I was recently asked by the VP of Finance to evaluate file encryption software for sending confidential documents via public internet e-mail. After testing several options with him, we found a software package that meets all of his needs.
The problem is that he is looking for some validation or guarantee that the software is actually encrypting the file as specified.
I spoke with the manufacturer who could only give me verbal reassurances that the software worked in accordance with the prescribed encryption algorithms. This isn’t enough proof, however. I asked the manufacturer if their software was ever validated by an outside lab and the answer was no.
Does anybody have any ideas on how I can go about “proving” that this or any other encyrption software is actually working.
Thanks.
