Penango - secure emails

Penango - secure emails

Penango is a successor to free Firefox extension Gmail S/MIME, which let’s you send encrypted emails using Gmail, Google Apps mail and Zimbra. As Google Apps or Gmail is not HIPAA complaint though it is running over Secure HTTP (HTTPS) protocol.

It comes as a Firefox, Maxthon and Internet Explorer extension.

Unlike Gmail S/MIME extension for Firefox, Penango is not going to be free but if you want to send signed emails (using email certificate) which are encrypted then I don’t see any other alternates for Gmail or Google apps users.

See Penango’s seamless integration with Gmail service, you can easily setup this for your Google apps email account too.

Penango's seamless integration with Gmail

Penango's seamless integration with Gmail

What all you need is download Penango extension for your browser and get free email certificate. That’s it you’r ready to go. So far I am not sure about the licensing or pricing policies as Penango has not been publicly available so far.

Here I am providing you download information I have received while signing up for trial, you can either go and sign-up yourself or download Penango extension for your browser.

Download Penango from following location for your browser:

Hello Penango Users:

The browser wars are heating up. So, not to leave out all you IE users, guess what you get? That’s right–IE 9 RC support less than 48 hours after it was released. Happy Valentine’s Day!

Penango 1.6.0  for Firefox is released.

Penango 1.6.0 for Internet Explorer is released.

Internet Explorer (6-9 RC):
32-bit version:

64-bit version:

Maxthon 2 Add-on:

32-bit and 64-bit Per-User BHO Package:

This is a regular release. If you already have Penango installed,
automatic update will occur within 24 hours.

This is a regular release. As a reminder, Penango for Internet Explorer does not have automatic updates yet, but can be administratively managed and deployed.

1.5-1.6 Highlights of New and Changed Features
* Added support for *Firefox 4 (latest betas)* and *Internet Explorer 9 Beta and RC*.
* Improved SMTP and proxying capabilities in Gmail.
* Improved user experience for the latest versions of Zimbra (6-7).
* Improved stability of the extension in IE.
* Improved internationalization and localization support.
* Recognized additional CAs and improved PAG rendering.
* Added support for SeaMonkey 2.1 and Zimbra Desktop 2.
* Made internal improvements.
* Added additional licensed sites.

New and Changed Features (1.6.0 from 1.5.7):
* Added support for *Firefox 4*! Penango now works with Firefox 4. Beta 10, Beta 11, and the trunk have been tested.
NB: Because Firefox 4 is not final, Firefox 4 compatibility is not guaranteed and no official support is provided.
* Added support for *IE 9 Release Candidate*! Penango now works with Internet Explorer 9 Release Candidate, both 32-bit and 64-bit. Various compatibility shims were added.
NB: Because IE 9 is not final, IE 9 compatibility is not guaranteed and no official support is provided.
* Added support for Zimbra Desktop 2 (specifically 2.0.1) on a temporary basis.
* Improved general SOCKS proxying support for Gmail SMTP on both Firefox and IE.
This feature is an advanced feature, and may not work in all environments or configurations. Contact Penango if SOCKS proxying is a requirement for your deployment.
* Fixed repeated stylesheet applications in IE, which would cause exceptions in IE over time.
* Added MLD Technology™ for automatic link detection in Gmail for plain text messages. When Penango processes plain text in signed or encrypted messages, Penango will magically detect URLs and URNs, adding links inside of the message bodies. A wide variety of URI schemes are supported, from http(s) to callto, tel, fax, ymsgr, urn:ietf, sip(s), and more.
* Resolved certain technical issues in Zimbra 7 by adding support for address bubbles (_useAcAddrBubbles) in ZmAddressInputField when composing messages.
* Fixed NULL pointer problems.
* Fixed minor bugs.
* Added additional licensed sites.

If you encounter any bugs, please let us know.

We are hard at work on the next versions of Penango!

President and CEO
Penango, Inc.

How to get Email Certificate?

Here is a brief rundown on how to get a certificate from Comodo.

You have a choice in where you get your certificates; we do not endorse any particular CA (yet).

However, if you are in a hurry, the following procedure should work fairly seamlessly.


Note that there is a difference between the Certificate and the Private Key.

Private Key = secret numbers that only you know. It is really long and is usually used “indirectly”. It’s secret! Don’t lose it! And don’t give it away!

Certificate = info, provided by a certificate issuer (like VeriSign or Comodo), that says who owns the private key. The certificate contains the public key, which is ok to distribute (hence “public”) but is mathematically related to the private key.

How to understand:

Think of the certificate like your driver’s license. It is issued by a well-known authority (state of California) and has information on it that identifies you.

Think of the “private key” like your face or your fingerprint. It is attached to your body–and is personal to you. Your driver’s license includes a *photograph* of your face, but not your actual face. A verifier is supposed to look at your driver’s license and make sure that the photograph matches the face they are looking at in person. While people can take pictures of your face, they can’t steal your actual face!

The private key is just the same. The certificate contains a mathematically related copy of your private key, called the “public key”. But this info can’t be used to derive the private key.


Ok now, how to get the cert:

I recommend that you use Firefox, but you can use IE instead if you really want.

Enter your info.

Firefox will generate a private key internally, and submit a certificate request. THE PRIVATE KEY IS IMPORTANT, even though it just flashes by. You must keep your private key secret in order to have security. Just remember this mantra: “keep your [private] key to yourself.”

If you use IE, MAKE SURE that the private key is marked as “exportable”. Look in the advanced/details for any options to that effect.

You will get a ping e-mail; confirm it.

Comodo will push a certificate to your browser. Now you have a key + certificate.


You can also go to Tools > Certificate Manager if you have Cert Viewer Plus installed, a free extension for Firefox:

If you don’t have Cert Viewer Plus, you need to go through this long process:

Tools > Options > Advanced > Encryption > View Certificates > Your Certificates

Click “Backup”. Use a strong password, etc. The backup will be in a .p12 file.

Did you back it up? BACK IT UP.

Remember that with Comodo, you only get one e-mail address per certificate. If you have multiple e-mail addresses, you will need to go through this process again (and generate more private keys).

Know more about Penango from Penango

Email you will receive while signing up for Penango trial form Sean (President and CEO of Penango, Inc.)

Penango is a suite of web browser extensions that let anyone send and
receive authenticated and encrypted messages in webmail. (You knew that

There are significant differences between the Gmail S/MIME codebase and
Penango, now at 1.6.0 for IE and Firefox.

At a high-level, Penango has been re-engineered around binary components
that give the software much finer-grained control over the cryptography
process. We support all of the major parts of S/MIME v3 and have made
significant inroads into supporting S/MIME v3.1.

We have built new user interface constructs, like the Penango
Authentication Grammar, which you will see when you use the extension
with various certificates from CAs like:
TC TrustCenter
Verizon Business (formerly GTE Cybertrust)
Wells Fargo WellsSecure Certification Authority
U.S. Government
and others.

We have built much more robust abstractions to handle different
browsers, different privilege levels, and different webmail environments
compared with Gmail S/MIME.

We have full support in the main Penango Infobar UI (including the
Penango Authentication Grammar) for English, Spanish, German, and
Japanese. Just switch your webmail environment language, and the
extension will follow the webmail preference.

Since we also have an official partnership with Zimbra, a subsidiary of
VMware. We have focused most of our discretionary resources on improving
the user experience in the Zimbra webmail environment. You will see our
considerably deep and seamless user experience in that environment,
including properly saving encrypted drafts, a nice feature (among many
features) that we have not seen other S/MIME clients implement to-date.

That being said, Penango still has a ways to go. Many of the vestiges of
old, core design choices remain in the code. We will be addressing these
areas aggressively in future versions of Penango. By way of example:
1) The preference system has been built upon but has not been
substantially revised. For example, there is no preference to choose
when or how often to encrypt–the extension will aggressively try to
encrypt whenever you enter e-mail addresses (but will detect in advance
if encryption cannot be performed, due to missing public keys).
2) Our patent-pending certificate procurement and management features do
not exist in this version of Penango, as we continue to build the
supporting code around and for such features.

You should use HTTPS with the extension. If HTTPS is used, the
extension is hard-coded to check for certain licensed certificates,
eliminating possible man-in-the-middle attacks.

Feel free to report any bugs that you find but be aware of these issues.

Also feel free to explore the preference system in the Tools > Add-Ons >
Penango > Options dialog box. You can set specific certificates to use
for signing and encrypting, for example, on a per-e-mail address basis.

We currently support Gmail v2 and Zimbra (v5 and v6).