[AccessD] Digital signature / certificates

Charlotte Foust cfoust at infostatsystems.com
Tue Mar 18 10:09:23 CST 2003 

These I can read.  The ones that come through with a little blue
information icon are unopenable because it says "Your Digital ID name
cannot be found by the underlying security system."  I'm using Outlook
XP on WinXP.  All the latest patches.
 
Charlotte Foust

	-----Original Message-----
	From: John W. Colby [mailto:jcolby at colbyconsulting.com] 
	Sent: Monday, March 17, 2003 8:21 PM
	To: AccessD
	Subject: [AccessD] Digital signature / certificates
	
	

	Trying this again.  If anyone can read this, please at least one
such person respond.  If anyone can't read this...  uh... don't bother
responding.

	<grin> 

	Digital certificates are essentially a digital signature as well
as a public key / private key pair.  The digital signature tells the
person receiving a signed email that the email comes from you and hasn't
been altered.  The certificate that is contained in any signed message
also contains a public key belonging to the sender.  By opening the
email, right clicking the From line, and adding the person to your
contacts, the certificate from that person, including the public key, is
stored in the contact info.  Obvious this isn't going to work as
expected with the list since the message is retransmitted.  In fact I
have no idea what is going to happen in this case, we shall just have to
wait and see.

	That public key from the contact can then be used to encrypt
email and theoretically an attachment as well.  Since the public key is
stored in the contact record, it is used for the encryption, and the
message (and attachments) can only be decoded by the matching private
key.  I.e. automatic digital signature and easy to use (though not
automatic) encryption of messages.  Since your friend's certificate is
stored with his contact info on your computer, any email and attachments
sent to him can be encrypted using his public key.

	I say easy to use though not automatic encryption because in
order to encrypt a given message you have to go to the properties of
that message and select encryption.  There is however an option to
encrypt all messages.  I assume that if the contact selected as the
recipient has no certificate, no encryption takes place, so it appears
that maybe a totally automatic / always on encryption scheme can take
place with any contacts that you have received and stored a certificate
for.  However... I tested this... if you send an encrypted message to a
contact with a certificate in your contact book, and CC a contact
without a certificate, the message is encrypted.  You are warned that
the person without a certificate will not be able to see the message
(because it is encrypted) and that does indeed happen.

	Anyway, I have always wanted to have this capability.  I have
contacts with clients that should be kept confidential, for example
transferring BE databases that contain customer data to me for my work
at my home office etc.  The ability to encrypt these things is or should
be important.  I understand that there are now laws that state that if
you transmit people's SSNs across the internet you must take specific
precautions or you are breaking the law.  I haven't seen this law, but I
know that certain insurance companies I deal with are starting to get
touchy about sending data files to me with the SSNs in them.  Perhaps
this security will help in these situations.

	I thought you guys might be interested in what I have figured
out.  First of all there is a company that provides FREE personal email
certificates.  Most such companies charge a small fee for them.

	http://www.thawte.com/html/COMMUNITY/personal/index.html 

	In order to get this you have to fill out a form with your
address, phone and one personal ID number - SSN, Drivers License Number
or Passport Number.  Basically after following the process you are sent
an email to the email address you provide them that contains a "ping"
hotlink that you have to click on which then tells them you received the
email and you are then issued the certificate.

	Anyway, I just thought I'd let you know that free certs are
available, are reasonably easy to obtain, and reasonably easy to get
working.

	John W. Colby 
	Colby Consulting 
	www.ColbyConsulting.com 

	---------------------------------------------------- 
	Is email taking over your day?  Manage your time with eMailBoss.

	Try it free!  http://www.eMailBoss.com 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://databaseadvisors.com/pipermail/accessd/attachments/20030318/2dffb0e2/attachment-0001.html>

More information about the AccessD mailing list