. The public key in each certificate + is used to encrypt the message for that recipient.</p> + +<p>If you don't have a certificate for even a single recipient, the + message cannot be encrypted.</p> + +<p>The recipient's software uses the recipient's private key, which + remains on that person's computer, to decrypt the message.</p> + +<p>[<a href="#signing_and_encrypting_messages">Return to beginning of + section</a>]</p> + +<h2 id="getting_other_peoples_certificates">Getting Other People's + Certificates</h2> + +<p>Every time you send a digitally signed message, your encryption certificate + is automatically included with the message. Therefore, one of the easiest + ways to obtain someone else's certificate is for that person to send you + a digitally signed message.</p> + +<p>When you receive such a message, the person's certificate is + automatically stored by the <a href="certs_help.xhtml">Certificate + Manager</a>, which is the part of the browser that keeps track of + certificates. This is useful because you need to have a certificate for each + recipient of any email message that you want to send in encrypted form.</p> + +<p>Another way to obtain certificates is to look them up in a public directory, + such as the <q>phonebook</q> directories maintained by many companies.</p> + +<p>It's also possible to look up certificates automatically. This feature + is controlled by + <a href="mailnews_preferences.xhtml#addressing_preferences">Mail & + Newsgroups Preferences - Addressing</a> or + <a href="mailnews_account_settings.xhtml#addressing">Mail & Newsgroups + Account Settings - Addressing</a>, which can be configured to look up + recipients' email addresses in a directory.</p> + +<p>When you are using any account that is configured to look up addresses in a + directory, the same directory will be searched for matching certificates when + you attempt to send an encrypted message to one or more recipients for whom + you don't have certificates on file.</p> + +<p>The directory will also be searched for missing certificates when you open + the drop-down menu below the Security icon in the Compose window and choose + View Security Info.</p> + +<p>[<a href="#signing_and_encrypting_messages">Return to beginning of + section</a>]</p> + +<h2 id="configuring_security_settings">Configuring Security Settings</h2> + +<p>Once you have obtained an email certificate (or certificates), you must + specify the certificates you want to use for signing and encrypting + messages.</p> + +<p>For information about obtaining email certificates, see + <a href="using_certs_help.xhtml#getting_your_own_certificate">Getting Your + Own Certificate</a>.</p> + +<p>To specify which signing and encryption certificates to use with a + particular account, begin from the Mail window:</p> + +<ol> + <li>Open the Edit menu and choose Mail & Newsgroups Account Settings.</li> + <li>Click Security under the name of the mail account whose security settings + you want to configure.</li> + <li>Under Digital Signing, click Select. (You may be asked to provide your + <a href="glossary.xhtml#master_password">Master Password</a> before you can + proceed further.) + + <p>A dialogue box appears that allows you to select from among your + available signing certificates.</p> + </li> + <li>Choose the signing certificate you want to use, then click OK.</li> + <li>Follow the same steps under Encryption: click the Select button, select + the encryption certificate you want to use, and click OK.</li> + + <p>In some cases you may be able to specify the same certificate under + Encryption that you specified under Digital Signing; check with your system + administrator to find out for sure.</p> +</ol> + +<p>Optionally, you can also indicate that you normally want to sign or encrypt + all messages sent from a particular account. These account-specific settings + are for convenience only; you can override the default settings for + individual messages.</p> + +<p>To configure your default signing and encryption settings, start from the + Security panel for the account (described above) and select your settings as + follows:</p> + +<ul> + <li>Under Digital Signing: + <ul> + <li><strong>Digitally sign messages</strong>: When this tickbox is + selected, all the messages you send from this account will be digitally + signed unless you indicate otherwise before you send the message. To + turn off this default setting, deselect the tickbox.</li> + </ul> + </li> + <li>Under Encryption (choose one): + <ul> + <li><strong>Never</strong>: When this option is selected, messages you + send from this account will be not be encrypted unless you indicate + otherwise before you send them.</li> + <li><strong>Required</strong>: When this option is selected, all the + messages you send from this account will be encrypted—but only if + you have valid certificates for each of the message's recipients. + If you don't have all the necessary certificates, the message + can't be sent unless you turn off encryption for that message.</li> + </ul> + </li> +</ul> + +<p>When you have finished configuring your mail security settings, click OK to + confirm them.</p> + +<p>[<a href="#signing_and_encrypting_messages">Return to beginning of + section</a>]</p> + +<h2 id="signing_and_encrypting_a_new_message">Signing & Encrypting a New + Message</h2> + +<p>Before you can digitally sign or encrypt any message, you must obtain at + least one email certificate and configure your mail security settings + correctly. For background information on these tasks, see + <a href="#about_digital_signatures_and_encryption">About Digital Signatures + & Encryption</a>.</p> + +<p>The settings specified in + <a href="mailnews_account_settings.xhtml#security">Mail & Newsgroups + Account Settings - Security</a> determine the default settings for each new + Compose window you open when you set out to write an email.</p> + +<p>To open a Compose window, start from the Mail window and click Compose. You + can immediately identify the default security settings from the presence or + absence of these icons near the lower-right corner of the window:</p> + +<table> + <tr> + <td><img src="chrome://messenger/skin/smime/icons/hdrSignOk.gif" + alt="digital signature icon"/></td><td>The message will be digitally + signed (assuming you have a valid email certificate that + identifies you).</td> + </tr> + <tr> + <td><img src="chrome://messenger/skin/smime/icons/hdrCryptoOk.gif" + alt="encryption icon"/></td><td>The message will be encrypted + (assuming you have valid certificates for all recipients).</td> + </tr> +</table> + +<p>To turn these settings off or on, click the arrow just below the Security + icon in the Mail toolbar near the top of the window. Then select the item you + want from the drop-down list:</p> + +<ul> + <li><strong>Do Not Encrypt This Message</strong>: Choose this to turn off + encryption for this message. The message will not be encrypted when it is + sent over the Internet.</li> + <li><strong>Encrypt This Message</strong>: Choose this to turn on encryption + for this message. The message will be sent in encrypted form. However, it + can't be sent unless you have valid certificates for all + recipients.</li> + <li><strong>Digitally Sign This Message</strong>: Choose this to turn digital + signing on or off for this message. A tick mark indicates the message will + be signed.</li> + <li><strong>View Security Info</strong>: Choose this to view detailed + information about the security status of this message—to help you + determine, for example, whether you need to obtain a certificate for one of + the recipients.</li> +</ul> + +<p>To view detailed information about the message's security status, you + can also click the key or lock icon as described in + <a href="#message_security_compose_window">Message Security - Compose + Window</a>.</p> + +<p>[<a href="#signing_and_encrypting_messages">Return to beginning of + section</a>]</p> + +<h2 id="reading_signed_and_encrypted_messages">Reading Signed & Encrypted + Messages</h2> + +<p>When you view a signed or encrypted message in the Mail window, these icons + near the upper-right corner of the message header indicate the security + status of the message:</p> + +<table> + <tr> + <td><img src="chrome://messenger/skin/smime/icons/hdrSignOk.gif" + alt="digital signature icon"/></td><td>The message is digitally + signed and has been validated. If there is a problem with the signature, + the pen is broken.</td> + </tr> + <tr> + <td><img src="chrome://messenger/skin/smime/icons/hdrSignUnknown.gif" + alt="unknown icon"/></td><td>The message is signed, but it has a + large attachment that has not yet been downloaded from the IMAP server. + As a result, the signature cannot be validated. Click the icon to + download the attachment and validate the signature.</td> + </tr> + <tr> + <td><img src="chrome://messenger/skin/smime/icons/hdrCryptoOk.gif" + alt="encryption icon"/></td><td>The message is encrypted. If there + is a problem with the encryption, the key is broken.</td> + </tr> +</table> + +<p>For information about certificate validation, see + <a href="using_certs_help.xhtml#controlling_validation">Controlling + Validation</a>.</p> + +<p>To see more detailed information about the message's security, click + the key or lock icon, or follow the instructions in + <a href="#message_security_received_message">Message Security - Received + Message</a>.</p> + +<p>[<a href="#signing_and_encrypting_messages">Return to beginning of + section</a>]</p> + +<h2 id="message_security_compose_window">Message Security - Compose Window</h2> + +<p>This section describes the Message Security window that you can open for any + message you are composing. If you're not already viewing Message + Security, click the Security icon in the toolbar of the Compose window.</p> + +<p>The Message Security window describes how your message will be sent:</p> + +<ul> + <li><strong>Digitally Signed</strong>: This line describes whether your + message will be signed. There are three possibilities: + <ul> + <li><strong>Yes</strong>: Digital signing has been enabled for this + message, you have a valid certificate identifying you, and the message + can be signed.</li> + <li><strong>No</strong>: Digital signing has been disabled for this + message.</li> + <li><strong>Not possible</strong>: Digital signing has been enabled for + this message. However, a valid + <a href="glossary.xhtml#certificate">certificate</a> identifying you + for this purpose is not available, or there is some other problem that + makes signing impossible.</li> + </ul> + </li> + <li><strong>Encrypted</strong>: This line describes whether your message will + be encrypted. There are three possibilities: + <ul> + <li><strong>Yes</strong>: Encryption has been enabled for this message, + valid certificates for all listed recipients are available, and the + message can be encrypted.</li> + <li><strong>No</strong>: Encryption has been disabled or is not possible + for this message.</li> + <li><strong>Not possible</strong>: Encryption has been enabled for this + message. However, a valid certificate for at least one of the listed + recipients is not available, or no recipients are listed, or there is + some other problem that makes encryption impossible.</li> + </ul> + </li> +</ul> + +<p>When you compose a message and select a different account, the signing + and encryption preferences are updated to reflect the settings of + the newly selected account.</p> + +<p>The Message Security window also lists the certificates available for the + recipients of your message:</p> + +<ul> + <li><strong>View</strong>: To view the details for any certificate in the + list, select its name, then click View.</li> +</ul> + +<p>For more information about obtaining certificates and configuring message + security settings, see <a href="#signing_and_encrypting_messages">Signing + & Encrypting Messages</a>.</p> + +<p>To indicate your signing or encryption choices for an individual message, + click the arrow beside the Security button in the Compose window, then select + the options you want.</p> + +<p>To indicate your default signing and encryption preferences for all + messages, see <a href="mailnews_account_settings.xhtml#security">Mail & + Newsgroups Account Settings - Security</a></p> + +<p>[<a href="#signing_and_encrypting_messages">Return to beginning of + section</a>]</p> + +<h2 id="message_security_received_message">Message Security - Received + Message</h2> + +<p>This section describes the Message Security window that you can open for any + message you have received. If you're not already viewing Message + Security for a received message, follow these steps:</p> + +<ol> + <li>In the Mail window, select the message for which you want to view + security information.</li> + <li>Open the View menu and choose Message Security Info.</li> +</ol> + +<p>The Message Security window displays the following information:</p> + +<ul> + <li><strong>Digital Signature</strong>: The top section describes whether the + message is digitally signed and if so, whether the signature is valid.</li> + + <p>If validation failed while OCSP was enabled, check the OCSP settings in + <a href="certs_prefs_help.xhtml#privacy_and_security_preferences_certificates">Privacy + & Security Preferences - Certificates</a>. If you are not familiar with + OCSP, confirm the settings with your system administrator. If your settings + are correct, there may be a problem with the OCSP service or the + certificate used to create the signature is no longer valid.</p> + + <p>If the signature is invalid because of a problem with a certificate's + trust settings, you can use the <a href="certs_help.xhtml">Certificate + Manager</a> to view or edit those settings.</p> + + <li><strong>View Signature Certificate</strong>: If the message is signed, + click this button to view the certificate that was used to sign it.</li> + <li><strong>Encryption</strong>: The bottom section reports whether the + message is encrypted and any decrypting problems. + <ul> + <li>If the message's contents have been altered during transit, you + should ask the sender to resend it. The changes may have been caused by + network problems.</li> + <li>If a copy of your own certificate (used by the sender to encrypt the + message) is not available on your computer, the private key required to + decrypt the message cannot be retrieved. The only solution is to import + a backup copy of your certificate and its private key (see + <a href="certs_help.xhtml#your_certificates">Your Certificates</a> for + details.) If you don't have access to a backup certificate, you + will not be able to decrypt the message.</li> + </ul> + </li> +</ul> + +<p>[<a href="#signing_and_encrypting_messages">Return to beginning of + section</a>]</p> + +</body> +</html> |