Re: Encrypting email

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Apr 21, 2009 at 9:43 AM, Bob McConnell <rvm@xxxxxxxxx> wrote:
> From: tedd [mailto:tedd.sperling@xxxxxxxxx]
>> At 9:49 AM -0400 4/21/09, Bob McConnell wrote:
>> >From: tedd
>> >>  At 8:39 AM -0400 4/21/09, Bob McConnell wrote:
>> >>>I have been asked by a product manager what our options are for
>> >>>encrypting email messages with sensitive information. We are
> currently
>> >>>using PHPMailer to send email. What can be done to encrypt those
>> >>>messages? Can it be done without OOP?
>> >>
>> >>   From within a php script, it's not a problem to encrypt a text
> string
>> >
>> >>  and send it as email. The sending of the email and the encrypting
> the
>> >>  contents are two different issues. You may want to look at it that
>> >>  way.
>> >
>> >But can it be done so the recipient's email client will automatically
>> >open and decrypt the message? How do you make it as seamless as
> possible
>> >for them, preferably so they don't even realize the message was
>> >encrypted?
>>
>> At some point both parties (sender/receiver) must know (agree) what
>> the encrypting mechanism is.
>>
>> If I was writing a script to do this for a client, I must have
>> control over both the send and receive scripts and then I could
>> deliver the email to the client seamlessly. They would never know
>> what happened in the background.
>>
>> However, if your client wants to send stuff to anyone and have it
>> encrypted without knowing who the receiver is going to be, then there
>> is no way to do this. Both the sender and receiver must agree on the
>> encrypting mechanism either by providing passwords OR by you having
>> access to both the sending and receiving scripts. As I see it, there
>> is no other way.
>
> These will be targeted emails for selected recipients, primarily in the
> Security and Public Safety offices. But they will be sent via public
> mail servers, so the content must be protected.
>
> Knowing the first site where this would go for field trials, I suspect
> most recipients are using some version of Microsoft Outlook. But other
> sites down the road are likely to have different clients. That end is
> completely outside of my control or influence. All I can do is recommend
> packages for them to download and install. I already know I need to get
> a public key from each recipient before I can encrypt their messages,
> but that's as far as I have gotten. I did glance at the GPG site
> earlier, and it appears they only support the version of Outlook in
> Office 2003.
>
> I have a feeling this is going to get messy, at least on the deployment
> end.

This may alleviate some of the mess:
http://blog.cumps.be/gpg-in-outlook-2007-outlookgnupg/


-- 
// Todd

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux