mailing list archives
Re: Web based email signing and encryption
From: Rogan Dawes <discard () dawes za net>
Date: Thu, 20 May 2004 15:38:00 +0200
You might want to take a look at HushMail.com for some ideas, and to see
how they have implemented their system. They are using OpenPGP
compatible messages, though, not S/MIME.
To do this effectively, you would need to have a client side applet that
implements the S/MIME algorithms, and uploads the message in a format
that the web server can relay to the recipient, without breaking the
encryption and signatures.
I guess it is not really difficult to do, you just need to find
implementations of the S/MIME libraries that you can use. e.e.
BouncyCastle.org crypto provider.
It could be an interesting project to integrate this with something like
IMP/Horde, or one of the other webmail apps. Effectively, you would
have to convert plain text to an encrypted attachment prior to sending,
and reverse that on receipt.
As the HushMail.com site describes, the tricky thing is managing the
certificates. Hush manages them for you (but decrypts them locally),
maybe an S/Mime implementation would read them from the local filesystem.
Also, be aware that Hush has (applied for) a patent in this area.
sonali maniar wrote:
Most of the email signing and encryption products work on S/MIME based
clients like Outlook Express, Netscape Messenger etc. My company is having
a web based access of our corporate mailing system how can this be
Are there any products/tools/components available to enable web based e-mail
signing and encryption ie a mail composed a web browser can be sent
digitally signed and encrypted?Both the email contents and attachments need
to be signed and encrypted.
3rd Floor, Enterprise Centre
Off Nehru Road, Vile Parle East
Tel : +91-22-5677-2473
Mobile : +91-9820410775
Fax : +91-22-2617-7662
SafeScrypt - The Confidence To Do More!
*ALL* messages to discard () dawes za net will be dropped, and added
to my blacklist. Please respond to "lists AT dawes DOT za DOT net"