qhman said:
To do email encryption in Outlook 2003, do I have to purchase a digital cert
or is there a way to encrypt w/o a cert?
Thank you!
You can still get a free e-mail cert from Thawte (although Verisign
bought them). Go to
www.thawte.com and use the Products -> Free
Personal E-mail Certificates toolbar menu. These certificates are good
for 1 year. You'll need to get another one when your old one expires,
or just before it expires, and dole out its public key to each person
from whom you want to receive encrypted e-mails.
To send encrypted e-mails means you need the public key from the e-mail
cert of the recipient to whom you are sending your e-mail. You encrypt
using THEIR public key. Anyone receiving this encrypted e-mail won't be
able to decrypt it. Only the recipient whose public key you used from
their e-mail cert has the private key to do the decryption.
So sending encrypted e-mails is an invite process. Someone has to send
you a digitally signed e-mail. That means they put their public key
into the e-mail. You save that contact in your address book. When you
want to send them an encrypted e-mail, you use that stored contact so
you can use their public key to encrypt your message. Only that
recipient has the private key to do the decryption.
Likewise, if you want someone to send you an encrypted message, you will
need to first send them a digitally signed e-mail so they can store a
copy of your public key.
The e-mail certs you get from Thawte only show your e-mail address (so
someone getting your digitally signed e-mail only knows what is your
e-mail address registered for that certificate). You have to go through
their Web Of Trust (WOT) scheme to get more information added to your
certificate so others have more info in the cert to know exactly to whom
it belongs.
I haven't used Comodo's free e-mail cert program that Brian mentioned
via URL link. However, Comodo requires you to install an ActiveX
control in order to use their enlistment request process. Although
Comodo claims that it is a Microsoft AX control, its source comes from
https://secure.comodo.com/cab/xenroll.cab. That is a file at Comodo.
They are not directing you to a Microsoft download. Hmm, no thanks.
Comodo is very trustworthy but I'm not falling into any scheme that has
you install <somebrandname> AX control which doesn't come directly from
a <somebrandname> download link. The scheme at Thawte seems much more
streamlined and automatic. However, it does appear that Comodo lets you
specify more user details in their free e-mail cert than does Thawte
(without having to go through Thawte's WOT scheme). Yet, think about it
for a second: just how is Comodo going to verify your identity that you
claim for yourself (as your first and last names)? They can't so anyone
can put anything they want for the value of these fields. The only
field that Comodo will end up verifying is your e-mail address (because
that's where they send the confirmation e-mail so you must have access
to that e-mail account to get their e-mail; Thawte works the same way).
I probably wouldn't trust Comodo e-mail certs where the registrant for
that cert gets to pick whatever name they want identified with that cert
with absolutely no verification of that name to prove it belongs to the
person claiming that is there name. Thawte's WOT has you find a local
WOT registrar where you need to bring sufficient identity proof before
they will add your name (and more personal info if you go thorugh
subsequent WOT registrations to elevate your identity in your cert).
I'll stick with Thawte. Both Thawte and Comodo only prove your e-mail
address in their free e-mail certificate. Comodo's cert lets the user
specify their name added to the cert so that is susceptible to abuse.
Thawte requires you prove your identity to add more info to your cert.