General discussion


Encrypting E-mail

By Tiffany2 ·
I have been asked to implement e-mail encryption on the e-mails people on my domain send to our clients. The CTO wants select people on my network to be able to send encrypted e-mails with minimal set-up and no required technical knowledge needed by users. I have been the Sys Admin for my company for 5 years but we've never needed this so I haven't got any experience with it. Can anyone give me a starting point.I have started testing with Verisign Digital ID's but that seems to require some work by the end user which I need to try and avoid.
Any help would be appreciated.


This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

PGP Universal

by mrafrohead In reply to Encrypting E-mail

It's pretty damned expensive, BUT it fits what you said to the T...

Collapse -


by awfernald In reply to Encrypting E-mail

If you are doing this with external clients, then they will need to get encryption going as well, as when you send an encrypted e-mail to someone, you need to have access to their "public" key part of their encryption.

Collapse -

hence my recommendation.

by mrafrohead In reply to However....

PGP universal you will run on the companies end. It is it's own *nix server.

What it will do is many different things. How you configure it on the inside is your business, and I won't go into the details of that.

But I will go into the details of the end user.

You have three choices as the end user. You can purchase PGP and use that.

Or you can download a "plugin" from your company that is supplied with PGP universal. I don't remember how many "plugins" you are allowed in your initial license, but you will more than likely never exceed it. When they have the plugin, they will have a dummied down version of PGP and they can use it to decrypt the messages from you and store the encrypted messages on their stand alone box.

Lastly, you can also have the server send a link. This is helpful if the end user doesn't want to purchase pgp or install the plugin. The link will guide them into your server over a secure connetion and from there they will have to authenticate. Once authentication happens on the secure connection, it will display a plain text copy of the e-mail for the end user to read, but they will be able to do nothing else with it, but read it.

Hope this explains it a little further.

Collapse -

I agree you want PGP

by TomSal In reply to Encrypting E-mail

But as stated it is costly to set up.

An alternative is you technically can download some freeware encryption software that encrypts your documents then you can send them. The reason I say "technically" is because the catch is the person you are sending to has to have the same crypto software installed at their end and know the password to unlock it.

It works great...the tool I used even had a crypto strength of 4096 bit (if you have any crypto experience you'll know that is HUGE).

I used to use it all the time with a friend of mine who lives thousands of miles away, therefore email was ideal for sending documents. The documents had financial information in them and account numbers so that's why I used the crypto software. When we saw each other in person that's when I verbally informed her of the password she'll use to unlock the message on her end.

Collapse -

Tom's right

by Jaqui In reply to Encrypting E-mail

the important thing is the software has to match.

gnu pgp is an open source version of pgp, with the same functionality.

but, is it encryption or digital signing you want?
if the latter, just to to verisign/thawte and buy a cert for the enterprise ( company )
install that as default for entire network.

if encryption, then every single user will need a public and private key pair to encrypt and decrypt messages. or they could just have a copy of the key pair for the company, then they can encrypt and decrypt messages.

company can courier the public key on disk to customers that will need to be able to decrypt the messages.
never, ever send the public key through email
it's to easy for it to be intercepted and saved by others defeating the purpose of the encryption

Collapse -

Use Verisign

by dafe2 In reply to Encrypting E-mail

Although Verisign seems to require end user involvement it's MUCH less than a PGP option.

Once (you) setup the cert all that's required from the user is to place the recipient in they're address book.....that's it. If they want to encrypt mail - They click on the radio button.

We've used Verisign for two years with no grief.

Collapse -

RE: Encrypting E-mail

by Info-Safety, LLC In reply to Encrypting E-mail

If you are looking for cheap and simple, try Steganos Security Suite. You can encrypt as .exe or .cab, and all the recipient needs to decrypt is the password. Steganos even tells you about your password strength.

I hope this helps.

Craig Herberg

Related Discussions

Related Forums