Looking for transparent encryption software

Posted on 2007-08-09
Medium Priority
Last Modified: 2012-05-05
We are running Exchange Server 2003 with 100 mailboxes.  We  need to find an encryption product that can be used with the global address list & with internet recepients.  We want it to be transparent to the clients & customers - meaning no exchange of public keys or 3rd party certificates.  Does anyone have any suggestions?
Question by:Snitz

Expert Comment

ID: 19662755
look at this website http://www.slipstick.com/addins/security.htm

PGP (Pretty Good Privacy) encryption uses public / private key sets to encrypt and de-crypt emails. http://www.pgp.com/.  

Thay been around for a few yrs, but it is very hard to implement.

LVL 33

Expert Comment

by:Dave Howe
ID: 19671413
 There are really only two standards for transparently encrypted mail, and unfortunately both of them require the *recipient* to take steps to obtain a decryption key; there are a few solutions that don't require this, but those invariably involve clicking a link that takes you to a website where the decryption takes place (not a good move; if its important enough to encrypt, its important enough you don't want the decryption to take place on someone else's machine)

  Those are PGP (aka GPG) and s/mime (which uses the same technology used for https websites)

  For oneshots, you can make a self-decrypting archive; a good tool for this is the completely free 7-zip (http://www.7-zip.org/) - Downside is that the SDA is an executable file; you don't need to run it (a copy of 7-zip can decrypt it too) but its still a .exe so email systems will be hostile to it, and of course this involves several manual steps (you must create a document (.txt or more probably .doc), zip it with 7-zip, attach it to an email, then the recipient run it, have it extract the file to somewhere, then open the file.

Accepted Solution

dworlton earned 1000 total points
ID: 19708930
What you are looking for does not exist. Encryption requires some kind of tokens(keys or certs) to be exchanged to ensure that the correct parties can access the encrypted files and others can not.

DaveHowe is right about the two options available and webmail solutions, but I would go one step farther in saying that webmail is not viable at all since anyone can get the plaintext e-mail with the link and go to the site. If the fraudulent person gets there first they can create the initial password and gain access to the mailbox. This could be avoided if you set up the password on the webmail boxfor the recipient, but then you are exchanging passwords instead of certs or keys (honestly not any easier and less secure).

Also, I would put my money on PGP as the more secure solution, and is mild to setup, transfer keys, etc. My company has at least 1000 people worldwide using messaging encryption with PGP including connections with suppliers and lawyers, and it really isn't that difficult. You should reconsider your decision to avoid key or certs.

Expert Comment

ID: 20212106
Forced accept.

EE Admin

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is about my experience upgrading my consulting machine to Windows 10 Version 1709 (The Fall 2017 Creator Update)
Eseutil Hard Recovery is part of exchange tool and ensures Exchange mailbox data recovery when mailbox gets corrupt due to some problem on Exchange server.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
Suggested Courses

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question