Comments for How do I send encrypted email?

Comment from Dave on 2008-09-23

2008-09-24T01:56:05Z

I would like to be able to use this program to send emails to and from my PDA. Is this possible? If so, can you please walk me through how to set this up. (I know nothing about programming).

Thank You,
Dave

]]>

A comment on: How do I send encrypted email?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Clint on 2008-07-23

2008-07-23T15:39:47Z

In the above section Encrypting Data you mentioned "There are ways to confirm and avoid this message: Use this key anyway? (y/N) y” Can you please provide more details?

Thanks,
Clint

It's been a while, but I believe the approach is that after you import the public key you sign it to confirm that it is what it claims to be. Check the GPG/PGP docs for more on this.

-Leo

]]>

A comment on: How do I send encrypted email?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Bob Janacek on 2008-02-26

2008-02-26T20:18:57Z

Or you can just use an service like http://www.certifiedmail.com and do away with key mumbo jumbo altogether.

And if you happen to have an X.509 certificate, you can still sign the message and send it to the recipient securely. The signing cert will be displayed to the recipient for non-repudiation, but the encryption happens without needing each recipient to have their own keys.

]]>

A comment on: How do I send encrypted email?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from RAGHUMADHULLA on 2007-08-16

2007-08-16T13:16:13Z

A LOT OF THANKS.REALLY IT IS EASILY UNDERSTANDABLE MANNER. IAM VERY PROUD TO VISIT YOUR SITE AND ALSO WILL BE LEARN MORE THINGS FROM YOUR SITE.VERRRRRRRRRY THANKS.

]]>

A comment on: How do I send encrypted email?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Ingo on 2007-04-04

2007-04-04T08:17:24Z

You can avoid the assurance or trust problem by adding " --always-trust" to the command when encrypting... worked for me anyway ;)

]]>

A comment on: How do I send encrypted email?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Matt on 2007-03-22

2007-03-22T13:46:49Z

This comment explains a way to avoid the message in the article stating "there is no assurance key belongs to the named user". Whether it is the "best" or even a good way is beyond my knowledge but I thought I would share what I have learned. As always with "all things secure", use at your liability!

I was receiving this message too when trying to use an imported public key from PGP (commercial "equivalent" of GnuPGP) on my GnuPGP machine. I ended up generating a key on GnuPGP and then "signing" the PGP key with my generated (and trusted) GnuPGP key with the following command:

gpg --sign-key "key name"

It prompted me with the following message:

"Are you sure that you want to sign this key with your key "my GnuPGP key name"

Really sign? (y/N)"

To which I responded "y".

To which it required the passphrase to unlock the secret key for my GnuPGP key.

To which I supplied.

I then ran the command to update my trust database:

gpg --update-trustdb

To which it found the PGP key (signed) but with no defined "trust" value. So it gave me the following:

"Please decide how far you trust this user to correctly verify other users' keys (by looking at passports, checking fingerprints from different sources, etc.)

1 = I don't know or won't say
2 = I do NOT trust
3 = I trust marginally
4 = I trust fully
s = skip this key
q = quit"

To which I answered (4) and was no longer prompted with the statement "...there is no assurance key belongs to the named user..."

Hope this helps others. If there's a way to do this without generating a local private key and using that to sign the public key and someone knows, please let me/us know.

Thanks.

]]>

A comment on: How do I send encrypted email?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Mark on 2007-02-15

2007-02-15T10:07:08Z

I've used GPG for a while to secure important data stored on my PC. I haven't really used it in earnest for email encryption, though. The main reason is that it's a bit too cumbersome for most people to use. I'm now advocating a product called Private Post (http://www.privatepost.com/) to my friends and customers. It is fairly easy to install, bolts into Outlook and Outlook Express and provides an Explorer extended menu for encrypting files etc. locally as well as in emails.

]]>

A comment on: How do I send encrypted email?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Leo Notenboom on 2007-02-09

2007-02-10T03:17:25Z

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

It's been a while since I did it, but if I recall correctly it involves:

- - making sure that you actually have the proper key

- - signing that key youself

Signing it essentially tells gpg that "yes, I've verified that they key
belongs to who it claims to".

Leo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)

iD8DBQFFzTkiCMEe9B/8oqERAqWfAJ9AEbgr3OvW6Xt0aXGavJCf0ydT1QCfRS0/
EnYiNJC91aX5gHNlCBx01RI=
=oHeH
-----END PGP SIGNATURE-----

]]>

A comment on: How do I send encrypted email?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Paul Tregunno on 2007-02-09

2007-02-09T16:35:19Z

You mentioned below that there are ways to avoid the question "use this key anyway?" when encrypting. I would appreciate further information on how:

Now they're ready to encrypt. That looks like this (encrypting the example file "example.xls"):

c:\>gpg -a --encrypt -r example@ask-leo.com example.xls
gpg: 1B917E56: There is no assurance this key belongs to the named user

pub 2048g/1B917E56 2006-03-08 Leo A. Notenboom
Primary key fingerprint: 8A4F 770F D037 D414 F4E6 B95C 6E89 72A3 874A 3EC1
Subkey fingerprint: 215A 55C8 C88A 2587 4E64 995C 5EFC 7E3F 1B91 7E56

It is NOT certain that the key belongs to the person named
in the user ID. If you *really* know what you are doing,
you may answer the next question with yes.

Use this key anyway? (y/N) y
Note the dire warning about making sure you know who's key you're dealing with. There are ways to confirm and avoid this message, but for now to keep things simple, we'll simply note that the Primary Key fingerprint listed here matches the fingerprint that was listed when you created the key, and answer "Yes".

]]>

A comment on: How do I send encrypted email?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Rodrigo on 2006-11-10

2006-11-10T17:06:27Z

Hi, can I avoid the message "It is NOT certain that the key belongs to the person named in the user ID. If you *really* know what you are doing, you may answer the next question with yes.
" on encrypt?

thanks

]]>

A comment on: How do I send encrypted email?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Christer on 2006-10-03

2006-10-03T13:51:20Z

You wrote:
Note the dire warning about making sure you know who's key you're dealing with. There are ways to confirm and avoid this message, but for now to keep things simple, we'll simply note that the Primary Key fingerprint listed here matches the fingerprint that was listed when you created the key, and answer "Yes".

How do I avoid the message?

]]>

A comment on: How do I send encrypted email?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Leo A. Notenboom on 2006-07-31

2006-07-31T23:46:49Z

You need to make sure that the directory that GPG.EXE is installed in is in your PATH, or if you don't know what that is, make sure that you CD (Change Directoru) to that directory. For example:

CD "\program files\gnupg"

if that's where the program is located, and then the gpg command should work from there.

]]>

A comment on: How do I send encrypted email?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Phil on 2006-07-31

2006-07-31T16:11:09Z

I don't know why, but I couldn't get Command Prompt to recognise 'gpg --gen-key'. I went to their sight(GnuPG) and non of the links that it looked like I needed to use seemed to work. I tryed for a long time too. Whats Up? I am new but I'm not totally brain dead... I hope. What am I doing wrong? I have been trying to work out this mail thing for way to long of a time. Hours of wasted time just going around in circles. Big Brother won't let us have private mail anymore? I am getting real bugged at Big Brother!

]]>

A comment on: How do I send encrypted email?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Leo A. Notenboom on 2006-03-09

2006-03-09T18:15:31Z

Thanks on the typo. Fixed.

And yes, you raise a recurring theme that applies to any and all computers and data: if it's not physically serure - it's not secure.

]]>

A comment on: How do I send encrypted email?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from John on 2006-03-09

2006-03-09T17:33:17Z

Just a typo...
"meaning that an authorized person gets a copy,"

I presume that you mean an UNauthorized person.
---
and a comment...

At the end of the day, your client could toss the data on a CD and hand it to the nice FedEx/UPS/Mail person.

Sensitive data is only as secret as the trust you put in the transfer medium.

]]>

A comment on: How do I send encrypted email?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Leo A. Notenboom on 2006-03-09

2006-03-09T17:05:54Z

Outlook and Outlook Express's security works fine, I'm sure. But it's not compatible, that I'm aware of, with other mailers or with GPP/PGP. The Outlook/OE solution has you purchasing digital certificates from Verisign, and using those to encrypt and/or sign your email.

PGP still exists, but they're also not free any more. GPG is a compatible, free, opensource alternative.

]]>

A comment on: How do I send encrypted email?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Rodney on 2006-03-09

2006-03-09T11:59:24Z

What about the encryption built inot Outlook Express under tools... options... security? Doesn't that work ok?

What ever happened to PGP? I know it was bought, discontinued then restarted. Has it been discontinued again?

Rodney

]]>

A comment on: How do I send encrypted email?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Leo on 2006-03-08

2006-03-08T21:36:01Z

Actually those are both *significantly* less secure. (Word in particular.)

]]>

A comment on: How do I send encrypted email?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Ronny on 2006-03-08

2006-03-08T21:33:08Z

You can avoid all this by putting the information in a zip file that is compressed with a password. It's less secure than the above but usually good enough. You can also put it in a Word document and save that with a password. This is less secure still but very easy.

To get the password to your client, just use the phone.

]]>

A comment on: How do I send encrypted email?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.