Security Basics mailing list archives
Re: Encrypted emails
From: Kinnell <kinnell.t () gmail com>
Date: Thu, 10 Mar 2005 13:08:35 -0600
The basic idea for this key encryption is: When you want to encrypt a message to a client, a client or key authority gives you a key to encrypt with. So at this point we can encrypt a new key for this conversation("session key") with client's public key, the client can then decrypt this "session key" with it's private key. To further ensure secure communication the client can then encrypt an answer back to the sender with the sender's public key, and once received and acknowledged then both sides can now use the "session key" to encrypt this communication. That is the basic method, however we can take further steps to make sure that the key cannot be grabbed from mid-transmission by using more keys and encrypting sequence #s into the messages.. The PKI could become a nightmare, but I really doubt that if done right. I would love to hear some horror stories though if anyone on the list would care to share :) -Kinnell On Wed, 9 Mar 2005 13:29:35 -0800 (PST), John Madden <chiwawa999 () yahoo com> wrote:
Hi, Looking at the potential deployment and solutions for encrypted emails i had a few questions. What do large organization do to ensure that email are securely transfered with a partner/customer for sensitive data ? Using public/private keys seems like a whole lot of problems... - How do you exchange keys ? Manually ? This might be ok for a couple of recipient but can you imagine hundreds/thousunds at different companies... - PKI, having to deal with the infrastructure could be a nightmare. - Employees learning curve.... Are companies using an encryption software that will encrypt the messages/attachments and transmit the password to decrypt by phone ? I would like your comments/suggestions. Thanks John __________________________________ Celebrate Yahoo!'s 10th Birthday! Yahoo! Netrospective: 100 Moments of the Web http://birthday.yahoo.com/netrospective/
Current thread:
- Encrypted emails John Madden (Mar 10)
- Re: Encrypted emails Kinnell (Mar 10)
- Re: Encrypted emails Zachary Mutrux (Mar 10)
- Re: Encrypted emails Vinay Patel (Mar 10)
- RE: Encrypted emails Craig Searle (Mar 11)
- Re: Encrypted emails Derek Nash (Mar 11)
- <Possible follow-ups>
- Re: Encrypted emails Eric McCarty (Mar 10)
- RE: Encrypted emails Locher Thomas (Mar 11)
- Re: Encrypted emails tod (Mar 11)
- RE: Encrypted emails dave kleiman (Mar 14)
- Re: Encrypted emails Nathaniel Hall (Mar 14)
- RE: Encrypted emails Dr. S. A. Vetha Manickam (Mar 14)