[thelist] Encrypting E-Mail From Server
Joshua Olson
joshua at waetech.com
Mon Dec 9 07:35:01 CST 2002
----- Original Message -----
From: "Abhay S. Kushwaha" <abhayk at netsolutionsindia.com>
Sent: Monday, December 09, 2002 7:07 AM
> The user goes to a SSL site.
> There he fills a form that is e-mailed to site owner.
>
> How do I encrypt this e-mail using the PGP public key of site owner?
My experience with trying to encrypt server generated email with PGP failed
miserably. I tried to use the PGP implementation found at:
http://www.pgpi.org/
The technique I tried to do was to write the email body out to a text file,
use the PGP program to encrypt the text file, then use the encrypted email
as the email body that I send out. The problem I had was with the random
number generator for the command line version of the software. Normally,
the software monitors keystrokes and mouse movements over time to generate a
random number. When there is no KB or mouse activity, the software prompts
for keystrokes at the keyboard when an encryption request is made. Since I
was trying to run this at a server, there was no way to get keystrokes or
mouse movements recorded over time and no way to force keystrokes into the
KB buffer that would satiate the software. The result was that the software
would hang every time. It was a bear to troubleshoot, but it made sense in
the end.
This was an older version of the software I tried to do this with and your
results may vary with a newer version or a different implementation of PGP.
Here is a list of other technologies that may be of assistance to you:
IIS/CDO - secure email
http://www.15seconds.com/focus/email.htm - list of email tools
Google.com - use search phrases such as "secure email", "secure smtp"
> Is any other alternative available? The idea is to encrypt the mail
> from the SSL server to the site owner.
One technique I've used in the past for _this_ purpose is to keep the email
on the server in the database and generate an email to the site owner that
includes an https link back to a url that pulls up the email on-screen.
Employ some sort of security system (using built-in webserver security or
roll your own login) and you're in business.
Good luck,
-joshua
More information about the thelist
mailing list