Internet Message Access Protocol (IMAP) is an application layer protocol that is used by an email client to retrieve email from a remote server. IMAP allows mails to be saved in the server until the user explicitly deletes them. This allows multiple clients to function on the same user account.
Trojita is a lightweight, fast IMAP e-mail client that can be used for mobile devices. It is a single threaded application. It is built following a model-view-controller design pattern. Trojita makes use of the concept of tasks where the main goal to be reached is achieved though various smaller tasks. Basically a division of responsibility happens when a particular work has to be done.There are many advantages associated with Trojita compared to other email clients.
Lazy loading is one such feature. You can load only a part of the message. Consider a mail containing a message body and a large picture attached to it. If you want only the message to be loaded, it possible in Trojita. Also, any data that are downloaded once are stored in the cache so that you can access them offline
In Trojita, graphical presentation layer or the GUI is built on top of Qt’s QML(Qt Meta Language) which is highly favorable for touch-centric devices. Trojita consists of mechanisms for avoiding phishing attacks and also for keeping an enforcement to maintain the confidentiality of the user’s messages.
Trojita also performs regression testing to tackle issues related to performance, usability, scalability etc. Trojita makes use of Valgrind tool for obvious memory regression tests. It also tries to issue the IMAP commands in parallel whenever possible which improves performance rates especially in presence of excess network round trip times.
If you want to explore more about Trojita and its cool features, download it on your system and start using. Here are the few steps that will help you to get started with Trojita :
Clone the source your machine and follow the steps to build Trojita.
$ git clone git://anongit.kde.org/trojita $ mkdir _build; cd _build $ qmake CONFIG+=debug ../trojita.pro $ make -j4
To run Trojita,
Following are the primary security features that any security system must offer. The intensity of each feature can be varied based on the application. The first four features are explained based on a situation where you want to send a confidential message to your friend. A digital signature ensures all of the following (first four) services. Here the message along with its hash is encrypted with the public key of the receiver as well as the private key of the sender. The receiver can decrypt it with the public key of the sender as well as his own private key and check the hash.
1. Confidentiality : Maintaining secrecy. The message must not be seen by anyone else other than your friend. Encrypting the message is one way to ensure confidentiality.
2. Integrity: No tampering. The message send must not be changed by an intruder in between. To detect this, the hash of the original message is sent along with the message. Once the receiver receives the message, he can take the hash of the received message and check it with the hash received. If it doesn’t match, it shows that the message is tampered.
3. Authentication: The sender as well as the receiver is identified with credentials like username and passwords and can’t impersonate someone else.
4. Non-repudiation: Once the message is sent, the sender can’t deny that he the message is sent my him. This can be ensured by encrypting the message with the private key of the sender so that the receiver can check that by decrypting it with the public key of the sender.
5. Authorization: This is to ensure that a particular user is granted the privilege that he is intending to use. For example, a member in a google group can post comments, and send mails. But he is not authorized to add or remove other members. Only a manger can do that.
6. Availability: The system must be usable for everyone. Security by obscurity is not the right practice. It can go obsolete very fast. A security system must not stay out of reach of users to keep it secured. It must not be closed. It has to be made available to users to use without any difficulties.
Our computer encounters a lot of traffic when connected to the Internet. Firewalls are used to control the flow of packets to and from our machines. Iptable is a firewall that is installed in all distributions of Linux machines by default. One can make their system secure by configuring the iptables properly. Uncomplicated Firewall (UFW) is a tool for default firewall configuration set up. This improves the ease of using iptables. But UFW is disabled by default and can be enabled as follows.
$ sudo ufw enable
Linux machine can be configured as a router. When a new packet arrives at the router, it consults the routing table where it is compared with the stored IP address and destination IP address of the packet. The packet is accepted by the operating system, only if the packet matches with any of the configuration set in the OS. Based on the configuration rules in the firewall as the INPUT, OUTPUT, and FORWARD, the system will accept or block the packet. If you want to set up you Linux system as a router, give the following command.
echo -n 1 | /proc/sys/net/ipv4/ip_forward
Now let us get into iptables. In iptables, rules are set as chains. Each chain has a list of rules. Also, each rule has matching criteria and action. Each chain has a default policy like ACCEPT/DROP and a list of rules. If none of the rules matches, the default policy is enforced. There are three primary chains :
- INPUT (takes packet)
- OUTPUT (gives out packet)
- FORWARD (takes input through one interface and forward through another)
Try entering the following in your Linux machine.
$ sudo iptables -L
You will find an output as follows :
Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination
Now if you want to add a specific rule you can add as follows.
$sudo iptables -A INPUT -p tcp --dport ssh -j ACCEPT
A : Append to a chain (INPUT here)
p : Protocol can be specified
dport : The specific port number or a range of port numbers as start:end can be specified.
j : jump target
The above command adds a rule to allow all incoming traffic on the default ssh port. Similarly you can also drop the packets that you want to block from entering your system.
$ sudo iptables -A INPUT -j DROP
This will block all the packets other that tcp packets from entering your machine.
Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:ssh DROP all -- anywhere anywhere
In a similar way you can add more rules to control the traffic. But one important thing to keep in mind is that this should not forbid you from desired packets to get dropped. The sequence in which the rules are mentioned plays an important role.
This article introduces Valgrind, a dynamic instrumentation framework to detect memory errors. The MemCheck tool, which comes as a part of the Valgrind framework, is used for this purpose. Throughout this article, the use of the term Valgrind implies the
Valgrind MemCheck tool.
This article got published in Linux For You (now known as Open Source For You), February edition, 2013.
Some of the key concepts of information security includes confidentiality, integrity, availability, authenticity and non-repudiation.  Digital signature is an efficient way maintaining integrity, authenticity and non-repudiation.
A digitally signed message ensures that the message is sent by a known sender(authenticity), without any alternation(integrity) and the sender cannot deny that he send the message(non-repudiation).
This post is about how to verify digital signatures by checking the signature of linux kernel using GPG (GNU Privacy Guard). Follow the steps for the verification.
1. Download linux kernel
$ wget https://www.kernel.org/pub/linux/kernel/v3.0/linux-3.1.5.tar.xz
2. Download the signature
$ wget https://www.kernel.org/pub/linux/kernel/v3.0/linux-3.1.5.tar.sign
3. The signature is for .tar and thus remove the .xz from linux kernal by uncompressing it.
$ unxz linux-3.1.5.tar.xz
4. Now, verify the .tar file using the signature using the gpg command.
$ gpg --verify linux-3.1.5.tar.sign gpg: Signature made Fri 09 Dec 2011 12:16:46 PM EST using RSA key ID 6092693E gpg: Can't check signature: public key not found
5. Inorder to verify the signature, download the public key from the PGP server
</span> $ gpg --recv-keys 6092693E gpg: requesting key 6092693E from hkp server subkeys.pgp.net gpg: key 6092693E: public key "Greg Kroah-Hartman (Linux kernel stable release signing key) <email@example.com>" imported gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model gpg: depth: 0 valid: 3 signed: 1 trust: 0-, 0q, 0n, 0m, 0f, 3u gpg: depth: 1 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 1f, 0u gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1)
7. Rerun the previous command to run
$ gpg --verify linux-3.1.5.tar.sign gpg: Signature made Fri 09 Dec 2011 12:16:46 PM EST using RSA key ID 6092693E gpg: Good signature from "Greg Kroah-Hartman (Linux kernel stable release signing key) <firstname.lastname@example.org>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 647F 2865 4894 E3BD 4571 99BE 38DB BDC8 6092 693E
This shows that the downloaded version of the kernel is untrusted. There is no indication that the signature belongs to the owner. This checking is thus very essential so that you don’t end up using the wrong downloads. It is always important to do signature verification before you start using anything. Keep yourself safe in the Internet.
GNU Privacy Guard (GPG) is a tool to provide encryption and signing services for transferring data securely. This post is about generating a public-private key pair for encrypting and decrypting a message. GPG generates a public key of the size preferred by you for a given email id, and a pass-phrase which is the private key.
Generating the Key pair
It is very simple to generate a key pair in GPG. Follow the instructions
$ gpg --gen-key
Then you get the following
gpg (GnuPG) 1.4.11; Copyright (C) 2010 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Please select what kind of key you want: (1) RSA and RSA (default) (2) DSA and Elgamal (3) DSA (sign only) (4) RSA (sign only) Your selection? 1 [Select any option] RSA keys may be between 1024 and 4096 bits long. What keysize do you want? (2048) 2048 Requested keysize is 2048 bits Please specify how long the key should be valid. 0 = key does not expire = key expires in n days w = key expires in n weeks m = key expires in n months y = key expires in n years Key is valid for? (0) 2w [You can select any based on the time limit you want] Key expires at Wed 16 Jan 2013 05:22:13 PM IST Is this correct? (y/N) y You need a user ID to identify your key; the software constructs the user ID from the Real Name, Comment and Email Address in this form: "Heinrich Heine (Der Dichter) " Real name: Priya Email address: email@example.com Comment: (Trial Key Pair) Invalid character in comment Comment: Trial Key Pair You selected this USER-ID: "Priya (Trial Key Pair) " Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o You need a Passphrase to protect your secret key. gpg: problem with the agent - disabling agent use We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. .....+++++ ....+++++ gpg: key 68A4DDFE marked as ultimately trusted public and secret key created and signed. gpg: checking the trustdb gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model gpg: depth: 0 valid: 3 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 3u gpg: next trustdb check due at 2013-01-04 pub 2048R/68A4DDFE 2013-01-02 [expires: 2013-01-16] Key fingerprint = E2C2 22B4 F94E 5569 F5FE 48D1 94E5 A4F4 68A4 DDFE uid Priya (Trial Key Pair) sub 2048R/370B0DB3 2013-01-02 [expires: 2013-01-16]
The pass-phrase you entered is your private key.
Exporting the public key
gpg --export firstname.lastname@example.org > priya1111-pub.gpg
This file will contain the public key. If you want to get the Public key in ascii, give
gpg --armor --export email@example.com > priya1111-pub-asc.gpg
Importing Public Key
gpg --import firstname.lastname@example.org <filename>
Encrypting a file
Consider you want to encrypt the file sun.txt and send it to Priya
Give the command as follows
$ gpg --recipient priya_key --armor --encrypt sun.txt
Here priya-key contains the public key of email@example.com. The above commands generates a file
sun.txt.asc which is the encrypted file. You can send this file through gmail securely as it
is in the encrypted format
Decrypting a file
You can decrypt the file with your private key.
gpg --decrypt sun.txt.asc > sun.txt
You will get the decrypted file.
There are ways to add signature to your file using the public key. You can even add photo ID as a part of the signature. You can refer the following link if interested.