• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 252
  • Last Modified:

Looking for transparent encryption software

We are running Exchange Server 2003 with 100 mailboxes.  We  need to find an encryption product that can be used with the global address list & with internet recepients.  We want it to be transparent to the clients & customers - meaning no exchange of public keys or 3rd party certificates.  Does anyone have any suggestions?
1 Solution
look at this website http://www.slipstick.com/addins/security.htm

PGP (Pretty Good Privacy) encryption uses public / private key sets to encrypt and de-crypt emails. http://www.pgp.com/.  

Thay been around for a few yrs, but it is very hard to implement.

Dave HoweSoftware and Hardware EngineerCommented:
 There are really only two standards for transparently encrypted mail, and unfortunately both of them require the *recipient* to take steps to obtain a decryption key; there are a few solutions that don't require this, but those invariably involve clicking a link that takes you to a website where the decryption takes place (not a good move; if its important enough to encrypt, its important enough you don't want the decryption to take place on someone else's machine)

  Those are PGP (aka GPG) and s/mime (which uses the same technology used for https websites)

  For oneshots, you can make a self-decrypting archive; a good tool for this is the completely free 7-zip (http://www.7-zip.org/) - Downside is that the SDA is an executable file; you don't need to run it (a copy of 7-zip can decrypt it too) but its still a .exe so email systems will be hostile to it, and of course this involves several manual steps (you must create a document (.txt or more probably .doc), zip it with 7-zip, attach it to an email, then the recipient run it, have it extract the file to somewhere, then open the file.
What you are looking for does not exist. Encryption requires some kind of tokens(keys or certs) to be exchanged to ensure that the correct parties can access the encrypted files and others can not.

DaveHowe is right about the two options available and webmail solutions, but I would go one step farther in saying that webmail is not viable at all since anyone can get the plaintext e-mail with the link and go to the site. If the fraudulent person gets there first they can create the initial password and gain access to the mailbox. This could be avoided if you set up the password on the webmail boxfor the recipient, but then you are exchanging passwords instead of certs or keys (honestly not any easier and less secure).

Also, I would put my money on PGP as the more secure solution, and is mild to setup, transfer keys, etc. My company has at least 1000 people worldwide using messaging encryption with PGP including connections with suppliers and lawyers, and it really isn't that difficult. You should reconsider your decision to avoid key or certs.
Forced accept.

EE Admin
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now