Encrypting / Digitally Signed Emails

Discussion in 'MCDST' started by RemoteShark, Apr 7, 2007.

  1. RemoteShark

    RemoteShark Guest

    In a company exchange or POP3 environment, to be able to successfully send an
    an encrypted/digitally signed email to a recipient, would I need to send the
    digital ID to the user first and they send me theirs first in order for
    future emails to be successfully sent?

    I have looked around, but thought to see if I could ask any wise people here!

    RemoteShark
    RemoteShark, Apr 7, 2007
    #1
    1. Advertising

  2. RemoteShark

    catwalker63 Guest

    RemoteShark piffled away vaguely:

    > In a company exchange or POP3 environment, to be able to successfully send an
    > an encrypted/digitally signed email to a recipient, would I need to send the
    > digital ID to the user first and they send me theirs first in order for
    > future emails to be successfully sent?
    >
    > I have looked around, but thought to see if I could ask any wise people here!
    >
    > RemoteShark


    Usually you would use public key encryption and send your public key.
    Your recipient should send you their public key. You use the recipients
    public key to encrypt the message and your private key to sign. They do
    encrypt with your public key and sign with their private key. When
    you receive a message, you decrypt with your private key and check the
    signature with their public key. Clear as mud?
    --

    Catwalker
    MCNGP #43
    www.mcngp.com
    "I have a gun. It's loaded. Shut up."
    catwalker63, Apr 7, 2007
    #2
    1. Advertising

  3. RemoteShark

    RemoteShark Guest

    hmmm... I think I got it.

    So lets say their is a new company policy to encrypt all messages to a
    company finance officer, but once staff start to send an emails being
    encrypted to this person, they recieve an error. I would then have to
    instruct the finance director to send his public key to all staff members in
    order for them to be able to send encrypted email back to the finance
    director?

    I think i got it.
    Sort of like an authenication in advance!?!?

    RemoteShark

    "catwalker63" wrote:

    > RemoteShark piffled away vaguely:
    >
    > > In a company exchange or POP3 environment, to be able to successfully send an
    > > an encrypted/digitally signed email to a recipient, would I need to send the
    > > digital ID to the user first and they send me theirs first in order for
    > > future emails to be successfully sent?
    > >
    > > I have looked around, but thought to see if I could ask any wise people here!
    > >
    > > RemoteShark

    >
    > Usually you would use public key encryption and send your public key.
    > Your recipient should send you their public key. You use the recipients
    > public key to encrypt the message and your private key to sign. They do
    > encrypt with your public key and sign with their private key. When
    > you receive a message, you decrypt with your private key and check the
    > signature with their public key. Clear as mud?
    > --
    >
    > Catwalker
    > MCNGP #43
    > www.mcngp.com
    > "I have a gun. It's loaded. Shut up."
    >
    >
    RemoteShark, Apr 7, 2007
    #3
  4. RemoteShark

    catwalker63 Guest

    RemoteShark piffled away vaguely:

    > hmmm... I think I got it.
    >
    > So lets say their is a new company policy to encrypt all messages to a
    > company finance officer, but once staff start to send an emails being
    > encrypted to this person, they recieve an error. I would then have to
    > instruct the finance director to send his public key to all staff members in
    > order for them to be able to send encrypted email back to the finance
    > director?
    >
    > I think i got it.
    > Sort of like an authenication in advance!?!?
    >

    If this is internal, you should be have a mechanism for your users to
    aquire public keys. It's been a while since I messed with this so I'm
    a. little fuzzy on the implementation details. You'll need some more
    expert help if you're going to get into how to set it up.

    You will need to decide if you are going to issue keys yourself or get
    them from Thawte or Verisign. Are these keys going to be used only
    internally or do people outslde your company need to send you
    encrypted emails? Do you need just one or two certificates, or a whole
    bunch?

    As for authentication in advance, I'm not sure I follow you. The public
    key cryptography structure allows you to both sign (to verify the sender
    is who they say the are and the message hasn't been tampered with) and
    encrypt (to protect the content) the message.

    --

    Catwalker
    MCNGP #43
    www.mcngp.com
    "I have a gun. It's loaded. Shut up."
    catwalker63, Apr 8, 2007
    #4
  5. RemoteShark

    RemoteShark Guest

    I think I may have written this too difficult.

    This scenario is only for internal purposes, I believe.

    -----------------------------------------------------------------------------------------------
    A new company policy requires all ofice users to send encrypted email
    messages to the financial director. A digital certificate is issued by the
    systems administrator for encrypting email messages. When the office users
    try to send the emails to the financial director, they all get an error.
    Would I need to instruct the financial director to send his digital
    certificate to all office users so that the office users are able to send
    encrypted email messages to the financial director or would I need to
    instruct each office user to use EFS to encrypt each office users digital
    ceritificate and instruct them to resend the email messages to the financial
    director.
    ------------------------------------------------------------------------------------------------

    Thank you in advance for your help!

    RemoteShark


    "catwalker63" wrote:

    > RemoteShark piffled away vaguely:
    >
    > > hmmm... I think I got it.
    > >
    > > So lets say their is a new company policy to encrypt all messages to a
    > > company finance officer, but once staff start to send an emails being
    > > encrypted to this person, they recieve an error. I would then have to
    > > instruct the finance director to send his public key to all staff members in
    > > order for them to be able to send encrypted email back to the finance
    > > director?
    > >
    > > I think i got it.
    > > Sort of like an authenication in advance!?!?
    > >

    > If this is internal, you should be have a mechanism for your users to
    > aquire public keys. It's been a while since I messed with this so I'm
    > a. little fuzzy on the implementation details. You'll need some more
    > expert help if you're going to get into how to set it up.
    >
    > You will need to decide if you are going to issue keys yourself or get
    > them from Thawte or Verisign. Are these keys going to be used only
    > internally or do people outslde your company need to send you
    > encrypted emails? Do you need just one or two certificates, or a whole
    > bunch?
    >
    > As for authentication in advance, I'm not sure I follow you. The public
    > key cryptography structure allows you to both sign (to verify the sender
    > is who they say the are and the message hasn't been tampered with) and
    > encrypt (to protect the content) the message.
    >
    > --
    >
    > Catwalker
    > MCNGP #43
    > www.mcngp.com
    > "I have a gun. It's loaded. Shut up."
    >
    >
    RemoteShark, Apr 8, 2007
    #5
  6. RemoteShark

    catwalker63 Guest

    RemoteShark piffled away vaguely:

    > I think I may have written this too difficult.
    >
    > This scenario is only for internal purposes, I believe.
    >
    > -----------------------------------------------------------------------------------------------
    > A new company policy requires all ofice users to send encrypted email
    > messages to the financial director. A digital certificate is issued by the
    > systems administrator for encrypting email messages. When the office users
    > try to send the emails to the financial director, they all get an error.
    > Would I need to instruct the financial director to send his digital
    > certificate to all office users so that the office users are able to send
    > encrypted email messages to the financial director or would I need to
    > instruct each office user to use EFS to encrypt each office users digital
    > ceritificate and instruct them to resend the email messages to the financial
    > director.
    > ------------------------------------------------------------------------------------------------
    >
    > Thank you in advance for your help!
    >

    You're going to need to get a certficates appropriate for encrypting
    email from Thawte or a like service or set up your own certificate
    services (which IIRC requires at least 3 servers, one offline, to be
    secure) and issue them yourself. There will need to be a key exchange
    between your office users and the financial director. EFS would be
    appropriate to protect the private key of the key pair but you don't
    need it for the public key -- everyone is supposed to have access to
    that one. I think all the finance director should need to do is send a
    message to each user, once the key is installed but I'm a little fuzzy
    on the details, as I said.

    I think the implemenation process is too lengthy and complicated a
    process to nail down using a newsgroup and I, for one, am no expert. I
    suggest you get a book or two on PKI.
    --

    Catwalker
    MCNGP #43
    www.mcngp.com
    "I have a gun. It's loaded. Shut up."
    catwalker63, Apr 8, 2007
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?Sm9lbC1ERA==?=

    Wireless Network Encrypting + Problems

    =?Utf-8?B?Sm9lbC1ERA==?=, Aug 11, 2005, in forum: Wireless Networking
    Replies:
    2
    Views:
    376
  2. Encrypting entire partitions

    , Nov 29, 2003, in forum: Computer Support
    Replies:
    3
    Views:
    360
    M Mullen
    Dec 1, 2003
  3. Anastasio A Rossi

    Encrypting

    Anastasio A Rossi, Aug 27, 2005, in forum: Computer Support
    Replies:
    1
    Views:
    486
    uh Clem...
    Aug 29, 2005
  4. Harry Liston

    filtering digitally

    Harry Liston, Aug 22, 2003, in forum: Digital Photography
    Replies:
    3
    Views:
    311
    Graham
    Aug 27, 2003
  5. M D
    Replies:
    0
    Views:
    393
Loading...

Share This Page