Securing e-mails

Forum Moderators: coopster

Message Too Old, No Replies

Securing e-mails

Encrypting the physical data

Bond007

8:45 pm on Feb 6, 2006 (gmt 0)

I have a form located on my site where the transmitted information needs to be secure (i.e. sensitive information). I am using the php mail() function through the SMTP server on Microsoft IIS 6.0 to deliver these messages to one specific e-mail address. I currently have SSL installed and located on the pages that house the forms however I need the email to be encrypted to the recipient and then for them to decrypt the information. Any ideas other than GNUPG? I'm thinking it would just be too big of a deal for them to install GNUPG and then run their CMD prompt to decrypt the messages everytime someone fills out a form. I would love it if someone knew a way to do it in Outlook Express or some other default email client.....Thanks!

StupidScript

12:45 am on Feb 7, 2006 (gmt 0)

Why not use GnuPG at the server (they'll never see it) and have the recipient install the PGP Freeware (v.8, I think) that will let them decrypt the messages in a GUI? Both are free ...

Bond007

2:07 pm on Feb 7, 2006 (gmt 0)

So PGP is easier to use? I'll look into it. Do you know of any ways to configure GNUPG to automatically take the file from the server when it is submitted, encrypt it, attach it to the SMTP outgoing mail, then send it? It will be an awful lot of work to manually do this every time a form is submitted. If you have ideas, let me know.
Thanks

StupidScript

6:07 pm on Feb 7, 2006 (gmt 0)

(Welcome to the forums, by the way. ;)

GnuPG is a command line program, so you'd simply pipe the mail content through it using whatever options you want and then return its output back to the mail routine as the message's content. The user receives the mail and then tells PGP Freeware to 'decrypt the current window'.

Voila.

Both are PGP products.

Are you on a shared server or do you have the authority to get into it's guts and set this up?

Bond007

7:38 pm on Feb 7, 2006 (gmt 0)

Thank you for the welcome...
I do have access to the "guts" as you call it, however I am having a hard time trying to configure this process to do it automatically so I don't have to run the command line myself everytime there is a form submission.

Do you know if GNUPG will decrypt the MCRYPT function in PHP? I am thinking that prior to sending the mail in my .php file I encrypt it using MCRYPT, send it, then have the user access a file or page that will do the decrypting for it. Let me know what you think.

Securing e-mails

Encrypting the physical data

Bond007

StupidScript

Bond007

StupidScript

Bond007

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week