The Accounts window lists your secured email accounts.
Use this function to secure an email address for the first time. If you want
to add an existing Ciphire Account to your Account window, you should use the
Import function.
During the account creation, your email address is shown in grey and italics in the Accounts window. When the Account Creation is completed, the Ciphire Account is displayed in black.
After disabling your Ciphire account you will no longer be
able to sign or encrypt emails for this account.
The Import function allows you to add existing Ciphire Accounts, created on other computers, to the Ciphire Accounts list on this computer.
This option is currently not activated.
You may renew your certificates at any time. This is recommended if you have
reasons to believe that your account data was compromised. To ensure that no
unauthorized person can sign, encrypt and decrypt sensitive data, you can renew
the certificates of your email accounts.
This window show the status of the account selected in the Account list. Normal Ciphire Accounts are labeled as "Active Certificate". One of your Ciphire Accounts is your "Primary Account". By default, it is the first email address you secured. In this window, you can choose a security strategy for the selected Ciphire Account.
First select a Ciphire Account in the Accounts window, then use the drop-down menus to select your preferred encryption and signing settings for this account. The following options are available:
Refuse unencrypted | Ciphire Mail ensures that every email leaving your computer gets encrypted by Ciphire Mail. Message encryption requires the recipient to have a valid Ciphire Account. If the recipient does not have a valid Ciphire Account, Ciphire Mail warns you that the email will not be transmitted, as it cannot be encrypted. |
Warn if unencrypted |
Ciphire Mail checks if the recipients of the email has a valid Ciphire Account. If yes, Ciphire Mail automatically encrypts the email before sending it. If not, Ciphire Mail warns you that the email is about to be sent unencrypted, and lets you chose to continue or cancel email sending. |
Try to encrypt | Ciphire Mail checks if the recipients of the email has a valid Ciphire Account. If yes, Ciphire Mail automatically encrypts the email before sending it. If not, the email is not encrypted and sent plain text. |
Never encrypt | Ciphire Mail does not encrypt emails sent from this email address. Your communications from this account are unsecured (plain text transmissions). |
Never sign | The email you send from this email address is not digitally signed by Ciphire Mail. The recipient of the email cannot be sure that you sent exactly that email. You or the recipient cannot prove to third parties that this email communication took place. |
Always sign | The email you send from this email address is digitally signed by Ciphire Mail. The recipient can be sure that you sent exactly this email. You and the recipient can prove to third parties that this email communication took place. |
The Ciphire Mail client is installed with the following default strategies:
The account data of the primary account is used to encrypt uploaded emails to IMAP folders. You will need this account data to decrypt these emails in the future. Therefore, it is important that you always backup the account data of your primary account. If you do not use IMAP, or do not encrypt the emails uploaded to your IMAP server, the choice of the primary account does not matter.
By default, your primary account is the first email address you secured. If you have more than one valid Ciphire Account, you can choose which one should be your primary account. Select the appropriate Ciphire Account in the Account list and click the [Set as primary] button. The primary account is in bold characters.
During the installation of Ciphire Mail you chose a passphrase. Unless you chose to "Remember passphrase", you enter this passphrase every time you start Ciphire Mail. You can change it by using this function:
You can set general security strategies by account (see the Account Options). In addition, you can define encryption and signing settings by recipient. The individual recipient encryption or signing setting prevails over the general setting.
For example, you could have the following settings: your.first.account@example.com is set to "Try to encrypt"; your.second.account@example.com is set as "Never encrypt". Besides, you want to be sure to always encrypt your messages to Alice. Use the Individual Recipient Strategies to set the encryption for alice@example.com to "Refuse if unencrypted".
Click the button [Individual Recipient Strategies].
Enabling chain signing means that Ciphire Mail will not strip signatures out of incoming emails. If you forward these emails,
the original signature will still be in, and (if enabled) your own signature will sign the complete mail including the old signature.
A recipient can check the validity of both the original message with the old signature (if all of it is still in the message) and the complete new message with your signature.
The default for chain signing is off, this removes the signature from each incoming message.
You may choose to archive all your signatures and security reports in monthly log files. Every email sent or received will get listed, with their signatures and security report (if available). The log can be used as a proof, even to third parties.
These log files can be found in the user directory of your Ciphire Mail installation. On Windows systems: Documents and Settings - [your personal folder] - Application Data - Ciphire - logs
Choose whether Ciphire Mail should mark the emails you send. When checked, Ciphire Mail adds a tag to your outgoing emails to indicate how they were sent.
There are 2 possibilities to mark your outgoing mails:
It is recommended to leave this box checked to allow best performance of Ciphire Mail System.
When unchecked, Ciphire Mail hides any information indicating the security level of received emails.
When checked, Ciphire Mail marks incoming emails in the one of the following manners:
When checked, Ciphire Mail marks incoming emails with a [u] when they are
received unsecured (neither encrypted nor signed).
By default, this box is unchecked: Ciphire Mail does not mark incoming emails
when they are received unsecured.
When checked, Ciphire Mail a detailed security report to the emails you receive.
An email from a non-Ciphire Mail-User shows the following message:
* Message was not encrypted.
The example below shows the report attached to a message sent by alice@example.com to bob@example.com and copied to carol@example.com with the attachment biography.doc.
--------------------Begin Ciphire Report------------------------ + Ciphired message was decrypted. + FPL cross check succeeded. + Body was signed by 'alice@example.com' for 'bob@example.com, carol@example.com. Signature is valid. + Attachment "biography.doc" was signed by 'alice@example.com' for 'bob@example.com,carol@example.com'. Signature is valid. + Signature was removed from the body. --------------------End Ciphire Report-------------------------- |
In Detail:
This button resets security report settings to their default values:
When checked, Ciphire Mail checks if the sender and the recipients of the emails you receive are also Ciphire users. When they are, Ciphire Mail marks their name or email address with a [c].
In normal mode, Ciphire Mail performs these checks only for encrypted and/or signed emails. In always mode, all emails are checked.
When checked, Ciphire Mail checks if the recipients of the emails you send are also Ciphire users. When they are, Ciphire Mail marks their name or email address with a [c].
Ciphire Mail can encrypt the emails you store on your IMAP server. If you select encrypted, Ciphire Mail will use the account data of your primary account to encrypt the messages you upload to your IMAP server. Therefore, you will need Ciphire Mail and your account data to decrypt these messages in the future: do not use the Delete old Account Data.
This feature is currently not available. It will allow you to store your private account data in a different location.
This button will delete all old account data (keys) from your database. It is recommended not to use if you recently renewed a Ciphire Account or if you use IMAP.
When you recently renewed one of your Ciphire Accounts, you may keep receiving encrypted emails from Ciphire users who have your former Data in their cache. You will not be able to read these emails after using this function. Therefore, it is not recommended to use this function after renewing an account.
If you have emails on your IMAP server that were encrypted with old account data, you will not be able to read them anymore after using this function.
By default, you need to enter your Ciphire passphrase only when Ciphire Mail is started. If you would like to increase the level of security, you can require Ciphire Mail to prompt for the Ciphire passphrase more often. Use the scroll-bar to set a new timeout. If you change the timeout you need to restart Ciphire Mail for the change to take effect.
Click this button to bring back the passphrase timeout value to "Never". You will be asked to enter your Ciphire passphrase when Ciphire Mail is started only.
When you first secure an email address, this first certificate will be valid for one month.
This first short time period has been set for your security, to avoid fraud, and in order to keep the central certificate database clear of dummy and testing certificates.
After the first Certificate Renewal your second certificate lasts 12 months and has to be renewed only once a year (by default). This process is similar to that of a passport that has to be renewed on a regular basis. Additionally this keeps the central database up-to-date and thus ensures maximum performance.
In Interactive mode, Ciphire Mail will warn you when your certificate is about to expire. You can then choose to renew your Ciphire Account immediately or later.
In Automatic mode, your Ciphire Accounts are renewed automatically every period, as set in the Renewal Interval.
This sets how often you would like your Ciphire Accounts to be renewed. By default, Ciphire Accounts are renewed yearly.
A fingerprint is the unique unforgeable representation of a certificate. A fingerprint is generated every time a certificate is created, renewed or revoked. The entirety of these fingerprints is referred to as the Fingerprint List (FPL). To ensure that nobody, not even Ciphire Labs, can forge or modify certificates or account data, the FPL is globally published and crosschecked between Ciphire users. Thereby all users have the proof that they share the same knowledge about the entirety of the accounts in the Ciphire System.
Verifying the integrity of the Ciphire system requires you to download fingerprint list data. To minimize overhead traffic flow and economize the use of bandwidth, you can select different verification modes:
Full |
The full mode is only useful for high traffic use (gateway solutions) in the range of several hundred email communications with different users every day. At the end of each time interval, Ciphire Mail downloads all FPLs, including the final hash of all lists and the cross FPL hash. |
On Demand |
This is the default and recommended setting. Ciphire Mail checks the FPLs only when an email is sent or received, and it checks only those list entries containing the certificate of the email recipients. |
Minimal |
You should select this option when bandwidth is limited. Ciphire Mail checks only your own and the authority certificates. |
A certificate chain is the continuous set of valid certificates published for one Ciphire Account (from its initial certificate to the latest valid certificate, if the account was never disabled).
You have two different possibilities to check the certificate chains of your contacts:
Predecessor |
The system only checks the current and previous certificate of the Ciphire Accounts. |
Full Chain |
Ciphire Mail checks the full certificate chain of the Ciphire Accounts. |
This option lets you define for how long Ciphire Mail will cache (store & remember) your contacts' Ciphire Account information. This saves bandwidth, as Ciphire Mail will automatically remember the information needed to secure emails with recent contacts. If you have a slow Internet connection, it is recommended to increase the caching time.
The default caching period is 44 hours.
These options let you choose how Ciphire Mail will remain up to date.
If you leave the box unchecked, Ciphire Mail does not automatically check for available software updates. In this case, you will need to manually update your software via the [Update Now] button on the right.
Having the box checked lets you decide between different ways to update Ciphire Mail:
Notify |
Ciphire Mail notifies you when a new version of the software is available and ready for download. |
Interactive |
Ciphire Mail automatically downloads the newest software version and notifies you about the newly available update. You can then choose to install the new version automatically. |
Automatic |
Ciphire Mail automatically downloads the newest software version and installs it automatically during the next restart of your system or when you login. |
This section of the network lets you manage connectivity to the Ciphire Servers.
This section lets you manage your internet connectivity.
In some restricted networks, your system administrator may have set up proxies that allow your access to the internet. Your system administrator either supports you with an Automatic Proxy Configuration URL or with an IP and Port number. Please enter these values in the appropriate fields. If you do not know about any http proxy server leave these fields empty.
Ciphire Mail automatically searches these values from your operating system. If they can be detected, these fields are already be filled with the correct values.
This timeout defines how long Ciphire Mail will wait for the server or network to receive or send data. With a slow connection, it is recommended to increase the timeout value.
The default timeout value is 25 seconds.
Select the ports and protocols to be used for your email communications. By default the following protocols are selected:
SMTP (Simple Mail Transfer Protocol) |
for outgoing mails |
POP3 (Post Office Protocol) |
for incoming mails |
SSMTP (Secure Simple Mail Transfer Protocol) | for outgoing mails |
SPOP3 (Secure Post Office Protocol) |
for incoming mails |
IMAP (Internet Message Access Protocol) |
for incoming mails |
SIMAP (Secure Internet Message Access Protocol) |
for incoming mails |
You can turn these protocols on and off by checking or unchecking the marks in the Active column.
To add a new port to the list, click [Add], fill in the port of your choice and select the appropriate protocol. Confirm by clicking [OK].
Please make sure that the redirector is activated for every port used by your system for email transport.
When checked, Ciphire Mail displays a small window in the lower right corner of your screen, informing you of the operational steps Ciphire Mail is performing.
When checked, the Ciphire Mail icon is removed from your task bar.
When checked, the Ciphire Mail icon in your task bar animates itself depending on the operations performed by Ciphire Mail.
This feature is not available in the current version of Ciphire Mail.