Simple encryption method for email attachment

Simple encryption method for email attachment

Post by Fred » Thu, 26 Jan 2006 00:48:51


Ideally, I would like to find a program or other method to encrypt a file
for sending by email where I can choose a key (5-10 letter word etc) which I
can then give the receiving party by phone. Can anyone recommend a simple
way to encrypt a file to be sent by email?

Thanks.

Fred
 
 
 

Simple encryption method for email attachment

Post by nemo_outi » Thu, 26 Jan 2006 01:38:01

"Fred" < XXXX@XXXXX.COM > wrote in



Winrar

 
 
 

Simple encryption method for email attachment

Post by Borked Pse » Thu, 26 Jan 2006 02:52:02


PGP does both "conventional encryption" where the file is encrypted to a
pass phrase only, and a nifty feature called SDA or (S)elf (D)ecrypting
(A)rchive where you sent the recipient a file containing everything they
need to decrypt the file including the "executable program" itself. IOW,
all they need is the pass phrase you'd supply over the phone, they
wouldn't even have to install PGP if they didn't want to.

Plus, PGP is widely used so it's more likely to interface with more email
clients in easier ways, and you'll have an easier time getting help if
you're having trouble understanding something. How ideal is that? ;)
 
 
 

Simple encryption method for email attachment

Post by TwistyCree » Thu, 26 Jan 2006 03:11:49


Thought about suggesting something like that, but last I knew (ages ago)
the "encryption" methods implemented in archivers were a little on the
weak side. To be polite about it. It's certainly possible that's changed,
but I still believe using the "proper tool" applies. Email integration
would obviously make usage easier, and easier means it's less likely to be
abused or ignored. ;)

An aside.... can WinRAR or even the current version of WinZip generate
the "SFX" archives that command line versions of PKZip did/do?
 
 
 

Simple encryption method for email attachment

Post by nemo_outi » Thu, 26 Jan 2006 03:44:39

TwistyCreek < XXXX@XXXXX.COM > wrote in






Winrar uses 128-bit AES which is plenty strong (older pkzip encryption is
much weaker). And, yes, Winrar supports SFX (Warning: some email filters
may reject executable attachments).

Regards,
 
 
 

Simple encryption method for email attachment

Post by Borked Pse » Thu, 26 Jan 2006 05:19:25


I could probably debate the "plenty strong" part by pointing out that it's
even easier to use an integrated solution (PGP email plugin) that doubles
the bits by default and does the compression anyway, not to mention
adds the element of more secure integrity checking and usable
authentication, but I won't. <g>

It's been a looooong while since I used any of them, thanks for the
clarification. It was older (2.04g?) versions of PKZip I was thinking
about. I even found a paper I wrote on the subject some 15 years ago. :)


Good deal. I agree with the executable attachments warning. It's always a
good idea to send a companion message to ANY message with a valuable
attachment in it giving the recipient a heads up. That way they can let
you know if the attachment doesn't show.
 
 
 

Simple encryption method for email attachment

Post by nemo_outi » Thu, 26 Jan 2006 06:26:29

Borked Pseudo Mailed < XXXX@XXXXX.COM > wrote in



...snip...


The appeal of winrar is that it a program of widespread utility that is
also quite serviceable for managing compressed and encrypted e-mail
attachments (it is, for instance, a mainstay in using binary newsgroups).
I agree that programs targeted at a specific application (e.g., pgp plugin
for email) may be handier for that particular use, but that philosophy can
lead to an inconvenient number of tools, each a one-trick pony.

Winrar does compression as well as encryption (in fact, encryption is the
addon). The rar format has a number of fillips including SFX and optional
recovery protection (i.e., through adjustable redundancy), and (decidedly
weak) authentication. The ability to store, not just individual files, but
multiple files, or even entire directory trees, is very convenient. ...as
is the ability to break an archive into multiple files of specified size
(e.g., if sender or receiver email has, say, a 5-meg attachment limit per
message).

...snip...

Regards,
 
 
 

Simple encryption method for email attachment

Post by Dave Keay » Thu, 26 Jan 2006 12:18:09


Any comments on GPG with Enigmail? (The setup I have but haven't tested it
thoroughly-- yet.



--

Dave Keays
 
 
 

Simple encryption method for email attachment

Post by Borked Pse » Thu, 26 Jan 2006 14:31:10


Under Windows? There's some memory locking issues that weren't resolved
last I knew. A potential for swapping sensitive data out to disk. And the
Enigmail plugin isn't quite as functional as the PGP plugins generally
are. But for the average Joe it's completely sufficient.

I really like GnuGP, prefer it to PGP on all platforms in fact, but to
some extent it's still a bit of a geek tool. PGP is a little more
"refined" in the interface area, and probably a better choice for the
casual users. Probably because it actually does incorporate a GUI rather
than depend on third parties for the most part. That's got good points
and bad points, but the bottom line is the more you use PGP/GnuPG the
better off you are, so any bit of difficulty is a consideration. It's
better to use a slightly less preferable but totally sufficient tool than
it is to have the best tool in the world and not use it. ;)

Most of that's just opinion (except for the memory thing I suppose), so
take it for what it's worth.
 
 
 

Simple encryption method for email attachment

Post by Fred » Thu, 26 Jan 2006 16:20:44

Thanks, guys. How would I get winrar or pgp?




file
which
 
 
 

Simple encryption method for email attachment

Post by cyphe » Thu, 26 Jan 2006 22:36:36

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

"Fred" < XXXX@XXXXX.COM > wrote in



WinRAR:
www.rarlab.com
but it's not free.

Why not use 7zip?
www.7-zip.org

"7-Zip is free software distributed under the GNU LGPL"

"The main features of 7z format:

* Open architecture
* High compression ratio
* Strong AES-256 encryption
* Ability of using any compression, conversion or encryption
method
* Supporting files with sizes up to 16000000000 GB
* Unicode file names
* Solid compressing
* Archive headers compressing"

It's free, it has so good or sometimes even better
compression ratio than WinRAR, and uses AES 256:

"7-Zip also supports encryption with AES-256 algorithm. This
algorithm uses cipher key with length of 256 bits. To create
that key 7-Zip uses derivation function based on SHA-256 hash
algorithm. A key derivation function produces a derived key
from text password defined by user. For increasing the cost
of exhaustive search for passwords 7-Zip uses big number of
iterations to produce cipher key from text password."

If you want to use an archiver 7zip seems to be a better
choice for you.

You can buy PGP here:
http://www.yqcomputer.com/

Or download GnuPG for free from here:
http://www.yqcomputer.com/
GPG is a command-line tool, if you would rather use something
with GUI gpg4win is here:
http://www.yqcomputer.com/

My recommendation-7zip or gpg4win (GnuPG if you like to work
in command-line).

cypher

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQA/AwUBQ9d2XiPnLg7nPH4AEQKIDQCfdSD+TblBREkX4G7jKrEh1EZ3wE8An35B
8yKlf02t/vSR7runSjgUUXtZ
=fiG2
-----END PGP SIGNATURE-----
 
 
 

Simple encryption method for email attachment

Post by Bob Furta » Thu, 26 Jan 2006 23:56:31

WinZip is fairly popular, easily accessable and easy to use. Why not use
the encryption feature in it?

Bob
 
 
 

Simple encryption method for email attachment

Post by Fred » Sat, 28 Jan 2006 05:46:04

Thanks. Are any of these setup so that I can enter my own password which is
used for scrambling the bits and bites?
 
 
 

Simple encryption method for email attachment

Post by cyphe » Sat, 28 Jan 2006 09:06:21

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

"Fred" < XXXX@XXXXX.COM > wrote in



After installing 7zip right click on the file and choose
7zip/add to archive, in new window just enter password
(additionally selecting "encrypt file names" is a good
choice) , hit OK and that's all.

In GPG for encrypting (symmetric):

gpg -c -o encrypted_file file_for_encryption

GPG will ask you for a passphrase and create encrypted output
file named "encrypted_file" from "normal" (plaintext)
unencrypted file named "file_for_encryption".

For decryption type:

gpg -d -o decrypted_file encrypted_file

GPG will ask you for a passphrase and decrypt
"encrypted_file".

This is the easyiest way you can use GPG. It can much more
than that, e.g. you can create digitall signatures and
encrypt your messages using public key crypto. gpg4win
installs a graphical interface for GPG so you don't have to
type instructions.

Regards,
cypher

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQA/AwUBQ9ljmCPnLg7nPH4AEQKRsQCgwMrQE72R6MJJuFK86t+ma4V/QtwAnRz3
ynEzp9fpeYDPtWntxKKlqvls
=a2DB
-----END PGP SIGNATURE-----
 
 
 

Simple encryption method for email attachment

Post by cyphe » Sat, 28 Jan 2006 09:09:01

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

"Fred" < XXXX@XXXXX.COM > wrote in



After installing 7zip right click on the file and choose
7zip/add to archive, in new window just enter password
(additionally selecting "encrypt file names" is a good
choice) , hit OK and that's all.

In GPG for encrypting (symmetric):

gpg -c -o encrypted_file file_for_encryption

GPG will ask you for a passphrase and create encrypted output
file named "encrypted_file" from "normal" (plaintext)
unencrypted file named "file_for_encryption".

For decryption type:

gpg -d -o decrypted_file encrypted_file

GPG will ask you for a passphrase and decrypt
"encrypted_file".

This is the easyiest way you can use GPG. It can much more
than that, e.g. you can create digitall signatures and
encrypt your messages using public key crypto. gpg4win
installs a graphical interface for GPG so you don't have to
type instructions.

Regards,
cypher

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQA/AwUBQ9ljmCPnLg7nPH4AEQKRsQCgwMrQE72R6MJJuFK86t+ma4V/QtwAnRz3
ynEzp9fpeYDPtWntxKKlqvls
=a2DB
-----END PGP SIGNATURE-----