How can we encrypt a small database file for sending by em..

On 26 Nov, 14:16, ship <ship....DeleteThis@gmail.com> wrote:

> Anyone know how to encrypt data - e.g. when sending a personal data by
> email

There's only one credible way, the rest is almost certainly snake-
oil:

Use something built around the PGP standards.

GnuGPG is an open-source implementation of this.

There are assorted mailer plugins (inc. Outlook) that can use this
standard too.

Learn a little background around crypto before building a business
process. In particular, a little understanding of the benefits of
public key crypto (PKI) over symmetric crypto will go a long way.
Bruce Schneier is a good source to read here (interesting blog too)
and his "Secrets and Lies" is an easy read that's well worth it.
Otherwise read Ross Anderson's "Security Engineering" (all competent
coders in relevant fields need to read this). Schneier's other books a
bit heavyweight to be practical though.

In particular, realise how insecure a symmetric key cipher is for
something like storing CC details in a web server's database! (Does
the key that lets you store them also also an attacker to read them?)

You'll soon realise that encryption is the easy bit nowadays, it's key
management that's more tricky. A good read of the relevant PGP or GPG
docs will help. Ideally do physical key exchange (swap keys when you
shake hands), but the transitive "web of trust" model is a big help
too (I trust him, you trust me, you trust him a bit because I do in
turn).

An evening's reading should allow you to understand what's necessary,
to a higher level than the UK goverment's current practice.
 >> Stay informed about: How can we encrypt a small database file for sending by em.. 

"SpaceGirl" <nothespacegirlspam.TakeThisOut@subhuman.net> wrote in message
news:31189a96-3876-419a-80a3-d2dcdacc2da9@w34g2000hsg.googlegroups.com...
> On Nov 26, 2:16 pm, ship <ship....TakeThisOut@gmail.com> wrote:
>> Hi
>>
>> Anyone know how to encrypt data - e.g. when sending a personal data by
>> email
>>
>> e.g. Is there anything we can do... for free ?
>>
>> We currently use password protected WinZip file.
>
> Export it to CD and send it by TNT mail?

.... as practised by the UK Government
(http://news.bbc.co.uk/1/hi/uk_politics/7103566.stm)

Very apt SpaceGirl. (grin)

On a more practical note, there are plenty of free file encryption programs
on the net. I've not had cause to use any, so I can't recommend which are
good or bad. If you (the OP) are generating these files straight from your
web-app, then .Net provides components for encryption (which I have used) so
I *assume* that the likes of php or java would provide similar capabilities.

--
Brian Cryer
www.cryer.co.uk/brian
 >> Stay informed about: How can we encrypt a small database file for sending by em.. 

Andy Dingley wrote:

> There's only one credible way, the rest is almost certainly snake- oil:
> Use something built around the PGP standards.

S/MIME is also a reasonable option -- it's basically SSL over MIME (in
much the same way as HTTPS is HTTP over SSL). Though I'd personally choose
PGP over S/MIME every time, as S/MIME's top-down concept of trust, leads
to expensive encryption keys if you want to do things properly.

People may find this PHP library of interest:

http://tobyinkster.co.uk/blog/2007/08/19/trivial-encoder/

Despite the name, it allows some very strong encryption with PHP, however,
all the encryption is symmetric -- i.e. the same key is used for both
encryption and decryption.

--
Toby A Inkster BSc (Hons) ARCS
[Geek of HTML/SQL/Perl/PHP/Python/Apache/Linux]
[OS: Linux 2.6.17.14-mm-desktop-9mdvsmp, up 2 days, 2:42.]

It'll be in the Last Place You Look
http://tobyinkster.co.uk/blog/2007/11/21/no2id/
 >> Stay informed about: How can we encrypt a small database file for sending by em..