Any help out there on encryption with OE? Do I need a digital signature. Are
there any that are free?

"Dennis_H" wrote in message
...
Any help out there on encryption with OE? Do I need a digital signature.
Are
there any that are free?


Thawte freemail certificates. The free ones only identify the e-mail
address of the user using the certificate and you have to go through their
web-of-trust mechanism to get more information added to the freemail cert.

--
__________________________________________________
Post replies to the newsgroup. Share with others.
For e-mail: Remove "NIX" and add "#VN" to Subject.
__________________________________________________

How difficult is it to encrypt something?

"Dennis_H" wrote:

Any help out there on encryption with OE? Do I need a digital signature. Are
there any that are free?

Buenas noches: *Dennis_H* escribió:
"Dennis_H" wrote:

Any help out there on encryption with OE? Do I need a digital signature.

There is a difference between signing and encrypting: For signing a
message digitally you need a digital ID for your e-mail address; in
order to encrypt a message you need the public key of a digital ID of
the _receipients_ e-mail address! Such a public key can be transmitted
by sending a digitally signed message.

How difficult is it to encrypt something?

If you have the key, just click the button in OE to encrypt the message. ;-)

Saludos
Roland
--
Probleme mit OE? Hier gibt es die Lösungen: http://oe-faq.de!

"Ein tüchtiger Feind bringt uns weiter
als ein Dutzend untüchtiger Freunde." (G. Gründgens)

"Dennis_H" wrote in message
...
How difficult is it to encrypt something?

"Dennis_H" wrote:

Any help out there on encryption with OE? Do I need a digital signature.
Are
there any that are free?


To sign a message (this is NOT the same as adding a signature text string at
the end of your message):

- Add the cert to your outbound message. It will include identification of
your cert (so others can do a lookup on it, automatically or manually, to
get info on the sender). It will also include your public key which will be
needed by anyone who wants to send you an encrypted message.

To encrypt a message:

- To send an encrypted message to someone else, you need that someone else's
public key (from their cert). That is because they will use their private
key to let them decrypt your message.

- To have someone else send you an encrypted message, you need to send them
your public key. They use your public key to encrypt their message and you
use your private key to decrypt it.

The public key is, well, public. You distribute it to whomever you want to
allow to send you encrypted messages. The public key cannot used by itself
to decrypt a message. The private key is required for decryption. You give
your public key to someone else by sending them a digitally signed message
(so it includes the cert with the public key). They then have to save and
use your public key. They cannot send you encrypted mails (that you can
decrypt) unless you gave them your public key.

Since you are divulging a key to the public (to the recipient and whomever
else may intercept the message or to whomever the recipient gives your
public key), obviously it would not be a secure mechanism if everyone could
use your public key to decrypt your messages. You keep your private key to
yourself and it is the second half of the pair of keys needed to decrypt a
message. If only one key were needed for encryption and decryption, how
could you give out that key and know that only you could decrypt a mail that
used that key? That's why 2 keys are needed that are paired together: the
public one you give out for others to encrypt messages that they send you
(and which allows no one to decrypt the message), and the private one that
you use to decrypt the message.

Once you get the certificate installed in your e-mail client, all you have
to do is select an option to encrypt your message using the recipient's
certificate that you must've saved from a prior digitally signed e-mail that
they sent to you. If you don't have their public key, you cannot encrypt a
message that you send to them. Once the cert is installed, you can
digitally sign any or all of your e-mails. Usually you get the option to
add the cert on a per-item basis or to enable a global option to always add
your cert to your outbound mails. There is usually little need to enable
the global option since it will be rare when you need or want to digitally
sign your outbound mails. The Thawte cert only provides identification by
e-mail address. The recipient still doesn't know who you are but only what
is your e-mail address, and what good is that e-mail only identification if
you are using a freebie Hotmail or Yahoo e-mail account which doesn't
require trackability (by following the money) or registration (other than a
confirmation e-mail)? Even if you buy a full cert that contains all your ID
details, or you use Thawte's web-of-trust mechanism to get more details
added, the info only shows what you claimed was true when you got the cert.
Certs are nice but they don't provide 100% proof of identity, but neither
does any other form of ID.

Adding a digital signature to every outbound e-mail adds bloat to each one.
There may also be lookup problems, like the recipient's e-mail client cannot
automatically find and query the CA (certificate authority) for your cert
and reports the problem which makes the recipient wonder about the
authenticity of your cert. Whether you always add a cert to your outbound
mails depends on whether the e-mail is for business or personal. It will be
infrequent when you use a cert for personal e-mails. The cert added for
business e-mails may not even identify you as the sender but is instead one
that was assigned to your company. You never divulged WHY you *think* you
need to encrypt your e-mails.

--
__________________________________________________
Post replies to the newsgroup. Share with others.
For e-mail: Remove "NIX" and add "#VN" to Subject.
__________________________________________________