This entry is a user-made guide and not verified by any eMule developer, but is still a helpfull addition for most users. You you can find questions and comments on this topic in a dedicated thread on our forum.
Ive spent "sometime" figuring out how to actually get the notification encryption to work and i finally got it few days ago. I thought i share my finding here...
This "guide" will show how to setup self-signed certificate and use it to encrypt notification emails. Also ill be showing how to read these encrypted emails with Thunderbird. Note that im using Windows XP Professional.
Im assuming that you already got the email notification configured and working without the encryption.
First thing you need is to get a program that creates self-signed certificates. I used sylikc.NET Self-Signed Certificate (url below). Ill be using this tool as its has GUI etc. but theres intructions, along with the program download, in the page how to do the same thing with OpenSSL.
http://secure.sylikc.net:8080/self_signed/index.old.php#sscc
Install/extract the program and make sure you have .NET installed, you probably notice if you dont have it installed. Start the program. For me at least it shows a "warning" window telling me that im running this program standalone etc., just click OK.
You should see now two windows and on the right theres buttons for "simple mode" and "advanced mode". Pick the "advanced mode".
Now on the left window we'll start filling up the nessary information starting with the CA password. This is up to you but you have to remember these password(s) because you need them later on. However, to keep it simple, i picked one password for all the fields. Yes, not exactly secure but works fine for testing purposes.
Next is the country name (code), put whatever you want here. I dont think theres any real use for this in our case. Also the state or province name seems to be non-important as well but its required so put whatever you want there as well.
The organization name has some use as at least Thunderbird lists all the certificates by using these so pick something that starts with the letter A or a number so that its high above in the list so you dont have to go through the whole list of certificate authors. Use something like "Absolutely Nothing" or whatever.
Common name needs to be something different from our "self-signed certificate" name so lets use something simple like "Emule CA"(without the quotes). Use that for now. Once you get things working you can do this all over again and pick whatever you want but for now lets use that.
Now you should have all the required "Certificate Authority(CA)" fields filled, next is the "Your Self-Signed Certificate". Press the "Use same input as above" button on the so that we can add different information for the fields below. eg. the button should be in the "off" position or not pressed.
Cert Password, same as before, pick something you can remember or for testing use same password that you used for "CA password". Only required field besides the password is the common name, for now use "Emule SSC" (without the quotes). Keep the other fields empty in this section.
In the Export Settings pick a password for this one, for now just use the same password as for all the other password fields. Set the PKCS file name to "emulecert.p12" and save it to the directory where you extracted/installed the program. Number of years before certificate expires can be whatever you want, i used the maximum, 10 years. For Certificate name use something like "Emule Cert" or "Emule Encryption Cert", whatever.
Note that you can save the settings to a file so you can do this again easily later on. Only thing that will be erased are the passwords. Now press GO button. You should now have the "emulecert.p12" created along with the "ca_cert.crt" file, you need to keep these two safe. eg. copy these two files somewhere.
You have now created a self-signed certificate, next thing is to install it to the computer that is running Emule and then test it. To do this, get the .p12 file to the computer that has the Emule and copy the .p12 file to that computer. To install the certificate, right click (double clicking should work also) on the file and pick "Install PFX".
If for some reason you dont have this option visible, go to your start menu and choose "Run". Now type "certmgr.msc" (without the quotes). You should now see the "Certificates" window. Next select one of the certificate categories from the left side, for example the "personal" and then right click on it (or press the action button above), then select All Task and Import. Press next and then browse the "emulecert.p12" file and select it. You need to now type in the "private key" password. Make sure you check the "Mark this key as exportable" option, just in case.
In the "Certification Store" window, select the "Place all certificates in the following store". Find and select the "Other people". Note that for some reason i initially didnt have this option visible, no idea how i got it there. Anyways, just press next and then finish. The certificate is now installed to the "addressbook", in other words the "other people", store.
To make sure that the certification is really installed, close the "Certificates" window and restart it (Start menu->Run->"certmgr.msc"). Find the "other people" store and select certificates. You should see "Emule CA" and "Emule SSC" certificates.
Now all you need is to edit the Emule preferences.ini file in the "Emule\config\" directory and add/edit the "NotifierMailEncryptCertName=Emule SSC" (w/o quotes) line below the [Emule] tag. You have to restart the Emule before this works. To test this, start Emule and pick the "verbose" (below next to the log tab). If you dont have this, turn it on from Options->Extended->"Verbose". When you get that working, go to Options->Notifications and press the Test button. You should now see some information shown in the verbose display. If the text isnt red, then i think you are doing ok. If theres no warnings or anything, you should now have the encryption working.
Next thing is to configure Thunderbird so that you can read/decrypt the messages. Note that email subject line are never encrypted.
Start Thunderbird and go to Options->Privacy->Security->"View Certificates. First you have to import certificate to the "Authorities" or else it wont work. So select "Authorities" and press "Import" button. Now you need the "ca_cert.crt" file that we copied earlier along with the .p12 file. Find and select the .crt file. You should now have "Downloading Certificate" window. Check the "Trust this CA to identify email users" and press OK. You should now see the certificate added to the list, look for the organization name you gave for the certificate.
Next select the "Your Certificates" and click "Import". Now find and select the "emulecert.p12" file we created. It will ask for a password. I think this is a password that it asks when you first time try to import certificate so im not exactly sure. However, you can change the password from Options->Privacy->Security->"Security Devices" and select the "Software Security Device". If you manage to enter all the passwords correctly you should now have the decryption working. After the "Software Security" password, it asks for the certificate password and its done. You SHOULD be able to read the encrypted emails now.
For Outlook people, perhaps there useful info here... http://secure.sylikc.net:8080/self_signed/outlook.php?SSCC
Sources: http://kb.mozillazine.org/Installing_an_SMIME_certificate http://redirect.sylikc.net:8080/
The sylikc page seems to be down at the moment... |