Results 1 to 4 of 4
  1. #1
    5 Star Lounger
    Join Date
    Jan 2001
    Location
    austin, Texas, USA
    Posts
    1,029
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Encrypting e-mail in ASP

    I've been looking around a little about this and now find myself a bit puzzled. Let me explain the basic set-up:

    I have designed a webform that uses CDONTS to send an e-mail to X, Y or Z depending on the selections in the form. I need to make sure the information is encrypted from the point the form generates the e-mail and gets (easily!!) descrypted when it hits the mailbox. All of this is ASP classic, Win2K, Exchange Server. and I have access to the actual machines which will be recieving the e-mails.

    I found a partial solution -- a company called Cipher distributes a free widget that stashes a Private Key in you machine and encrypts/decrypts on the fly using most any mail client. Cool enough, but how do I get the webform to send an encrypted message in the first place? Methinks I will need to set up a private key/public key generator on the webserver hosting the webform so the e-mail text stream is scrambled and I can then set up appropriate private keys on the desktop machines expected to recieve the e-mails. it seems to me there should be a way to roll-your-own solution to this (but it will require installing some stuff on the webserver!), so I am not sure what exactly the obstacles might be here.

    FWIW, the Cipher solution is a little draconian, in that once you have it in place, it wants to encrypt/decrypt all your e-mail, which will mean I'd have to set up special mail addresses for this project (probably not that hard), but methinks the webform e-mail will certainly not be encrypted on the send-out.

    Does anyone have any experience with this sort of thing??? Ideally, what I'd like to do is this:

    1. Set up a webform that encrypts using a private key and public key previously generated
    2. Set up each target machine to have corresponding private keys to handle the common public key

    Both the webserver and the host machine need to be running some kind of PGP daemon to handle expected encrypted e-mails. What I'd like is something small, easy to install and unobtrusive so people won't freak out when I ask to set up a config on the webserver.

    Any ideas??

    TIA

    <img src=/S/compute.gif border=0 alt=compute width=40 height=20>

  2. #2
    Silver Lounger
    Join Date
    Jan 2001
    Location
    Indianapolis, Indiana, USA
    Posts
    1,862
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Encrypting e-mail in ASP

    I don't have an easy answer for your exact question, but I do have a suggestion for an alternate way of handling the situation.

    Rather than sending emails, why not just encrypt the message, store it in a database, then alert the user that a new message exists (much like the Lounge does with its private messages). Finally, have the user visit a secured web page that decrypts the message. That way, you have full control of the sensitive data at all times. It's never sent out via email and you don't have to worry about hijacking an email client with a decrypting mechanism or modifying a server configuration.

    Just my 2 cents <img src=/S/2cents.gif border=0 alt=2cents width=15 height=15>

  3. #3
    5 Star Lounger
    Join Date
    Jan 2001
    Location
    austin, Texas, USA
    Posts
    1,029
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Encrypting e-mail in ASP

    Well, I've done just that in another project -- used https:// to send info including a page under https to pull the data from teh db. turns out that this project is plenty ameniable to the same strategy so, unless you see something off in the use of SSL for web data, guess that's what I'll do. There's just ONE article on the webbernet that address PGP with ASP/CDONTS and it also requires config on the webserver, which after all makes sense... Unless you can implement the entire PGP logic in ASP! I ain't gonna do that for the amount of $$ they pay me here...

    thanks for the <img src=/S/2cents.gif border=0 alt=2cents width=15 height=15>

    BTW, do you know how SSL works basically? I could research it of course, but just curious....

    sps

  4. #4
    Silver Lounger
    Join Date
    Jan 2001
    Location
    Indianapolis, Indiana, USA
    Posts
    1,862
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Encrypting e-mail in ASP

    Depending on how sensitive these messages are, I would also recommend encrypting them before storing them in the database. That will insure that no unauthorized eyes will see the data. You should be able to find a component that offers Encrypt() and Decrypt() methods. I'm sure you'll also need to pass in a public and/or private key for this purpose. The SSL will only protect the data as it passes from the web server to the browser.

    If you were using .NET, I could offer some suggestions from experience. But I've never used encryption with classic ASP (a.k.a. COM objects).

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •