Simple encryption method for email attachment

Discussion in 'Computer Security' started by Fred, Jan 24, 2006.

  1. Fred

    Fred Guest

    Ideally, I would like to find a program or other method to encrypt a file
    for sending by email where I can choose a key (5-10 letter word etc) which I
    can then give the receiving party by phone. Can anyone recommend a simple
    way to encrypt a file to be sent by email?

    Thanks.

    Fred
    Fred, Jan 24, 2006
    #1
    1. Advertising

  2. Fred

    nemo_outis Guest

    "Fred" <> wrote in
    news:D%rBf.71$iD.55@trnddc08:

    > Ideally, I would like to find a program or other method to encrypt a
    > file for sending by email where I can choose a key (5-10 letter word
    > etc) which I can then give the receiving party by phone. Can anyone
    > recommend a simple way to encrypt a file to be sent by email?
    >
    > Thanks.
    >
    > Fred


    Winrar
    nemo_outis, Jan 24, 2006
    #2
    1. Advertising

  3. Fred wrote:

    > Ideally, I would like to find a program or other method to encrypt a file
    > for sending by email where I can choose a key (5-10 letter word etc) which
    > I can then give the receiving party by phone. Can anyone recommend a
    > simple way to encrypt a file to be sent by email?


    PGP does both "conventional encryption" where the file is encrypted to a
    pass phrase only, and a nifty feature called SDA or (S)elf (D)ecrypting
    (A)rchive where you sent the recipient a file containing everything they
    need to decrypt the file including the "executable program" itself. IOW,
    all they need is the pass phrase you'd supply over the phone, they
    wouldn't even have to install PGP if they didn't want to.

    Plus, PGP is widely used so it's more likely to interface with more email
    clients in easier ways, and you'll have an easier time getting help if
    you're having trouble understanding something. How ideal is that? ;)
    Borked Pseudo Mailed, Jan 24, 2006
    #3
  4. Fred

    TwistyCreek Guest

    nemo_outis wrote:

    > "Fred" <> wrote in
    > news:D%rBf.71$iD.55@trnddc08:
    >
    >> Ideally, I would like to find a program or other method to encrypt a
    >> file for sending by email where I can choose a key (5-10 letter word
    >> etc) which I can then give the receiving party by phone. Can anyone
    >> recommend a simple way to encrypt a file to be sent by email?
    >>
    >> Thanks.
    >>
    >> Fred

    >
    > Winrar


    Thought about suggesting something like that, but last I knew (ages ago)
    the "encryption" methods implemented in archivers were a little on the
    weak side. To be polite about it. It's certainly possible that's changed,
    but I still believe using the "proper tool" applies. Email integration
    would obviously make usage easier, and easier means it's less likely to be
    abused or ignored. ;)

    An aside.... can WinRAR or even the current version of WinZip generate
    the "SFX" archives that command line versions of PKZip did/do?
    TwistyCreek, Jan 24, 2006
    #4
  5. Fred

    nemo_outis Guest

    TwistyCreek <> wrote in
    news::

    > nemo_outis wrote:
    >
    >> "Fred" <> wrote in
    >> news:D%rBf.71$iD.55@trnddc08:
    >>
    >>> Ideally, I would like to find a program or other method to encrypt a
    >>> file for sending by email where I can choose a key (5-10 letter word
    >>> etc) which I can then give the receiving party by phone. Can anyone
    >>> recommend a simple way to encrypt a file to be sent by email?
    >>>
    >>> Thanks.
    >>>
    >>> Fred

    >>
    >> Winrar

    >
    > Thought about suggesting something like that, but last I knew (ages
    > ago) the "encryption" methods implemented in archivers were a little
    > on the weak side. To be polite about it. It's certainly possible
    > that's changed, but I still believe using the "proper tool" applies.
    > Email integration would obviously make usage easier, and easier means
    > it's less likely to be abused or ignored. ;)
    >
    > An aside.... can WinRAR or even the current version of WinZip generate
    > the "SFX" archives that command line versions of PKZip did/do?



    Winrar uses 128-bit AES which is plenty strong (older pkzip encryption is
    much weaker). And, yes, Winrar supports SFX (Warning: some email filters
    may reject executable attachments).

    Regards,
    nemo_outis, Jan 24, 2006
    #5
  6. nemo_outis wrote:

    >>> Winrar

    >>
    >> Thought about suggesting something like that, but last I knew (ages ago)
    >> the "encryption" methods implemented in archivers were a little on the
    >> weak side. To be polite about it. It's certainly possible that's
    >> changed, but I still believe using the "proper tool" applies. Email
    >> integration would obviously make usage easier, and easier means it's
    >> less likely to be abused or ignored. ;)
    >>
    >> An aside.... can WinRAR or even the current version of WinZip generate
    >> the "SFX" archives that command line versions of PKZip did/do?

    >
    >
    > Winrar uses 128-bit AES which is plenty strong (older pkzip encryption is
    > much weaker).


    I could probably debate the "plenty strong" part by pointing out that it's
    even easier to use an integrated solution (PGP email plugin) that doubles
    the bits by default and does the compression anyway, not to mention
    adds the element of more secure integrity checking and usable
    authentication, but I won't. <g>

    It's been a looooong while since I used any of them, thanks for the
    clarification. It was older (2.04g?) versions of PKZip I was thinking
    about. I even found a paper I wrote on the subject some 15 years ago. :)

    > And, yes, Winrar supports SFX (Warning: some email filters
    > may reject executable attachments).


    Good deal. I agree with the executable attachments warning. It's always a
    good idea to send a companion message to ANY message with a valuable
    attachment in it giving the recipient a heads up. That way they can let
    you know if the attachment doesn't show.
    Borked Pseudo Mailed, Jan 24, 2006
    #6
  7. Fred

    nemo_outis Guest

    Borked Pseudo Mailed <> wrote in
    news::

    > nemo_outis wrote:
    >

    ....snip...
    >> Winrar uses 128-bit AES which is plenty strong (older pkzip
    >> encryption is much weaker).

    >
    > I could probably debate the "plenty strong" part by pointing out that
    > it's even easier to use an integrated solution (PGP email plugin) that
    > doubles the bits by default and does the compression anyway, not to
    > mention adds the element of more secure integrity checking and usable
    > authentication, but I won't. <g>



    The appeal of winrar is that it a program of widespread utility that is
    also quite serviceable for managing compressed and encrypted e-mail
    attachments (it is, for instance, a mainstay in using binary newsgroups).
    I agree that programs targeted at a specific application (e.g., pgp plugin
    for email) may be handier for that particular use, but that philosophy can
    lead to an inconvenient number of tools, each a one-trick pony.

    Winrar does compression as well as encryption (in fact, encryption is the
    addon). The rar format has a number of fillips including SFX and optional
    recovery protection (i.e., through adjustable redundancy), and (decidedly
    weak) authentication. The ability to store, not just individual files, but
    multiple files, or even entire directory trees, is very convenient. ...as
    is the ability to break an archive into multiple files of specified size
    (e.g., if sender or receiver email has, say, a 5-meg attachment limit per
    message).

    ....snip...

    Regards,
    nemo_outis, Jan 24, 2006
    #7
  8. Fred

    Dave Keays Guest

    Borked Pseudo Mailed wrote:
    > Fred wrote:
    >
    >
    >>Ideally, I would like to find a program or other method to encrypt a file
    >>for sending by email where I can choose a key (5-10 letter word etc) which
    >>I can then give the receiving party by phone. Can anyone recommend a
    >>simple way to encrypt a file to be sent by email?

    >
    >
    > PGP does both "conventional encryption" where the file is encrypted to a
    > pass phrase only, and a nifty feature called SDA or (S)elf (D)ecrypting
    > (A)rchive where you sent the recipient a file containing everything they
    > need to decrypt the file including the "executable program" itself. IOW,
    > all they need is the pass phrase you'd supply over the phone, they
    > wouldn't even have to install PGP if they didn't want to.
    >
    > Plus, PGP is widely used so it's more likely to interface with more email
    > clients in easier ways, and you'll have an easier time getting help if
    > you're having trouble understanding something. How ideal is that? ;)
    >


    Any comments on GPG with Enigmail? (The setup I have but haven't tested it
    thoroughly-- yet.

    >



    --

    Dave Keays
    Dave Keays, Jan 25, 2006
    #8
  9. Dave Keays wrote:

    >> PGP does both "conventional encryption" where the file is encrypted to a
    >> pass phrase only, and a nifty feature called SDA or (S)elf (D)ecrypting
    >> (A)rchive where you sent the recipient a file containing everything they
    >> need to decrypt the file including the "executable program" itself. IOW,
    >> all they need is the pass phrase you'd supply over the phone, they
    >> wouldn't even have to install PGP if they didn't want to.
    >>
    >> Plus, PGP is widely used so it's more likely to interface with more
    >> email clients in easier ways, and you'll have an easier time getting
    >> help if you're having trouble understanding something. How ideal is
    >> that? ;)
    >>
    >>

    > Any comments on GPG with Enigmail? (The setup I have but haven't tested it
    > thoroughly-- yet.


    Under Windows? There's some memory locking issues that weren't resolved
    last I knew. A potential for swapping sensitive data out to disk. And the
    Enigmail plugin isn't quite as functional as the PGP plugins generally
    are. But for the average Joe it's completely sufficient.

    I really like GnuGP, prefer it to PGP on all platforms in fact, but to
    some extent it's still a bit of a geek tool. PGP is a little more
    "refined" in the interface area, and probably a better choice for the
    casual users. Probably because it actually does incorporate a GUI rather
    than depend on third parties for the most part. That's got good points
    and bad points, but the bottom line is the more you use PGP/GnuPG the
    better off you are, so any bit of difficulty is a consideration. It's
    better to use a slightly less preferable but totally sufficient tool than
    it is to have the best tool in the world and not use it. ;)

    Most of that's just opinion (except for the memory thing I suppose), so
    take it for what it's worth.
    Borked Pseudo Mailed, Jan 25, 2006
    #9
  10. Fred

    Fred Guest

    Thanks, guys. How would I get winrar or pgp?

    "Borked Pseudo Mailed" <> wrote in message
    news:...
    > Fred wrote:
    >
    > > Ideally, I would like to find a program or other method to encrypt a

    file
    > > for sending by email where I can choose a key (5-10 letter word etc)

    which
    > > I can then give the receiving party by phone. Can anyone recommend a
    > > simple way to encrypt a file to be sent by email?

    >
    > PGP does both "conventional encryption" where the file is encrypted to a
    > pass phrase only, and a nifty feature called SDA or (S)elf (D)ecrypting
    > (A)rchive where you sent the recipient a file containing everything they
    > need to decrypt the file including the "executable program" itself. IOW,
    > all they need is the pass phrase you'd supply over the phone, they
    > wouldn't even have to install PGP if they didn't want to.
    >
    > Plus, PGP is widely used so it's more likely to interface with more email
    > clients in easier ways, and you'll have an easier time getting help if
    > you're having trouble understanding something. How ideal is that? ;)
    >
    >
    Fred, Jan 25, 2006
    #10
  11. Fred

    cypher Guest

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    "Fred" <> wrote in
    news:gFFBf.8866$zh2.1725@trnddc01:

    > Thanks, guys. How would I get winrar or pgp?


    WinRAR:
    www.rarlab.com
    but it's not free.

    Why not use 7zip?
    www.7-zip.org

    "7-Zip is free software distributed under the GNU LGPL"

    "The main features of 7z format:

    * Open architecture
    * High compression ratio
    * Strong AES-256 encryption
    * Ability of using any compression, conversion or encryption
    method
    * Supporting files with sizes up to 16000000000 GB
    * Unicode file names
    * Solid compressing
    * Archive headers compressing"

    It's free, it has so good or sometimes even better
    compression ratio than WinRAR, and uses AES 256:

    "7-Zip also supports encryption with AES-256 algorithm. This
    algorithm uses cipher key with length of 256 bits. To create
    that key 7-Zip uses derivation function based on SHA-256 hash
    algorithm. A key derivation function produces a derived key
    from text password defined by user. For increasing the cost
    of exhaustive search for passwords 7-Zip uses big number of
    iterations to produce cipher key from text password."

    If you want to use an archiver 7zip seems to be a better
    choice for you.

    You can buy PGP here:
    http://www.pgp.com/

    Or download GnuPG for free from here:
    http://www.gnupg.org/
    GPG is a command-line tool, if you would rather use something
    with GUI gpg4win is here:
    http://wald.intevation.org/projects/gpg4win/

    My recommendation-7zip or gpg4win (GnuPG if you like to work
    in command-line).

    cypher

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 8.1

    iQA/AwUBQ9d2XiPnLg7nPH4AEQKIDQCfdSD+TblBREkX4G7jKrEh1EZ3wE8An35B
    8yKlf02t/vSR7runSjgUUXtZ
    =fiG2
    -----END PGP SIGNATURE-----
    cypher, Jan 25, 2006
    #11
  12. Fred

    Bob Furtaw Guest

    WinZip is fairly popular, easily accessable and easy to use. Why not use
    the encryption feature in it?

    Bob
    "Dave Keays" <> wrote in message
    news:R5CBf.16416$...
    > Borked Pseudo Mailed wrote:
    >> Fred wrote:
    >>
    >>
    >>>Ideally, I would like to find a program or other method to encrypt a file
    >>>for sending by email where I can choose a key (5-10 letter word etc)
    >>>which
    >>>I can then give the receiving party by phone. Can anyone recommend a
    >>>simple way to encrypt a file to be sent by email?

    >>
    >>
    >> PGP does both "conventional encryption" where the file is encrypted to a
    >> pass phrase only, and a nifty feature called SDA or (S)elf (D)ecrypting
    >> (A)rchive where you sent the recipient a file containing everything they
    >> need to decrypt the file including the "executable program" itself. IOW,
    >> all they need is the pass phrase you'd supply over the phone, they
    >> wouldn't even have to install PGP if they didn't want to.
    >>
    >> Plus, PGP is widely used so it's more likely to interface with more email
    >> clients in easier ways, and you'll have an easier time getting help if
    >> you're having trouble understanding something. How ideal is that? ;)
    >>

    >
    > Any comments on GPG with Enigmail? (The setup I have but haven't tested it
    > thoroughly-- yet.
    >
    >>

    >
    >
    > --
    >
    > Dave Keays
    Bob Furtaw, Jan 25, 2006
    #12
  13. Fred

    Fred Guest

    Thanks. Are any of these setup so that I can enter my own password which is
    used for scrambling the bits and bites?

    "cypher" <> wrote in message
    news:dr7ulv$o4b$...
    > -----BEGIN PGP SIGNED MESSAGE-----
    > Hash: SHA1
    >
    > "Fred" <> wrote in
    > news:gFFBf.8866$zh2.1725@trnddc01:
    >
    > > Thanks, guys. How would I get winrar or pgp?

    >
    > WinRAR:
    > www.rarlab.com
    > but it's not free.
    >
    > Why not use 7zip?
    > www.7-zip.org
    >
    > "7-Zip is free software distributed under the GNU LGPL"
    >
    > "The main features of 7z format:
    >
    > * Open architecture
    > * High compression ratio
    > * Strong AES-256 encryption
    > * Ability of using any compression, conversion or encryption
    > method
    > * Supporting files with sizes up to 16000000000 GB
    > * Unicode file names
    > * Solid compressing
    > * Archive headers compressing"
    >
    > It's free, it has so good or sometimes even better
    > compression ratio than WinRAR, and uses AES 256:
    >
    > "7-Zip also supports encryption with AES-256 algorithm. This
    > algorithm uses cipher key with length of 256 bits. To create
    > that key 7-Zip uses derivation function based on SHA-256 hash
    > algorithm. A key derivation function produces a derived key
    > from text password defined by user. For increasing the cost
    > of exhaustive search for passwords 7-Zip uses big number of
    > iterations to produce cipher key from text password."
    >
    > If you want to use an archiver 7zip seems to be a better
    > choice for you.
    >
    > You can buy PGP here:
    > http://www.pgp.com/
    >
    > Or download GnuPG for free from here:
    > http://www.gnupg.org/
    > GPG is a command-line tool, if you would rather use something
    > with GUI gpg4win is here:
    > http://wald.intevation.org/projects/gpg4win/
    >
    > My recommendation-7zip or gpg4win (GnuPG if you like to work
    > in command-line).
    >
    > cypher
    >
    > -----BEGIN PGP SIGNATURE-----
    > Version: PGP 8.1
    >
    > iQA/AwUBQ9d2XiPnLg7nPH4AEQKIDQCfdSD+TblBREkX4G7jKrEh1EZ3wE8An35B
    > 8yKlf02t/vSR7runSjgUUXtZ
    > =fiG2
    > -----END PGP SIGNATURE-----
    Fred, Jan 26, 2006
    #13
  14. Fred

    cypher Guest

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    "Fred" <> wrote in
    news:gyaCf.11857$zh2.9259@trnddc01:

    > Thanks. Are any of these setup so that I can enter my own
    > password which is used for scrambling the bits and bites?


    After installing 7zip right click on the file and choose
    7zip/add to archive, in new window just enter password
    (additionally selecting "encrypt file names" is a good
    choice) , hit OK and that's all.

    In GPG for encrypting (symmetric):

    gpg -c -o encrypted_file file_for_encryption

    GPG will ask you for a passphrase and create encrypted output
    file named "encrypted_file" from "normal" (plaintext)
    unencrypted file named "file_for_encryption".

    For decryption type:

    gpg -d -o decrypted_file encrypted_file

    GPG will ask you for a passphrase and decrypt
    "encrypted_file".

    This is the easyiest way you can use GPG. It can much more
    than that, e.g. you can create digitall signatures and
    encrypt your messages using public key crypto. gpg4win
    installs a graphical interface for GPG so you don't have to
    type instructions.

    Regards,
    cypher

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 8.1

    iQA/AwUBQ9ljmCPnLg7nPH4AEQKRsQCgwMrQE72R6MJJuFK86t+ma4V/QtwAnRz3
    ynEzp9fpeYDPtWntxKKlqvls
    =a2DB
    -----END PGP SIGNATURE-----
    cypher, Jan 27, 2006
    #14
  15. Fred

    cypher Guest

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    "Fred" <> wrote in
    news:gyaCf.11857$zh2.9259@trnddc01:

    > Thanks. Are any of these setup so that I can enter my own
    > password which is used for scrambling the bits and bites?


    After installing 7zip right click on the file and choose
    7zip/add to archive, in new window just enter password
    (additionally selecting "encrypt file names" is a good
    choice) , hit OK and that's all.

    In GPG for encrypting (symmetric):

    gpg -c -o encrypted_file file_for_encryption

    GPG will ask you for a passphrase and create encrypted output
    file named "encrypted_file" from "normal" (plaintext)
    unencrypted file named "file_for_encryption".

    For decryption type:

    gpg -d -o decrypted_file encrypted_file

    GPG will ask you for a passphrase and decrypt
    "encrypted_file".

    This is the easyiest way you can use GPG. It can much more
    than that, e.g. you can create digitall signatures and
    encrypt your messages using public key crypto. gpg4win
    installs a graphical interface for GPG so you don't have to
    type instructions.

    Regards,
    cypher

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 8.1

    iQA/AwUBQ9ljmCPnLg7nPH4AEQKRsQCgwMrQE72R6MJJuFK86t+ma4V/QtwAnRz3
    ynEzp9fpeYDPtWntxKKlqvls
    =a2DB
    -----END PGP SIGNATURE-----
    cypher, Jan 27, 2006
    #15
  16. Fred

    Fred Guest

    All righty! Thanks, Cypher!

    "cypher" <> wrote in message
    news:drbo2f$ehe$...
    > -----BEGIN PGP SIGNED MESSAGE-----
    > Hash: SHA1
    >
    > "Fred" <> wrote in
    > news:gyaCf.11857$zh2.9259@trnddc01:
    >
    > > Thanks. Are any of these setup so that I can enter my own
    > > password which is used for scrambling the bits and bites?

    >
    > After installing 7zip right click on the file and choose
    > 7zip/add to archive, in new window just enter password
    > (additionally selecting "encrypt file names" is a good
    > choice) , hit OK and that's all.
    >
    > In GPG for encrypting (symmetric):
    >
    > gpg -c -o encrypted_file file_for_encryption
    >
    > GPG will ask you for a passphrase and create encrypted output
    > file named "encrypted_file" from "normal" (plaintext)
    > unencrypted file named "file_for_encryption".
    >
    > For decryption type:
    >
    > gpg -d -o decrypted_file encrypted_file
    >
    > GPG will ask you for a passphrase and decrypt
    > "encrypted_file".
    >
    > This is the easyiest way you can use GPG. It can much more
    > than that, e.g. you can create digitall signatures and
    > encrypt your messages using public key crypto. gpg4win
    > installs a graphical interface for GPG so you don't have to
    > type instructions.
    >
    > Regards,
    > cypher
    >
    > -----BEGIN PGP SIGNATURE-----
    > Version: PGP 8.1
    >
    > iQA/AwUBQ9ljmCPnLg7nPH4AEQKRsQCgwMrQE72R6MJJuFK86t+ma4V/QtwAnRz3
    > ynEzp9fpeYDPtWntxKKlqvls
    > =a2DB
    > -----END PGP SIGNATURE-----
    Fred, Jan 27, 2006
    #16
  17. Fred

    Jeff B Guest

    Email filters is a *major* consideration.
    Many companies will discard attachments such as *.zip, *.rar for the
    reason of the exposure to executables.

    Using a straight encryption technique like the PGP family, the data is
    not an attachment, but inline text as shown in this thread

    IMO, use the tools for the purpose intended is straight forward and
    ususally simple to learn.

    Your milage may vary :)


    --
    ---
    Jeff B (remove the No-Spam to reply)
    Jeff B, Jan 27, 2006
    #17
  18. Fred

    Fred Guest

    Thanks. Sounds good to me. Is there a 'beginners guide' to PGP where I get
    up to speed on it?

    "Jeff B" <> wrote in message
    news:...
    > Email filters is a *major* consideration.
    > Many companies will discard attachments such as *.zip, *.rar for the
    > reason of the exposure to executables.
    >
    > Using a straight encryption technique like the PGP family, the data is
    > not an attachment, but inline text as shown in this thread
    >
    > IMO, use the tools for the purpose intended is straight forward and
    > ususally simple to learn.
    >
    > Your milage may vary :)
    >
    >
    > --
    > ---
    > Jeff B (remove the No-Spam to reply)
    Fred, Jan 29, 2006
    #18
  19. Fred

    Jeff B Guest

    Fred wrote:
    > Thanks. Sounds good to me. Is there a 'beginners guide' to PGP where I get
    > up to speed on it?
    >


    google for: OpenSource PGP


    >>--
    >>---
    >>Jeff B (remove the No-Spam to reply)

    >
    >
    >



    --
    ---
    Jeff B (remove the No-Spam to reply)
    Jeff B, Jan 31, 2006
    #19
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Steve Knight

    I need a good simple file/folder encryption app

    Steve Knight, Nov 10, 2003, in forum: Computer Support
    Replies:
    3
    Views:
    563
    Steve Knight
    Nov 11, 2003
  2. =?iso-8859-1?Q?-=3D|__=28=BAL=BA=29__|=3D-____o=3D

    Which hard drive encryption program has the strongest tested encryption & security?

    =?iso-8859-1?Q?-=3D|__=28=BAL=BA=29__|=3D-____o=3D, Sep 24, 2004, in forum: Computer Security
    Replies:
    6
    Views:
    3,843
    Kornholio
    Feb 20, 2008
  3. Johnny

    Best free encryption method?

    Johnny, Nov 14, 2004, in forum: Computer Security
    Replies:
    9
    Views:
    2,652
    winged
    Dec 14, 2004
  4. Murray R. Van Luyn

    Simple e-mail encryption.

    Murray R. Van Luyn, Jul 11, 2005, in forum: Computer Security
    Replies:
    14
    Views:
    655
    Murray R. Van Luyn
    Jul 26, 2005
  5. Giuen
    Replies:
    0
    Views:
    874
    Giuen
    Sep 12, 2008
Loading...

Share This Page