Security Basics mailing list archives

RE: Simple Effective Secure Email

From: LordInfidel () directionweb com
Date: Wed, 8 Sep 2004 16:35:48 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

What you want is PGP  (www.pgp.com), there are several versions.
You want the freeware version unless you are using exchange, then
you need the workgroup version.  I'm not sure if it works with
outlook express, but I can't see why it wouldn't.

Here's how it works:

For verification; you want to create a pgp key for each person and
then send that persons key (.asc file) to the people who will be
verifying the e-mail.  

for example, if you have pgp installed
if you go to
http://www.directionweb.com/downloads/certs/Lordinfidel.txt
and copy and paste my public key into a txt file and rename it .asc
which you then would import into your key ring.  Then you can verify
that my signature on this email is good, since you would know my public
key, hence you would know that I sent this e-mail.

For encryption; you would do the same thing as above, but instead of
signing it, you would encrypt it.  The recipient would not be able to
read the e-mail (it would like what you saw in the lordinfidel.txt
file, unless they A) had the public key and B) new the password used to
encrypt the file.

LordInfidel

To verify the digital signature on this bulletin, please download my
PGP key at http://www.directionweb.com/downloads/certs/lordinfidel.txt

- - -----Original Message-----
From: Steve [mailto:securityfocus () delahunty com]
Sent: Wednesday, September 08, 2004 3:19 PM
To: Michael B. Morell; security-basics () securityfocus com
Subject: Re: Simple Effective Secure Email


Several things.

Primarily so that when these people send email the recipient can
verify it
actually came from them.  Secondarily, less critical, so that if they
send
out an email they can ensure it can only be read by the intended
recipient.

STEVE

- - ----- Original Message ----- 
From: "Michael B. Morell" <MMorell () vdat com>
To: "'Steve'" <securityfocus () delahunty com>;
<security-basics () securityfocus com>
Sent: Wednesday, September 08, 2004 3:14 PM
Subject: RE: Simple Effective Secure Email


steve.... can you elaborate a little on what you mean?

Are you trying to make it so that when those handful of people send
out
e-mail that the recipient of the e-mail can only read it?

Or are you trying to protect those handful of people from themselves?

LordInfidel

- - -----Original Message-----
From: Steve [mailto:securityfocus () delahunty com]
Sent: Wednesday, September 08, 2004 9:43 AM
To: security-basics () securityfocus com
Subject: Simple Effective Secure Email


If you needed to secure a handfull of people to use their email
securely
what would you recommend?  Consider the email client to be Outlook
Express.
I was thinking some form of a personal cert but wanted to see about
experience from the security list (you folks).







- -
- ----------------------------------------------------------------------
- - -----
Computer Forensics Training at the InfoSec Institute. All of our
class sizes
are guaranteed to be 12 students or less to facilitate one-on-one
interaction with one of our expert instructors. Gain the in-demand
skills of
a certified computer examiner, learn to recover trace data left
behind by
fraud, theft, and cybercrime perpetrators. Discover the source of
computer
crime and abuse so that it never happens again.

http://www.infosecinstitute.com/courses/computer_forensics_training.ht
ml

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQA/AwUBQT9s6cMjh/jWwMgrEQKBvgCfcmQAT8n9cM2ONc2vcJbLl5I1XCIAnjgu
o62T/ws42HY7f5inRvh11jXG
=5XSF
-----END PGP SIGNATURE-----

---------------------------------------------------------------------------
Computer Forensics Training at the InfoSec Institute. All of our class sizes
are guaranteed to be 12 students or less to facilitate one-on-one
interaction with one of our expert instructors. Gain the in-demand skills of
a certified computer examiner, learn to recover trace data left behind by
fraud, theft, and cybercrime perpetrators. Discover the source of computer
crime and abuse so that it never happens again.

http://www.infosecinstitute.com/courses/computer_forensics_training.html
----------------------------------------------------------------------------

Current thread:

Simple Effective Secure Email Steve (Sep 08)
- Re: Simple Effective Secure Email Javier Blanque (Sep 08)
- Re: Simple Effective Secure Email Gabriel Orozco (Sep 08)
- Re: Simple Effective Secure Email Calvin Maready (Sep 08)
- <Possible follow-ups>
- RE: Simple Effective Secure Email Mark Medici (Sep 08)
- RE: Simple Effective Secure Email LordInfidel (Sep 08)
  - Re: Simple Effective Secure Email Steve (Sep 08)
  - RE: Simple Effective Secure Email Barrie Dempster (Sep 09)
    - Re: Simple Effective Secure Email Illya Knight (Sep 13)
  - RE: Simple Effective Secure Email Raoul Armfield (Sep 10)
    - RE: Simple Effective Secure Email Andrew Aris (Sep 13)
    - RE: Simple Effective Secure Email Jonathan Loh (Sep 13)
    - Definitions Mark Teicher (Sep 16)
    - Re: Definitions GuidoZ (Sep 18)
    - Re: Definitions Mark Teicher (Sep 17)
    - Re: Definitions GuidoZ (Sep 22)

(Thread continues...)