|
|
|
Hi, if I wanted to transfer via email securely some files, say Excel or Words files etc, apart from passwording them what would be my further options?
Can one lease a secure line [SSL!] and get an accompanying certificate? What about encryption? I'm really looking for a realistic solution that doesn't involve thousand's of
|
|
|
|
VPN
|
|
|
|
How much ?
How often ?
How secure ?
|
|
Register (or login) on our website and you will not see this ad.
|
|
|
|
Special Delivery on a floppy or CD! It would arrive before you get an affordable answer here to do it by email.
|
|
|
It depends if you want the transfer transaction be secure, or if you want the actual file content to be encrypted after it has been sent and received.
SSL/TLS is a cheap and cheerful option, it doesn't encrypt the actual file content, just the SMTP transaction between the sending and receiving mail server.
Likewise you could use something like PGP to encrypt the files and send them via regular "plain text" SMTP and assume that even if someone did somehow sniff the transaction the file contents are encrypted.
cheers,
Paul
--
paul <at> spamcop.net
|
|
|
|
Easiest and one of the most secure ways is to use PGP. If you want to send regularly then the recipient needs PGP and a key (created by PGP on installation). For occasional stuff, you can create a self-extracting encrypted file, and you need to communicate a password by other means (eg: text it).
Alternatively, create an encrypted zip archive of the files. Again you will need to transfer the password independently.
|
|
|
|
It depends if you want the transfer transaction be secure, or if you want the actual file content to be encrypted after it has been sent and received.
A secure transaction was my first thought but I have no knowledge in this area - any useful inks would appreciated.
Likewise you could use something like PGP to encrypt the files and send them via regular "plain text" SMTP and assume that even if someone did somehow sniff the transaction the file contents are encrypted.
But this I suspect will be the most appropriate option - I have looked at PGP in the past and if I get no joy from my previous few lines I'll look again.
Thank you - Blue
|
|
|
If it has to be email look into SSL/TLS for whatever server software you are using.
FTP with SSL is another option and is pretty simple to setup.
I haven't played around much with PGP but if you reach the point where you have encrypted files and transfer them via one of the methods above, I'd suggest you've ruled out most problems and would be in the position where human factors are the most likely concern i.e. people leaving passwords/phrases lying around.
cheers,
Paul
--
paul <at> spamcop.net
|
|
|
In reply to:
i.e. people leaving passwords/phrases lying around.
One of the reasons that PGP is one of the most secure is that if you use it with keys then there are no password/phrases that need to be transferred. The decrypt key need never leave the recipients computer.
|
|
|
Yes but if the user, for example, has a blank password to their computer, then presumably their uber secure PGP key isn't too difficult to copy off and then you become, to all intents, that person so far as access to encrypted files don't you?
I'm not suggesting it's likely, just something for the OP to consider as if the data truly is sensitive there are factors outside of simply getting the files from A to B securely.
cheers,
Paul
--
paul <at> spamcop.net
|
|
|
|
The decrypt key is itself encrypted. Admittedly the weak point is the passphrase used by the recipient to decrypt this, but as this never needs communicating to anybody then this is a rather more secure system than a shared passphrase.
|
|
|
Ah sorry I misunderstood, so you still need a password/phrase to decrypt the files once you receive them, but that password/phrase is for your PGP key rather than for the file itself? i.e. if you intercepted the files you would also need BOTH the recipients key, and their password/phrase to get anywhere?
cheers,
Paul
--
paul <at> spamcop.net
|
|
|
|
Exactly.
|
|
|
Thunderbird + Enigmail is an easy-to-use pgp (or do I mean gpg?) implementation. Or you can look at x509 certificates to use with Oulook etc.
______________________________________________________________________
http://www.vfast.co.uk/ - 2 Mbps symmetrical via fixed-link wireless
|
|
|
|
Hi, what exactly are these Or you can look at x509 certificates to use with Oulook etc if I may?
Is it possible to send encrypted data from my end and not have to have any specialist software on the receivers end, but just a key / code of some sort?
Thanks as always - Blue
|
|
|
GIYF!
http://en.wikipedia.org/wiki/X.509
I haven't used these for a while, but IIRC, Outlook and OE have the ability to use these ready built-in. The recipient needs to have a key pair, and you use his public key to encrypt the email. He deciphers it (automatically, in Outlook) using his private key.
At the time I was playing with these, you could get these keys free from Thawte (since acquired by Verisign), amongst others. I've switched to the thunderbird/enigmail combination as I don't like MS's email products.
PGP/GPG is similar, and open-source, but you generally need an add-on to use it, which may deter some users.
Most of these certificate systems support a "web of trust" scheme, whereby users meet and vouch for each other and therefore you can be reasonably certain that an encrypted or signed message has genuinely come from who it says it has. This is probably not a great concern to you, as you already know who your correspondent will be.
______________________________________________________________________
http://www.vfast.co.uk/ - 2 Mbps symmetrical via fixed-link wireless
|
|
|
|
Thanks for all your help and guidance, and the other posters as well.
Blue
|
|
|
Yepp,
Have a look at Comodo at www.instantssl.com for a free certificate to allow you to digitally sign and encrypt mails.
Trusted certificates for free there.
|