[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gpgtools-users
Subject:    Re: [gpgtools-users] Open received messages only
From:       Charly Avital <shavital () mac ! com>
Date:       2011-02-23 20:40:07
Message-ID: 4D6570A7.30008 () mac ! com
[Download RAW message or body]

Jason Hawke wrote the following on 2/23/11 1:06 PM:
> We are signing up for an online fax service which offers two secure
> notification options :
> 
> One, is that they will send a link notification which then requires
> you to log into the web site to retrieve the fax.

That will only require a username and a password to log into the web site.

That's not so hot as far as security and privacy are concerned.

> Two, is that you can enter your public key into your account at the
> site and they will send you the fax as an attachment using your key.
> This is obviously more convenient.

More secure.

Do you know whether they are going to encrypt *only* the attachment (the
fax file), or both the notification (an e-mail) itself and the attachment?

The e-mail itself does not need to contain any text at all. It may
contain some administrative text.
> 
> We are using Apple Mail under 10.6.6.  Is this project what we are
> looking for to accomplish ONLY this task?  We do not need to encrypt
> to send . . . just need to create a public key and OPEN the messages
> sent to us by this single site.

In order to create a key pair: public key (for the fax service to
encrypt your fax), and secret key for you to decrypt it, you need to
have an encryption system installed.
GPGTools will install MacGPG2.

Then you need an interface to that encryption system to instruct it to
create the key pair. If you do not want to use the Terminal for that,
then you need GPGKeychain Access, that will be installed by GPGTools.

GPGKeychain Access will enable you to export to your computer your
public key keyblock, in order to send it to the fax service.

GPGKeychain Access will also enable you to administrate your public key
ring and your secret key ring (each will contain only one part of the
key pair), e.g. create a revocation certificate that you will store in a
secure place (preferably out of your computer) in case you need to
revoke your public key (if it gets compromised), and to generate a new
key pair.


Finally, in order to use Apple Mail to decrypt the attachment (the fax
file itself), you will need GPGMail. GPGTools will install the module
that will enable Apple Mail to interact with MacGPG2.

You have to ascertain with that fax service that when they send you the
e-mail with the attached fax file, they will encrypt first and foremost
the fax file itself, and not only the e-mail.

Best regards,
Charly

_______________________________________________
gpgtools-users mailing list
gpgtools-users@lists.gpgtools.org
FAQ: http://www.gpgtools.org/faq.html
Changes: http://lists.gpgtools.org/mailman/listinfo/gpgtools-users
Unsubscribe: http://lists.gpgtools.org/mailman/options/gpgtools-users/gpgtools-users@marc.info?unsub=Unsubscribe&unsubconfirm=1


This email sent to: gpgtools-users@marc.info


[prev in list] [next in list] [prev in thread] [next in thread]