Kevin Robinson
asked on
Encrypted Email
Could someone please explain a little bit about encrypted email. Before I explain I am NOTlooking for code I just need a bit of technical description about how this might work.
I have written a web application that sends an email to a specific client (can be 1 of 15). I need to change it to encrypt the email. So the email is encrypted and stays encrypted until it is recieved buy the client.
I have purchaced a Secure Certificate. Am I right in thinking that the certificate must also be added to each offices outlook. Can the same certificate be used in all 15 offices to decrypt..
I have written a web application that sends an email to a specific client (can be 1 of 15). I need to change it to encrypt the email. So the email is encrypted and stays encrypted until it is recieved buy the client.
I have purchaced a Secure Certificate. Am I right in thinking that the certificate must also be added to each offices outlook. Can the same certificate be used in all 15 offices to decrypt..
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
pfx and cer
*.pfx certificate contains the public/private key and *.cer only contains the public key, so *.pfx is able to sign and encrypt email, but *.cer is used to encrypted email only. *.pfx and *.cert can be exported by "Control Pannel"->"Internet Options"->"Content"->"Cert
-rich
*.pfx certificate contains the public/private key and *.cer only contains the public key, so *.pfx is able to sign and encrypt email, but *.cer is used to encrypted email only. *.pfx and *.cert can be exported by "Control Pannel"->"Internet Options"->"Content"->"Cert
-rich
ASKER
Do I create a pfx file from the cer file?
You can, the cert (cer) is typically all that needs to be exchanged, your private key needs to stay private, you only need to share the public cert for emails to be exchanged and checked for authenticity. http://support.microsoft.com/?kbid=179380 http://support.microsoft.com/kb/168726/EN-US/
http://www.microsoft.com/technet/security/topics/cryptographyetc/certs.mspx#ECHAC
You can see why folks typically use the PGP/GPG style of signing (the image I linked to earlier) where a hash is present at the bottom of the message.
http://www.gnupg.org/(en)/documentation/howtos.html
-rich
http://www.microsoft.com/technet/security/topics/cryptographyetc/certs.mspx#ECHAC
You can see why folks typically use the PGP/GPG style of signing (the image I linked to earlier) where a hash is present at the bottom of the message.
http://www.gnupg.org/(en)/documentation/howtos.html
-rich
ASKER
I sent a support question to the company that I bought the certificate from. I explained my situation and yhey said that I do not need to do anything else. Because my certificate is installed on the site the emails that are sent out are already encrypted. But is this not just SSL
Support Quote.
==========
"You dont need any different SSL certificates for this. Since you have installed the SSL certificate on your Email server, which inturn sends the Emails through your secured webpage, the outgoing Emails should be sent secured."
I got this from anouther site
=====================
VERY IMPORTANT: SSL encryption is only in effect when the email is in transit between the server and the desktop client.
When your mail is sitting on the email server it is not encrypted: once the message gets to the server over an SSL link, it sits in the mail queues on the server in clear text
Support Quote.
==========
"You dont need any different SSL certificates for this. Since you have installed the SSL certificate on your Email server, which inturn sends the Emails through your secured webpage, the outgoing Emails should be sent secured."
I got this from anouther site
=====================
VERY IMPORTANT: SSL encryption is only in effect when the email is in transit between the server and the desktop client.
When your mail is sitting on the email server it is not encrypted: once the message gets to the server over an SSL link, it sits in the mail queues on the server in clear text
The last bit is true enough, nothing to worry about there, the email has to be plain-text sometime...
You can open an email sent from your software and look at it's properties to see if it was sent encrypted. You could also use a sniffer like ethereal ot wireshark to see if you can see the contents of the body of the email.
-rich
You can open an email sent from your software and look at it's properties to see if it was sent encrypted. You could also use a sniffer like ethereal ot wireshark to see if you can see the contents of the body of the email.
-rich
With regards to the mail on the server the use of sensible ACL's (along with all the other standard security practices such as managing physical access to the server etc) on all exchange related directories will prevent unauthorised access to the mails.
cheers
Kevin
cheers
Kevin
ASKER
How exactly do I create a public private key pair from the certificate?
ASKER
I have a certificate (.cer file). What then is a pfx.file?