G
Guest
I am looking for a way to encrypt out going email messages in Outlook. We
are not using exchange server
are not using exchange server
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
N
Noel All
You will need a Certificate, for example Verisign offer Certificates
http://www.verisign.com/products-se...i/pki-application/email-digital-id/index.html
http://www.verisign.com/products-se...i/pki-application/email-digital-id/index.html
L
lynn
Perry said:I am looking for a way to encrypt out going email messages in Outlook. We
are not using exchange server
the standard technology is asymmetrical key cryptography ... what one
key encodes, the other key decodes (as opposed to symmetrical key
cryptography where the same key both encrypts and decrypts)
there is a business process, public key ... where one of the keypair is
designated "public" and freely distributed; the other of the keypair is
designated private, kept confidential and is *never* divulged.
the standard method of sending encrypted email is to obtain the
recipient's public key .... this can be done in a number of ways and
most infrastructures provide ways of either dynamically obtaining the
recipient's key ... and having it already stored in your local trusted
public key repository.
the simple mechanism is to encode the data with the recipient's public
key and then only the recipient's private key is able to decode it.
because of asymmetrical cryptography performance issues ... many
implementations will generate a random symmetric key, encrypt the data
with the symmetric key and then encode the symmetric key ... and
transmit both the encrypted data and the encoded key. only the
recipient's private key can decode and recover the symmetric key ...
and only by recovering the symmetric key can the body of the message be
decrypted.
for somebody to send you encrypted mail ... you will need to have
generated a public/private key pair and transmitted your public key to
the other party. for you to send another party encrypted mail ... they
will have needed to have generated a public/private key pair ... and
you will need to have obtained their public key.
PGP/GPG have individuals exchanging keys directly and storing them in
their local trusted public key storage. PGP/GPG infrastructure also
support real-time, online public key registry.
there is a business process, digital signatures. here the hash of the
message is computed and encoded with the private key ... the messaage
and the digital signature is transmitted. the recipient recomputes the
hash of the message, decodes the digital signature (resulting in the
original hash) and compares the two hash values. if they are the same,
then the recipient can assume:
1) the message hasn't been altered since signing
2) "something you have" authentication ... aka the signer has access to
and use of the corresponding private key
There is also a PKI, certificate-based infrastructure that is targeted
at the offline email environment from the early 80s. Somebody dials
their local (electronic) post office, exchanges email, hangs up and is
now possibly faced with first time communication. This is somewhat the
letters of credit environment from the old offline sailing ship days
where the recipient had no provisions for authenticating first time
communication with complete strangers
An infrastructure is defined where people load up their trusted public
key repositories with public keys belonging to *certification
authorities*. When somebody has generated a public/private key pair ...
they go to a certification authority and register the public key and
other information. The certification authority generates a digital
certificate contain the applicants public key and other information
which is digitally signed by the certification authorities private key
(public can verify the digital signature using the certification
authorities public key from their trusted public key repository). This
provides a recipient a way of determining some information about a
stranger in first time communication ... aka the stranger has digital
signed a message and transmitted the combination of the message, their
digital signature and their digital certificate. The recipient 1)
verifies the certification authorities digital signature on the digital
certificate, 2) takes the public key from the digital certificate and
verifies the digital signature on the message, 3) uses the other
information in the digital certificate in determining basic information
about the total stranger first time communication).
You can push a message and your digital signature to a stranger
(possibly along with your digital certificate) ... but you can't
actually encrypt the message for the stranger ... w/o first obtaining
their public key.