https or encryption + mail

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I would like to send email securely using free Yahoo mail

Additional Details

I would like to able to send information to companies, on an
occasional basis, where it would be best if the information was

What is needed is something simple where the companies can easily read
the mail.

For example, if I could encrypt the message attachment and they could
click on it, provide a password, and then read the mail.

Since the companies know my email address, it would be necessary for
me to use my usual web mailer.


Ps. The facility should be free

Re: https or encryption + mail

Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline


The subject is problematic. If you need to exchange encrypted
information with someone, the receiving party should be aware of the
fact you will use cryptography to communicate with them. If this
prerequisite is met, you can start thinking of sending secure email.=20

The first problem you will encounter is to choose the encryption
algorithm. Basically you can choose between asymmetric and symmetric
encryption. In both case, the next problem is to exchange keys.=20

If you agreed to choose symmetric encryption, both side will use the
same password. To share this key, you must use a secure communication
channel, or use a protocol like the Diffie-Hellman key exchange. Then,
find a program that can code plain-text with the chosen algorithm.
Copy the output to any mail client you want. Your partner will then
proceed backwards, using the program to decode.

In you choose asymmetric encryption, key exchange requires you to acquire
the public key of the receiver. The key can be passed through an
unsecured connection. Though you need to be able to assess that the key
comes from the right person (key is distributed on their website, or is
signed through web-of-trust mechanism, ...). Then a program like
GPG can be used to encrypt a mail using this public key. Only the person
owning the corresponding private key is able to decrypt.

Many desktop mail-client are now PGP/GPG enabled, but it still requires

In the same fashion, encryption is possible using certificates. Look at
S/Mime for more information

In conclusion, it is very difficult to initiate a secured conversation
by mail with someone who does not expect it. By the way, it is more than
probable that your contact do not have the required tools to decrypt
mail (and can't install them because of company policy, or user-rights
to do so).=20

Quoted text here. Click to load it
This adds more challenge. Since you will have to do the setup job
every time.=20

Quoted text here. Click to load it
This is a no-go too. In fact, if the company security manager did his
job, attachments are filtered and/or removed so as to prevent virus
infiltrations. Don't expect to be able to send binary files that

On a related topic, you can still send authenticated messages without
disrupting (too much) standard mailing. For example (you should see it
on this message) asymmetric cryptography allows you to sign messages. It
adds some information which allow someone with your public key to verify
that the message has really been sent by you. Eventually someone who is
not aware of digital signature can disregard signature information and
just read the message.

Hope it helps you.


Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature

Version: GnuPG v1.4.10 (GNU/Linux)



Re: https or encryption + mail

Quoted text here. Click to load it


Thanks for the information.

I planned only to send text files that contain personal or business

However, it seems that my idea of being able to send an encrypted
attachment that would contain, in the clear, a piece of information
that they would know (eg, use my product ID as password) so that they
could it as the password to open the attachment is not an option.

I realise the the attachment would need to contain a facility to open
the file.

Best wishes


Re: https or encryption + mail

Quoted text here. Click to load it


It has just occured to me that I could solve my problem by simply
creating a file in MS Word, then password protect it, and send this as
an attachment to an email. The email could contain a piece of
information that they, the company would know, e.g., my ID code, and
use this to open the Word document. In addition, most companies would
have MS Word. installed on their pc's

Good wishes.


Re: https or encryption + mail

Quoted text here. Click to load it

Another alternative is to send/provide the recipients a "password" in
advance, then send the recipients files in a pssword protected ZIP file.

Multi-AV Scanning Tool -

Re: https or encryption + mail

Quoted text here. Click to load it

Mike Easter tried to help you already.  Did you not understand what he
presented ?

Yahoo free means Yahoo webmail which doesn't support the signing and
encrypting of email.  You need an email client that supports PKI and an
email account providing POP/IMAP/SMTP.  MS Outlook, Outlook Express and
Winmail come to mind.

You will need a Personal Certificate issued by a Certificate Authority (CA).

Multi-AV Scanning Tool -

Re: https or encryption + mail


Https encrypts the communication between the Browser and the web page you
connect to.  It does not encrypt the email you create at that web page.

Multi-AV Scanning Tool -

Site Timeline