Yes, the data comes from an SSL session, and no data is in the URL. I'm not sure, I think a simple text field. Thank you for helping me assess the "big picture", I am just looking for a small answer in this case. I know about files and databases, for instance, and chose to ask about encrypted emails. I don't expect anyone to give hipaa advice on the mailing list! IANAL, neither are you?
OT: I heard on the radio, that Vermont is the last state where you can take the bar & then practice law without going to law school, the last place where they let you self-study, so to speak.... interesting. Ben On 11/29/06, Michael Miller <[EMAIL PROTECTED]> wrote:
Ben, Are you then SSL encrypting the users session while the type in the secrets? What type of text box or form is the user presented with? You can take the data spit it into a text file that is then encrypted with PGP/GPG or with SSL. I would go with SSL because public private key cypher works when you have two party's. You could also redirect the user too a secure site via SSL and then stick the data into a database table. I'm guessing this is going to be a user who is on the Internet and connects too your server via a public network? Or is the user on a LAN? You said HIPAA, is this environment held by the HIPAA standards? This does make a difference because of how HIPAA is written. Mike Miller On 11/29/06, Ben Barrett <[EMAIL PROTECTED]> wrote: > Secrets are to be moved from the webserver to one specified inbox, securely. > Small secrets, similar in length to a phone number. It could be hipaa > delivery > of client info or a financial transaction, for instance. > > Ben > > > > On 11/29/06, Michael Miller <[EMAIL PROTECTED]> wrote: > > > > What are you trying to do? I think you might get an answer if you > > explain what your tyring to do or list of requirements. > > > > Mike Miller > > > > On 11/28/06, larry price <[EMAIL PROTECTED] > wrote: > > > Does it absolutely have to be GPG or would any block cipher encoding > work? > > > > > > I've used openssl for encrypting database backup files and the same > > > technique could be applied here. > > > > > > for example: > > > > > > script_with_secret_output.sh | openssl aes-256-ecb -e -a -salt -pass > > > env:SALEPASS |mail -s`date +%Y%m%d; echo accountsummary` > > > [EMAIL PROTECTED] > > > > > > and then once it's at it's destination and you've stripped it out of > > > the mail body into a file with the subject as it's name: > > > > > > openssl aes-256-ecb -d -a -salt -pass pass:f00bar < > 20061128accountsummary |less > > > > > > to read it. > > > > > > That's a quick and dirty hack, if you were setting up something more > > > robust you would probably use your favorite scripting languages' > > > openssl binding to do pretty much the same thing and package it up > > > with a proper mime/type and make sure that the passphrase couldn't be > > > read anywhere but at the keyboard. > > > > > > (OR just scp whatever to it's destination) > > > On 11/28/06, Ben Barrett < [EMAIL PROTECTED]> wrote: > > > > Has anyone used > http://www.awtrey.com/software/gpgsend.php > > > > or found better or similar solutions? Rot-13 need not apply :) > > > > > > > > thanks, > > > > > > > > Ben > > > > > > > > > > > > _______________________________________________ > > > > EUGLUG mailing list > > > > [email protected] > > > > http://www.euglug.org/mailman/listinfo/euglug > > > > > > > > > > > > > > > _______________________________________________ > > > EUGLUG mailing list > > > [email protected] > > > http://www.euglug.org/mailman/listinfo/euglug > > > > > _______________________________________________ > > EUGLUG mailing list > > [email protected] > > http://www.euglug.org/mailman/listinfo/euglug > > > > > _______________________________________________ > EUGLUG mailing list > [email protected] > http://www.euglug.org/mailman/listinfo/euglug > > > _______________________________________________ EUGLUG mailing list [email protected] http://www.euglug.org/mailman/listinfo/euglug
_______________________________________________ EUGLUG mailing list [email protected] http://www.euglug.org/mailman/listinfo/euglug
