Aaron, I don't know much about encryption other than just using PGP myself. However, I would think that encrypting an e-mail message and sending it to a user would require the user to have a key to decrypt it as well as some client side software to actually perform the decryption. Seems like an unreliable requirement. Are they dead set on encrypting the e-mail? If you can convince them otherwise, here's a solution I've been put through on a couple sites out there: 1. I sign up for an account by providing my e-mail address and a username. 2. I receive an e-mail from the site saying "You signed up, this message confirms your e-mail address is valid and here's a temp password. Go change it." But this message does not contain the username I've entered on the site. 3. I go back to the site, enter my username and temp password and change it to something meaningful to me. 4. I get access to what I'm supposed to have access to. 5. I receive a confirmation e-mail just saying that the password for my account on this site has been changed. But, neither the username NOR password is not included in the e-mail. The "security" here is that the username is NEVER sent to the user. If e-mails were intercepted, the hacker would have the password, but not the username. As long as both are required for authentication, you should be set. You could reverse this logic by sending the username and never the password with similar results. Might not necessarily be the BEST solution, but I've seen it used in various places. > -----Original Message----- > From: Aaron Wolski [mailto:aaronjw@martekbiz.com] > Sent: Friday, November 15, 2002 11:47 AM > To: 'Hutchins, Richard'; php-db@lists.php.net > Subject: RE: Email Encryption? > > > The user account is setup via the Admin util. > > The details are emailed to the account holder. > > Profile and Login information are contained within. > > > Aaron > > -----Original Message----- > From: Hutchins, Richard [mailto:Richard.Hutchins@GetingeCastle.com] > Sent: November 15, 2002 11:43 AM > To: php-db@lists.php.net > Subject: RE: Email Encryption? > > Can you explain how e-mail fits into the Admin solution? What is the > e-mail > used for? Setting up the accounts/passwords or sending the > account/password > to the user? > > > -----Original Message----- > > From: Aaron Wolski [mailto:aaronjw@martekbiz.com] > > Sent: Friday, November 15, 2002 11:39 AM > > To: 'Aaron Wolski'; php-db@lists.php.net > > Subject: RE: Email Encryption? > > > > > > Just thinking here.. > > > > > > PGP is not an option as it would mean EACH user being setup > would need > > the company's public key to decrypt. Not possible as they > setup a few > > hundred accounts each month. > > > > Hmm.. anything else? > > > > Argh :( > > > > Aaron > > > > -----Original Message----- > > From: Aaron Wolski [mailto:aaronjw@martekbiz.com] > > Sent: November 15, 2002 11:36 AM > > To: php-db@lists.php.net > > Subject: Email Encryption? > > > > <OFFTOPIC> > > > > Sorry for the off topic guys.. > > > > But I've just been informed that an application we developed for a > > client whereby they use an Admin tool to setup user accounts > > into their > > store needs to have the login (username and password) encrypted. > > > > I am thinking PGP for this but to be honest I've never really worked > > with PGP and wouldn't have the first clue. > > > > Does anyone have any experience with this or can offer and advise at > > all? > > > > Again, sorry for the OT discussion. > > > > Aaron > > > > > > > > -- > > PHP Database Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > > -- > PHP Database Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > > > -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
