From: Per Jessen on
Bob McConnell wrote:

> These will be targeted emails for selected recipients, primarily in
> the Security and Public Safety offices. But they will be sent via
> public mail servers, so the content must be protected.

The question is - to what extent? You can use TLS for server-to-server=

encryption, which is easy, but if you need person-to-person encryption,=

I think your best option is still S/MIME.=20

> Knowing the first site where this would go for field trials, I suspec=
t
> most recipients are using some version of Microsoft Outlook. But othe=
r=20
> sites down the road are likely to have different clients. That end is=

> completely outside of my control or influence.=20

Use S/MIME. It's standard, and it's supported by e.g. both outlook and=

thunderbird.



--=20
Per Jessen, Z=C3=BCrich (18.1=C2=B0C)

From: Ross McKay on
On Tue, 21 Apr 2009 08:39:25 -0400, Bob McConnell wrote:

>I have been asked by a product manager what our options are for
>encrypting email messages with sensitive information. We are currently
>using PHPMailer to send email. What can be done to encrypt those
>messages? Can it be done without OOP?
>
>Server configuration:
> RHEL 5
> Apache 2.0
> PHP 5.2.3
> PHPMailer 1.73

Use S/MIME, and nearly all of your clients will be able to decrypt your
emails. There are a few exceptions: Fort� Agent still doesn't handle
S/MIME, and Eudora needs a plug-in to handle it. However, all mainstream
email programs support it directly, without need to install new
software.

You need to generate (or purchase - I prefer generate for free in
OpenSSL) email certificates for encrypting emails, then distribute the
certificates to allow people to decrypt them. Once they have the key,
the emails generally just automatically decrypt when you view them
(depending on the email program). NB: give your clients individual
certificates, and keep the public keys to encrypt the emails to them.

PHP has support for this, and it's easy to use:

http://au2.php.net/manual/en/function.openssl-pkcs7-encrypt.php

Apparently, PHPMailer supports it too so check that out.
--
Ross McKay, Toronto, NSW Australia
"Let the laddie play wi the knife - he'll learn"
- The Wee Book of Calvin