RE: Email Encryption

From: evetsleep (evetsleep_at_gmail.com)
Date: 07/28/05

  • Next message: Ansgar -59cobalt- Wiechers: "Re: Packet analysis and protocol analysis"
    To: "'Chris Griffin'" <cgriffin@dcmindiana.com>, "'Security Basics'" <security-basics@securityfocus.com>
    Date: Thu, 28 Jul 2005 10:01:29 -0400
    
    

    Have you considered x.509 certificates to create S\MIME v3 encrypted
    messages? x.509 is standardized and should work with most mail clients
    (Outlook, Pine, Thunderbird, Eudora, etc..). Depending on whether you need
    to send encrypted messages with external parties you could build you own CA
    and create your own certificates for your customers. If the number of certs
    you need is not to many (or you need to use a inherently trusted
    certificate) then perhaps buying them from a trusted CA such as VeriSign
    would be the path to go. Overall S/MIME works pretty well cross platform
    and the overhead is quite low (depending on if you need to manage your own
    CA or not).

    Best regards,
    Steven

    -----Original Message-----
    From: Chris Griffin [mailto:cgriffin@dcmindiana.com]
    Sent: Monday, July 25, 2005 3:14 PM
    To: Security Basics
    Subject: Email Encryption

    Hello list,
    Im trying to gather information on the best route to go with email
    encryption.
    I would just jump at PGP, but there are also Linux machines to be involved.
    I was testing out WinPT/GPG, and that works well, but there seem to be
    periodic glitches.
    Since many of the people that will be involved in sending/recieving
    encrypted company email are not technical, and some offsite, Id like
    something that involved the least support
    possible.

    Does anyone have any recomendations or sugestions?

    Thanks,
    Chris

    ------------------------------------------------------------------------
    CONFIDENTIALITY NOTICE:

    This e-mail message, including any attachments, is for the sole use of the
    intended recipient(s) and may contain confidential and privileged
    information. Any unauthorized review, use, disclosure or distribution is
    prohibited. If you are not the intended recipient, please contact the sender
    by reply and destroy all copies of the original message.
    ---------------------------------------------------------------------------


  • Next message: Ansgar -59cobalt- Wiechers: "Re: Packet analysis and protocol analysis"

    Relevant Pages

    • Re: Certificate attributes for Smart Card Logon
      ... unfortunately, as far as I know if you have the "Secure Email" application Policy set, a certificate by default may not just be used for email signature but also email encryption! ... If you enable the Smart Card Logon, Client Authentication, and Secure Email application Policies, this ensure that the smart card cannot be used for actual encryption. ... My domain controllers each already have their own certificates. ...
      (microsoft.public.windows.server.security)
    • Re: Certificate attributes for Smart Card Logon
      ... signature but also email encryption! ... If you enable the Smart Card Logon, Client Authentication, and Secure ... controllers each already have their own certificates. ...
      (microsoft.public.windows.server.security)
    • Re: RECOVERING MY ENCRYPTED HD FROM DEAD WINDOWS 2000
      ... certificates were probably only stored on the reinstalled ... file encryption key - different for each file, ... document formats have some standard bytes in - once matched ... The install wouldn't ...
      (microsoft.public.windowsxp.security_admin)
    • Re: Sending signed and encrypted email.
      ... The user may have 1 or more certificates, ... via an AD lookup, you would want their encryption certificate, not their ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... I am new to framework 2.0 so unsure about the capabilities of the ...
      (microsoft.public.dotnet.security)
    • Re: decrypting files from XP - tough question
      ... EFS uses a hybrid asymmetric/symmetric encryption scheme. ... It is to those keys which EFS encrypted the ... That session key can only be retrieved by those same certificates. ...
      (microsoft.public.security)