On Sep 21, 2010, at 1:00 AM, Erik L. Arneson wrote: > On Thu, 16 Sep 2010, Nathan Rixham wrote: >> Floyd Resler wrote: >>> I need to send encrypted email. Can I use our server's signed certificate we use for Apache? >> >> Yes you can use the servers certificate, you can use any x509 >> certificate you like - however, I'd recommend checking out >> startssl.org who will give you a free smime certificate. > > But that is probably just for *signing* the email. If you'd like to > encrypt email, you will need a public key or shared secret from the > email recipient. > > -- > Erik Arneson <dybbuk@xxxxxxxxx> > GPG Key ID : 1024D/62DA1D25 BitCoin : 1LqvuGUqJ4ZUSoE7YE9ngETjwp4yZ2uSdP > Office : +1.541.291.9776 Skype : callto://pymander > http://www.leisurenouveau.com/ > > I got it all figured out. The part I was missing was combining the certificate with the key and giving it to the end-user to install on their system. I was able to use the Web server's certificate for the encryption. The interesting thing is that the client wants ALL passwords sent via encrypted email. Of course, they need the P12 file installed in order to view the email and that requires a password to install it. So, obviously, I can't send that password encrypted. So, my solution is to provide a Web page that the user gets to by an emailed link that has a unique identifier and the user must enter a piece of personal information for verification (in this case, ZIP code). Once verified, they are shown the password on the page. That's the only way I can think of to do it. Is that a good solution or does someone have a better way? Thanks! Floyd -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
