On Tue, Apr 21, 2009 at 9:43 AM, Bob McConnell <rvm@xxxxxxxxx> wrote: > From: tedd [mailto:tedd.sperling@xxxxxxxxx] >> At 9:49 AM -0400 4/21/09, Bob McConnell wrote: >> >From: tedd >> >> At 8:39 AM -0400 4/21/09, Bob McConnell wrote: >> >>>I have been asked by a product manager what our options are for >> >>>encrypting email messages with sensitive information. We are > currently >> >>>using PHPMailer to send email. What can be done to encrypt those >> >>>messages? Can it be done without OOP? >> >> >> >> From within a php script, it's not a problem to encrypt a text > string >> > >> >> and send it as email. The sending of the email and the encrypting > the >> >> contents are two different issues. You may want to look at it that >> >> way. >> > >> >But can it be done so the recipient's email client will automatically >> >open and decrypt the message? How do you make it as seamless as > possible >> >for them, preferably so they don't even realize the message was >> >encrypted? >> >> At some point both parties (sender/receiver) must know (agree) what >> the encrypting mechanism is. >> >> If I was writing a script to do this for a client, I must have >> control over both the send and receive scripts and then I could >> deliver the email to the client seamlessly. They would never know >> what happened in the background. >> >> However, if your client wants to send stuff to anyone and have it >> encrypted without knowing who the receiver is going to be, then there >> is no way to do this. Both the sender and receiver must agree on the >> encrypting mechanism either by providing passwords OR by you having >> access to both the sending and receiving scripts. As I see it, there >> is no other way. > > These will be targeted emails for selected recipients, primarily in the > Security and Public Safety offices. But they will be sent via public > mail servers, so the content must be protected. > > Knowing the first site where this would go for field trials, I suspect > most recipients are using some version of Microsoft Outlook. But other > sites down the road are likely to have different clients. That end is > completely outside of my control or influence. All I can do is recommend > packages for them to download and install. I already know I need to get > a public key from each recipient before I can encrypt their messages, > but that's as far as I have gotten. I did glance at the GPG site > earlier, and it appears they only support the version of Outlook in > Office 2003. > > I have a feeling this is going to get messy, at least on the deployment > end. This may alleviate some of the mess: http://blog.cumps.be/gpg-in-outlook-2007-outlookgnupg/ -- // Todd -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
